A Tokio and OpenSSL based ACMEv2 client.
Features:
reqwest / TokiotracingThis example demonstrates how to provision a certificate for the domain
example.com using http-01 validation.
```rust use acme2::genrsaprivate_key; use acme2::AccountBuilder; use acme2::AuthorizationStatus; use acme2::ChallengeStatus; use acme2::DirectoryBuilder; use acme2::Error; use acme2::OrderBuilder; use acme2::OrderStatus; use acme2::CSR; use std::time::Duration;
const LETSENCRYPTURL: &'static str = "https://acme-v02.api.letsencrypt.org/directory";
async fn main() -> Result<(), Error> { // Create a new ACMEv2 directory for Let's Encrypt. let dir = DirectoryBuilder::new(LETSENCRYPTURL.to_string()) .build() .await?;
// Create an ACME account to use for the order. For production // purposes, you should keep the account (and private key), so // you can renew your certificate easily. let mut builder = AccountBuilder::new(dir.clone()); builder.contact(vec!["mailto:hello@lcas.dev".tostring()]); builder.termsofserviceagreed(true); let account = builder.build().await?;
// Create a new order for a specific domain name. let mut builder = OrderBuilder::new(account); builder.adddnsidentifier("example.com".to_string()); let order = builder.build().await?;
// Get the list of needed authorizations for this order. let authorizations = order.authorizations().await?; for auth in authorizations { // Get an http-01 challenge for this authorization (or panic // if it doesn't exist). let challenge = auth.get_challenge("http-01").unwrap();
// At this point in time, you must configure your webserver to serve
// a file at `https://example.com/.well-known/${challenge.token}`
// with the content of `challenge.key_authorization()??`.
// Start the validation of the challenge.
let challenge = challenge.validate().await?;
// Poll the challenge every 5 seconds until it is in either the
// `valid` or `invalid` state.
let challenge = challenge.wait_done(Duration::from_secs(5), 3).await?;
assert_eq!(challenge.status, ChallengeStatus::Valid);
// You can now remove the challenge file hosted on your webserver.
// Poll the authorization every 5 seconds until it is in either the
// `valid` or `invalid` state.
let authorization = auth.wait_done(Duration::from_secs(5), 3).await?;
assert_eq!(authorization.status, AuthorizationStatus::Valid)
}
// Poll the order every 5 seconds until it is in either the
// ready or invalid state. Ready means that it is now ready
// for finalization (certificate creation).
let order = order.waitready(Duration::fromsecs(5), 3).await?;
assert_eq!(order.status, OrderStatus::Ready);
// Generate an RSA private key for the certificate. let pkey = genrsaprivate_key(4096)?;
// Create a certificate signing request for the order, and request // the certificate. let order = order.finalize(CSR::Automatic(pkey)).await?;
// Poll the order every 5 seconds until it is in either the
// valid or invalid state. Valid means that the certificate
// has been provisioned, and is now ready for download.
let order = order.waitdone(Duration::fromsecs(5), 3).await?;
assert_eq!(order.status, OrderStatus::Valid);
// Download the certificate, and panic if it doesn't exist. let cert = order.certificate().await?.unwrap(); assert!(cert.len() > 1);
Ok(()) } ```
To run the tests, you will need to install pebble and pebble-challtestsrv.
Start these before running the tests with these commands (in seperate shells):
shell
pebble -config ./pebble-config.json -strict
shell
pebble-challtestsrv
To compile on Windows you will need OpenSSL. Here is an easy way to get it installed.
(example in Git Bash)
```bash git clone https://github.com/microsoft/vcpkg cd vcpkg ./bootstrap-vcpkg.sh ./vcpkg.exe install openssl ./vcpkg.exe install openssl:x64-windows-static
cargo build ```
This project is licenced under MIT. See LICENCE file for more.