Crate lers

lers

An async, user-friendly Let’s Encrypt/ACMEv2 library. Inspired by acme2, acme-micro, and lego.

Features:

• ACME v2 support (according to RFC 8555)
• Account creation, certificate issuance, certificate renewal, and certificate revocation
• Robust implementation of the HTTP-01, DNS-01, TLS-ALPN-01 challenges
• Custom challenge solvers via Solver
• External account bindings support

Example

How to obtain a certificate for example.com from Let’s Encrypt Staging using the solver::Http01Solver.

use lers::{solver::Http01Solver, Directory, LETS_ENCRYPT_STAGING_URL};

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // Create and start a new HTTP-01 solver.
    let address = "127.0.0.1:8080".parse()?;
    let solver = Http01Solver::new();
    let handle = solver.start(&address)?;

    // Create a new directory for Let's Encrypt Staging
    let directory = Directory::builder(LETS_ENCRYPT_STAGING_URL)
        .http01_solver(Box::new(solver))
        .build()
        .await?;

    // Create an ACME account to order your certificate. In production, you should store
    // the private key, so you can renew your certificate.
    let account = directory
        .account()
        .terms_of_service_agreed(true)
        .contacts(vec!["mailto:hello@example.com".into()])
        .create_if_not_exists()
        .await?;

    // Obtain your certificate
    let certificate = account
        .certificate()
        .add_domain("example.com")
        .obtain()
        .await?;

    // You now have your certificate to export to a webserver or store somewhere.
    assert!(certificate.x509_chain().len() > 1);

    // Stop the HTTP-01 solver since we've issued the certificate.
    handle.stop().await?;

    Ok(())
}

See the examples/ folder for more examples.

Re-exports

• pub use solver::Solver;

Modules

• responses
  ACMEv2 API requests and responses
• solver
  ACME challenge solvers

Structs

• Account
  An ACME account. This is used to identify a subscriber to an ACME server.
• AccountBuilder
  Used to configure a the creation/lookup of an account
• Certificate
  An issued certificate by the ACME server
• CertificateBuilder
  Used to configure the ordering of a certificate
• Directory
  Entry point for accessing an ACME API
• DirectoryBuilder
  A builder used to create a Directory

Enums

• Error
  Possible errors that could occur
• Format
  The possible formats a certificate/private key can be loaded from.

Constants

• LETS_ENCRYPT_PRODUCTION_URL
  The Let’s Encrypt production ACMEv2 API
• LETS_ENCRYPT_STAGING_URL
  The Let’s Encrypt staging ACMEv2 API