Skip to content

djc/instant-acme

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

instant-acme: async, pure-Rust ACME client

Documentation Crates.io Build status License: Apache 2.0

instant-acme is an async, pure-Rust ACME (RFC 8555) client.

instant-acme is used in production at Instant Domain Search to help us provision TLS certificates within seconds for our customers. instant-acme relies on Tokio and rustls to implement the RFC 8555 specification.

Features

  • Store/recover your account credentials by serializing/deserializing
  • Fully async implementation with tracing support
  • Support for processing multiple orders concurrently
  • Support for external account binding
  • Support for certificate revocation
  • Uses hyper with rustls and Tokio for HTTP requests
  • Uses ring or aws-lc-rs for ECDSA signing
  • Minimum supported Rust version: 1.63

Cargo features

  • hyper-rustls (default): use a hyper client with rustls
  • ring (default): use the ring crate as the crypto backend
  • aws-lc-rs: use the aws-lc-rs crate as the crypto backend
  • fips: enable the aws-lc-rs crate's FIPS-compliant mode

If both ring and aws-lc-rs are enabled, which backend is used depends on the fips feature. If fips is enabled, aws-lc-rs is used; otherwise, ring is used.

Limitations

  • Only tested with DNS challenges against Let's Encrypt (staging and production) and ZeroSSL (production) so far
  • Only supports ECDSA keys for now

Getting started

See the examples directory for an example of how to use instant-acme.