Skip to main content

AcmeProvider

scp_node::tls

Struct AcmeProvider 

Source 
pub struct AcmeProvider<S: Storage> { /* private fields */ }
Expand description

ACME certificate provider for automatic TLS provisioning.

Manages the full ACME lifecycle: account creation, order placement, HTTP-01 challenge fulfillment, certificate download, and storage.

§Type Parameter

  • S: The platform storage backend (e.g., InMemoryStorage, SqliteStorage).

§DNS-01 Alternative

For environments where port 80 is unavailable (NAT, shared hosting), DNS-01 challenges can be used instead. The operator configures DNS TXT records manually or via DNS API. This is not implemented in this module but is documented here per spec section 18.6.3.

Implementations§

Source§

impl<S: Storage + 'static> AcmeProvider<S>

Source

pub fn new(domain: &str, storage: Arc<ProtocolStore<S>>) -> Self

Create a new ACME provider for the given domain.

Uses the Let’s Encrypt production directory by default. Call with_directory_url to change.

Source

pub fn with_email(self, email: &str) -> Self

Set the contact email for the ACME account.

Source

pub fn with_directory_url(self, url: &str) -> Self

Set a custom ACME directory URL (e.g., staging environment).

Source

pub fn with_cert_resolver(self, resolver: Arc<CertResolver>) -> Self

Set a cert resolver for hot-reloading on renewal.

Source

pub fn challenges(&self) -> Arc<RwLock<HashMap<String, String>>>

Returns a handle to the shared ACME challenge map.

Pass this to acme_challenge_router so the HTTP server can serve GET /.well-known/acme-challenge/{token} responses during ACME provisioning.

Source

pub async fn provision(&self) -> Result<CertificateData, TlsError>

Provision a new certificate via ACME HTTP-01.

This performs the full ACME flow:

  1. Create an ACME account.
  2. Place a new order for the domain.
  3. Retrieve the HTTP-01 challenge.
  4. Respond to the challenge (caller must serve the challenge token).
  5. Wait for the order to become ready.
  6. Finalize the order with a CSR.
  7. Download the certificate.
  8. Store in platform storage.
§Errors

Returns TlsError::Acme if any ACME protocol step fails. Returns TlsError::Storage if certificate storage fails.

Source

pub async fn load_or_provision(&self) -> Result<CertificateData, TlsError>

Load a certificate from storage, or provision a new one if none exists or the existing one needs renewal.

§Errors

Returns TlsError if loading, provisioning, or storage fails.

Source

pub fn start_renewal_loop(self: Arc<Self>) -> JoinHandle<()>
where S: Send + Sync + 'static,

Start a background renewal loop that checks certificate expiry every 12 hours and renews when within 30 days of expiry.

The task runs until the returned tokio::task::JoinHandle is aborted or the process exits.

Trait Implementations§

Source§

impl<S: Storage> Debug for AcmeProvider<S>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<S: Storage + 'static> TlsProvider for AcmeProvider<S>

Blanket TlsProvider for AcmeProvider.

Source§

fn provision( &self, ) -> Pin<Box<dyn Future<Output = Result<CertificateData, TlsError>> + Send + '_>>

Attempt to provision or load a TLS certificate for the domain. Read more
Source§

fn challenges(&self) -> Arc<RwLock<HashMap<String, String>>>

Returns the shared ACME challenge map (token → key authorization). Read more
Source§

fn needs_challenge_listener(&self) -> bool

Whether this provider requires an HTTP-01 challenge listener. Read more

Auto Trait Implementations§

§

impl<S> Freeze for AcmeProvider<S>

§

impl<S> !RefUnwindSafe for AcmeProvider<S>

§

impl<S> Send for AcmeProvider<S>

§

impl<S> Sync for AcmeProvider<S>

§

impl<S> Unpin for AcmeProvider<S>

§

impl<S> UnsafeUnpin for AcmeProvider<S>

§

impl<S> !UnwindSafe for AcmeProvider<S>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> Classify for T

Source§

type Classified = T

Source§

fn classify(self) -> T

Source§

impl<T> Declassify for T

Source§

type Declassified = T

Source§

fn declassify(self) -> T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

Source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more