Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time


Let's Encrypt client and ACME library written in Go.

GoDoc Build Status Docker Pulls


  • ACME v2 RFC 8555
  • Register with CA
  • Obtain certificates, both from scratch or with an existing CSR
  • Renew certificates
  • Revoke certificates
  • Robust implementation of all ACME challenges
    • HTTP (http-01)
    • DNS (dns-01)
    • TLS (tls-alpn-01)
  • SAN certificate support
  • Comes with multiple optional DNS providers
  • Custom challenge solvers
  • Certificate bundling
  • OCSP helper function

lego introduced support for ACME v2 in v1.0.0. If you still need to utilize ACME v1, you can do so by using the v0.5.0 version.


How to install.



Documentation is hosted live at

DNS providers

Detailed documentation is available here.

Akamai EdgeDNS Alibaba Cloud DNS all-inkl Amazon Lightsail
Amazon Route 53 ArvanCloud Aurora DNS Autodns
Azure Bindman Bluecat Checkdomain
CloudDNS Cloudflare ClouDNS CloudXNS
ConoHa Constellix Designate DNSaaS for Openstack
Digital Ocean DNS Made Easy DNSimple DNSPod
Domain Offensive ( Domeneshop DreamHost Duck DNS
Dyn Dynu EasyDNS Exoscale
External program G-Core Labs Gandi Live DNS (v5)
Gandi Glesys Go Daddy Google Cloud
Hetzner Hosttech HTTP request
Hurricane Electric DNS HyperOne IBM Cloud (SoftLayer) Infoblox
Infomaniak Internet Initiative Japan INWX
Ionos Joker Joohoi's ACME-DNS Linode (v4)
Liquid Web Loopia LuaDNS Manual MythicBeasts Namecheap
Namesilo Netcup Netlify Nicmanager
NIFCloud Njalla NS1 Open Telekom Cloud
Oracle Cloud OVH Porkbun PowerDNS
Rackspace RFC2136 RimuHosting
Sakura Cloud Scaleway Selectel Servercow Sonic Stackpath TransIP
VegaDNS Versio.[nl/eu/uk] VinylDNS Vscale
Vultr WEDOS Yandex

If your DNS provider is not supported, please open an issue.