Module acme 

Automatic TLS certificates via ACME (RFC 8555) — Let’s Encrypt and any compatible CA.

The pieces: jose (JWS/JWK signing), json (a small JSON reader for ACME responses), and — added incrementally — the on-disk store, the protocol client over rsurl, the challenge solvers, and the issuance manager.

Re-exports

pub use manager::AcmeConfig;

pub use manager::AcmeManager;

pub use manager::CertChoice;

Modules

client

A minimal ACME (RFC 8555) client over the rsurl HTTPS client.

jose

The JOSE bits ACME needs: base64url, the account JWK + its thumbprint, and ES256 (ECDSA P-256 / SHA-256) JWS signing (RFC 7515/7518/7638, RFC 8555 §6.2).

json

A small JSON reader/writer scoped to ACME’s needs (RFC 8259).

manager

AcmeManager ties the store, the protocol client, and the challenge solvers together: it answers “what certificate do I serve for this SNI?”, issuing (and renewing) on demand with per-host single-flight, and exposes the challenge state the TLS router and HTTP listener read.

store

On-disk persistence for the ACME account key and issued certificates.