instant-acme is an async, pure-Rust ACME (RFC 8555) client.
instant-acme is used in production at Instant Domain Search to help us provision TLS certificates within seconds for our customers. instant-acme relies on Tokio and rustls to implement the RFC 8555 specification.
- Store/recover your account credentials by serializing/deserializing
- Fully async implementation with tracing support
- Support for processing multiple orders concurrently
- Support for external account binding
- Support for certificate revocation
- Uses hyper with rustls and Tokio for HTTP requests
- Uses ring or aws-lc-rs for ECDSA signing
- Minimum supported Rust version: 1.63
hyper-rustls
(default): use a hyper client with rustlsring
(default): use the ring crate as the crypto backendaws-lc-rs
: use the aws-lc-rs crate as the crypto backendfips
: enable the aws-lc-rs crate's FIPS-compliant mode
If both ring
and aws-lc-rs
are enabled, which backend is used depends on the fips
feature.
If fips
is enabled, aws-lc-rs
is used; otherwise, ring
is used.
- Only tested with DNS challenges against Let's Encrypt (staging and production) and ZeroSSL (production) so far
- Only supports ECDSA keys for now
See the examples directory for an example of how to use instant-acme.