Trait TlsProvider 

pub trait TlsProvider: Send + Sync {
    // Required method
    fn provision(
        &self,
    ) -> Pin<Box<dyn Future<Output = Result<CertificateData, TlsError>> + Send + '_>>;

    // Provided methods
    fn challenges(&self) -> Arc<RwLock<HashMap<String, String>>> { ... }
    fn needs_challenge_listener(&self) -> bool { ... }
}

Strategy for TLS certificate provisioning (spec section 18.6.3).

Abstracted as a trait to enable mock implementations in tests. Production code uses AcmeProvider; tests can inject providers that succeed or fail deterministically.

Required Methods

fn provision( &self, ) -> Pin<Box<dyn Future<Output = Result<CertificateData, TlsError>> + Send + '_>>

Attempt to provision or load a TLS certificate for the domain.

On success, returns CertificateData for configuring the TLS acceptor.

Provided Methods

fn challenges(&self) -> Arc<RwLock<HashMap<String, String>>>

Returns the shared ACME challenge map (token → key authorization).

The default implementation returns a new empty map on every call, which is correct for mock providers and SelfSignedTlsProvider that never serve HTTP-01 challenges.

Important

Implementors that override needs_challenge_listener() to return true MUST also override this method to return a persistent, shared map. Failing to do so means the challenge listener and the provisioning flow will operate on different maps, and ACME validation will never succeed.

fn needs_challenge_listener(&self) -> bool

Whether this provider requires an HTTP-01 challenge listener.

Returns true for real ACME providers that need the CA to probe GET /.well-known/acme-challenge/{token} on port 80 during provisioning. Returns false for mock providers and self-signed certificate generators. Default: false.

Implementors

impl<S: Storage + 'static> TlsProvider for AcmeProvider<S>

Blanket TlsProvider for AcmeProvider.