acme

package

v0.0.0-...-88f9a22 Latest Latest Go to latest Published: Mar 1, 2026 License: Apache-2.0 Imports: 12 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cloudengio/go.webapp

Links

Open Source Insights

README ¶

Package cloudeng.io/webapp/webauth/acme

import cloudeng.io/webapp/webauth/acme

Package acme provides support for working with ACNE service providers such as letsencrypt.org.

Constants

LetsEncryptStaging, LetsEncryptProduction

// LetsEncryptStaging is the URL for the letsencrypt.org staging service
// and is used as the default by this package.
LetsEncryptStaging = "https://acme-staging-v02.api.letsencrypt.org/directory"
// LetsEncryptProduction is the URL for the letsencrypt.org production service.
LetsEncryptProduction = acme.LetsEncryptURL

Functions

Func NewAutocertManager

func NewAutocertManager(cache autocert.Cache, cl AutocertConfig, allowedHosts ...string) (*autocert.Manager, error)

NewAutocertManager creates a new autocert.Manager from the supplied config. Any supplied hosts specify the allowed hosts for the manager, ie. those for which it will obtain/renew certificates.

Types

Type AutocertConfig

type AutocertConfig struct {
	// Contact email for the ACME account, note, changing this may create
	// a new account with the ACME provider. The key associated with an account
	// is required for revoking certificates issued using that account.
	Email       string        `yaml:"email"`
	UserAgent   string        `yaml:"user_agent"`    // User agent to use when connecting to the ACME service.
	Provider    string        `yaml:"acme_provider"` // ACME service provider URL or 'letsencrypt' or 'letsencrypt-staging'.
	RenewBefore time.Duration `yaml:"renew_before"`  // How early certificates should be renewed before they expire.
}

AutocertConfig represents the configuration required to create an autocert.Manager.

Methods

func (ac AutocertConfig) DirectoryURL() string

Type Client

type Client struct {
	// contains filtered or unexported fields
}

Client implements an ACME client that periodically refreshes certificates for a set of hosts using the provided autocert.Manager.

Functions

func NewClient(mgr *autocert.Manager, opts ...ClientOption) *Client

NewClient creates a new client that refreshes certificates for the provided hosts using the autocert.Manager.

Methods

func (s *Client) Start(ctx context.Context, hosts ...string) (func() error, error)

Start starts the client, refreshing certificates for the provided hosts. It returns a function that can be called to stop the client.

Type ClientOption

type ClientOption func(o *clientOptions)

Functions

func WithRefreshInterval(interval time.Duration) ClientOption

WithRefreshInterval configures the client to refresh certificates at the provided interval. The default is 1 hour.

func WithRefreshMetric(refresh webapp.CounterVecInc) ClientOption

WithRefreshMetric configures the client to increment the provided metric with the outcome of each refresh operation. The metric will be incremented with the labels: host, status.

func WithRefreshOnFailure(interval time.Duration) ClientOption

WithRefreshOnFailure configures the client to refresh certificates at the provided interval when a refresh fails. If not set, the default is 1 minute.

Type ServiceFlags

type ServiceFlags struct {
	Provider    string        `subcmd:"acme-service,letsencrypt-staging,'the acme service to use, specify letsencrypt or letsencrypt-staging or a url'"`
	RenewBefore time.Duration `subcmd:"acme-renew-before,720h,how early certificates should be renewed before they expire."`
	Email       string        `subcmd:"acme-email,,email to contact for information on the domain"`
	UserAgent   string        `subcmd:"acme-user-agent,cloudeng.io/webapp/webauth/acme,'user agent to use when connecting to the acme service'"`
}

ServiceFlags represents the flags required to configure an ACME client instance for managing TLS certificates for hosts/domains using the acme http-01 challenge. Note that wildcard domains are not supported by this challenge. The currently supported/tested acme service providers are letsencrypt staging and production via the values 'letsencrypt-staging' and 'letsencrypt' for the --acme-service flag; however any URL can be specified via this flag, in particular to use pebble for testing set this to the URL of the local pebble instance and also set the --acme-testing-ca flag to point to the pebble CA certificate pem file.

Methods

func (f ServiceFlags) AutocertConfig() AutocertConfig

AutocertConfig converts the flag values to a AutocertConfig instance.

Documentation ¶

Overview ¶

Package acme provides support for working with ACNE service providers such as letsencrypt.org.

Index ¶

Constants
func NewAutocertManager(cache autocert.Cache, cl AutocertConfig, allowedHosts ...string) (*autocert.Manager, error)
type AutocertConfig
- func (ac AutocertConfig) DirectoryURL() string
type Client
- func NewClient(mgr *autocert.Manager, opts ...ClientOption) *Client
- func (s *Client) Start(ctx context.Context, hosts ...string) (func() error, error)
type ClientOption
type ServiceFlags
- func (f ServiceFlags) AutocertConfig() AutocertConfig

Constants ¶

View Source

const (
	// LetsEncryptStaging is the URL for the letsencrypt.org staging service
	// and is used as the default by this package.
	LetsEncryptStaging = "https://acme-staging-v02.api.letsencrypt.org/directory"
	// LetsEncryptProduction is the URL for the letsencrypt.org production service.
	LetsEncryptProduction = acme.LetsEncryptURL
)

Variables ¶

This section is empty.

Functions ¶

func NewAutocertManager ¶

func NewAutocertManager(cache autocert.Cache, cl AutocertConfig, allowedHosts ...string) (*autocert.Manager, error)

NewAutocertManager creates a new autocert.Manager from the supplied config. Any supplied hosts specify the allowed hosts for the manager, ie. those for which it will obtain/renew certificates.

Types ¶

type AutocertConfig ¶

type AutocertConfig struct {
	// Contact email for the ACME account, note, changing this may create
	// a new account with the ACME provider. The key associated with an account
	// is required for revoking certificates issued using that account.
	Email       string        `yaml:"email"`
	UserAgent   string        `yaml:"user_agent"`    // User agent to use when connecting to the ACME service.
	Provider    string        `yaml:"acme_provider"` // ACME service provider URL or 'letsencrypt' or 'letsencrypt-staging'.
	RenewBefore time.Duration `yaml:"renew_before"`  // How early certificates should be renewed before they expire.
}

AutocertConfig represents the configuration required to create an autocert.Manager.

func (AutocertConfig) DirectoryURL ¶

func (ac AutocertConfig) DirectoryURL() string

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client implements an ACME client that periodically refreshes certificates for a set of hosts using the provided autocert.Manager.

func NewClient ¶

func NewClient(mgr *autocert.Manager, opts ...ClientOption) *Client

NewClient creates a new client that refreshes certificates for the provided hosts using the autocert.Manager.

func (*Client) Start ¶

func (s *Client) Start(ctx context.Context, hosts ...string) (func() error, error)

Start starts the client, refreshing certificates for the provided hosts. It returns a function that can be called to stop the client.

type ClientOption ¶

type ClientOption func(o *clientOptions)

func WithRefreshInterval ¶

func WithRefreshInterval(interval time.Duration) ClientOption

WithRefreshInterval configures the client to refresh certificates at the provided interval. The default is 1 hour.

func WithRefreshMetric ¶

func WithRefreshMetric(refresh webapp.CounterVecInc) ClientOption

WithRefreshMetric configures the client to increment the provided metric with the outcome of each refresh operation. The metric will be incremented with the labels: host, status.

func WithRefreshOnFailure ¶

func WithRefreshOnFailure(interval time.Duration) ClientOption

WithRefreshOnFailure configures the client to refresh certificates at the provided interval when a refresh fails. If not set, the default is 1 minute.

type ServiceFlags ¶

type ServiceFlags struct {
	Provider    string        `subcmd:"acme-service,letsencrypt-staging,'the acme service to use, specify letsencrypt or letsencrypt-staging or a url'"`
	RenewBefore time.Duration `subcmd:"acme-renew-before,720h,how early certificates should be renewed before they expire."`
	Email       string        `subcmd:"acme-email,,email to contact for information on the domain"`
	UserAgent   string        `subcmd:"acme-user-agent,cloudeng.io/webapp/webauth/acme,'user agent to use when connecting to the acme service'"`
}

ServiceFlags represents the flags required to configure an ACME client instance for managing TLS certificates for hosts/domains using the acme http-01 challenge. Note that wildcard domains are not supported by this challenge. The currently supported/tested acme service providers are letsencrypt staging and production via the values 'letsencrypt-staging' and 'letsencrypt' for the --acme-service flag; however any URL can be specified via this flag, in particular to use pebble for testing set this to the URL of the local pebble instance and also set the --acme-testing-ca flag to point to the pebble CA certificate pem file.

func (ServiceFlags) AutocertConfig ¶

func (f ServiceFlags) AutocertConfig() AutocertConfig

AutocertConfig converts the flag values to a AutocertConfig instance.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
certcache Package certcache provides support for working with autocert caches with persistent backing stores for storing and distributing certificates.	Package certcache provides support for working with autocert caches with persistent backing stores for storing and distributing certificates.
pebble
pebbletest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL