go-simpleacme

The golang.org/x/crypto/acme package enables Go applications to obtain TLS certificates. However, the package is quite complex and using it in an application requires lots of boilerplate code. This package provides a much simpler interface, while still utilizing golang.org/x/crypto/acme behind the scenes.

Basic Usage

The following example demonstrates basic usage of go-simpleacme:

import (
    "context"

    "github.com/nathan-osman/go-simpleacme"
)

ctx := context.TODO()

// Create the client - the key will be generated if it does not exist
c, err := simpleacme.New(ctx, "account.key")
if err != nil {
    // handle error
}

// Obtain a certificate for the list of domain names - the
// address is used for responding to challenges
domains := []string{"example.com", "example.org"}
if err := c.Create(ctx, "test.key", "test.crt", ":http", domains...); err != nil {
    // handle error
}

That's it! If everything went well, you will now have three new files in the current directory:

• account.key the account key, which can be reused
• test.key the private key for the certificate
• test.crt the certificate bundle for the domain names

Advanced Usage

go-simpleacme also provides a certificate manager:

import (
    "context"

    "github.com/nathan-osman/go-simpleacme/manager"
)

ctx := context.TODO()

// Create a certificate manager that will store all keys
// and certificates in /etc/certs
m, err := simpleacme.New(ctx, ":http", "/etc/certs", nil)
if err != nil {
    // handle error
}
defer m.Close()

// Add a couple of domain names to the manager
m.Add(ctx, "example.com", "example.org")

The manager will automatically obtain TLS certificates for the two domain names (combining them into a single certificate to reduce ACME requests). When the certificates are about to expire, they will be automatically renewed.