An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust

Overview

lers

Crates.io docs.rs

An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust.

The API and implementation were inspired by acme2, acme-micro, and lego.

Features

Missing features

  • Certificate bundling

Contributions are welcome for any of the above features.

Supported DNS-01 Providers

Currently, the following providers are supported:

Comments
  • fix(deps): update dependency acme to v2.5.0

    fix(deps): update dependency acme to v2.5.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | acme | 2.4.0 -> 2.5.0 | age | adoption | passing | confidence |


    Release Notes

    letsencrypt/letsencrypt

    v2.5.0: Certbot 2.5.0

    Compare Source

    Added
    • acme.messages.OrderResource now supports being round-tripped through JSON
    • acme.client.ClientV2 now provides separate begin_finalization and poll_finalization methods, in addition to the existing finalize_order method.
    Changed
    • --dns-route53-propagation-seconds is now deprecated. The Route53 plugin relies on the GetChange API to determine if a DNS update is complete. The flag has never had any effect and will be removed in a future version of Certbot.
    • Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module.
    Fixed
    • Fixed renew sometimes not preserving the key type of RSA certificates.
      • Users who upgraded from Certbot <v1.25.0 to Certbot >=v2.0.0 may have had their RSA certificates inadvertently changed to ECDSA certificates. If desired, the key type may be changed back to RSA. See the User Guide.
    • Deprecated flags were inadvertently not printing warnings since v1.16.0. This is now fixed.

    More details about these changes can be found on our GitHub repo.


    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 0
  • Configure Renovate

    Configure Renovate

    Mend Renovate

    Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

    🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.


    Detected Package Files

    • Cargo.toml (cargo)
    • docker-compose.yaml (docker-compose)
    • .github/workflows/lint.yml (github-actions)
    • .github/workflows/pr.yml (github-actions)
    • .github/workflows/release.yml (github-actions)
    • .github/workflows/test.yml (github-actions)
    • pyproject.toml (poetry)

    Configuration

    πŸ”‘ Renovate has detected a custom config for this PR. Feel free to ask for help if you have any doubts and would like it reviewed.

    Important: Now that this branch is edited, Renovate can't rebase it from the base branch any more. If you make changes to the base branch that could impact this onboarding PR, please merge them manually.

    What to Expect

    With your current configuration, Renovate will create 1 Pull Request:

    fix(deps): update dependency acme to v2.5.0
    • Schedule: ["at any time"]
    • Branch name: renovate/acme-2.x-lockfile
    • Merge into: main
    • Upgrade acme to 2.5.0

    ❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.


    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 0
  • fix(api): use correct name for tls-alpn-01 challenge

    fix(api): use correct name for tls-alpn-01 challenge

    This ensures the TlsAlpn01 challenge type is deserialized into the correct format. Previously, it would be attempted to deserialize as TlsAlpn01, whereas it should be deserialized as tls-alpn-01.

    opened by akrantz01 0
  • feat(solver): add tls-alpn-01 challenge solver

    feat(solver): add tls-alpn-01 challenge solver

    opened by akrantz01 0
  • ci(test): ensure examples build

    ci(test): ensure examples build

    Add building all the examples in CI by parsing Cargo.toml for their names and required features. We parse Cargo.toml to make it more flexible as new examples are added.

    opened by akrantz01 0
  • feat(certificate): add certificate renewal

    feat(certificate): add certificate renewal

    Allows renewing certificates with Account::renew_certificate.

    This also adds the ability to load certificates from PEM- and DER-encoded certificate chains and private keys with Certificate::from_chain_and_private_key. There is also a less checked version Certificate::from_raw_chain_and_private_key that can be used when the private key and certificate chain have already been parsed.

    opened by akrantz01 0
  • feat(certificate): add certificate revocation

    feat(certificate): add certificate revocation

    Adds certificate revocation from an Account and from an issued Certificate. Certificates can be revoked with or without a reason (assuming the CA allows it).

    opened by akrantz01 0
  • Dependency Dashboard

    Dependency Dashboard

    This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

    This repository currently has no open or pending branches.

    Detected dependencies

    cargo
    Cargo.toml
    • async-trait 0.1
    • base64 0.21
    • chrono 0.4
    • futures 0.3
    • hex 0.4.3
    • hyper 0.14
    • once_cell 1
    • openssl 0.10
    • parking_lot 0.12
    • rcgen 0.10
    • reqwest 0.11
    • serde 1
    • serde_json 1
    • tokio 1
    • tracing 0.1
    • trust-dns-resolver 0.22
    • uuid 1.3.0
    • anyhow 1
    • env_logger 0.10
    • native-tls 0.2
    • test-log 0.2
    • tokio 1
    • tokio-native-tls 0.3
    • tracing-subscriber 0.3
    • x509-parser 0.15
    docker-compose
    docker-compose.yaml
    github-actions
    .github/workflows/lint.yml
    • actions/checkout v3
    • actions/checkout v3
    .github/workflows/pr.yml
    • amannn/action-semantic-pull-request v5
    .github/workflows/release.yml
    • actions/checkout v3
    • softprops/action-gh-release v1
    .github/workflows/test.yml
    • actions/checkout v3
    • actions/setup-python v4
    • snok/install-poetry v1
    • actions/cache v3
    • actions/cache v3
    • actions/checkout v3
    poetry
    pyproject.toml
    • acme ^2.4.0
    • requests ^2.28.2
    • josepy ^1.13.0

    • [ ] Check this box to trigger a request for Renovate to run again on this repository
    opened by renovate[bot] 0
  • Fix flakey JWS signing implementation

    Fix flakey JWS signing implementation

    There's something weird going on with my implementation of the JWS signing. The majority of the time, everything works fine, but occasionally it will randomly fail with an unhelpful JWS verification error: square/go-jose: error in cryptographic primitive from Pebble.

    This is very likely an error on my part for not fully understanding how to use OpenSSL.

    bug help wanted 
    opened by akrantz01 0
Releases(v0.4.0)
  • v0.4.0(Apr 4, 2023)

    What's Changed

    • ci(test): ensure examples build by @akrantz01 in https://github.com/akrantz01/lers/pull/6
    • feat(solver): add tls-alpn-01 challenge solver by @akrantz01 in https://github.com/akrantz01/lers/pull/7
    • fix(api): use correct name for tls-alpn-01 challenge by @akrantz01 in https://github.com/akrantz01/lers/pull/8
    • feat: add tracing support by @akrantz01 in https://github.com/akrantz01/lers/pull/9
    • Configure Renovate by @renovate in https://github.com/akrantz01/lers/pull/10
    • fix(deps): update dependency acme to v2.5.0 by @renovate in https://github.com/akrantz01/lers/pull/12

    New Contributors

    • @renovate made their first contribution in https://github.com/akrantz01/lers/pull/10

    Full Changelog: https://github.com/akrantz01/lers/compare/v0.3.1...v0.4.0

    Source code(tar.gz)
    Source code(zip)
  • v0.3.1(Mar 31, 2023)

  • v0.3.0(Mar 31, 2023)

    What's Changed

    • feat(account): add support for external account bindings by @akrantz01 in https://github.com/akrantz01/lers/pull/4
    • feat(certificate): add certificate renewal by @akrantz01 in https://github.com/akrantz01/lers/pull/5
    • doc: add module-level documentation and http-01 example by @akrantz01 in https://github.com/akrantz01/lers/commit/980f131535dc7e39ef82b72e1614c1f9fbad8e8e
    • fix: require errors to be send, sync, and static by @akrantz01 in https://github.com/akrantz01/lers/commit/9ff8d9b6ce5ef0c0a1a99e146d61a7c7396fe0bb
    • doc(examples): add dns-01 solver example for cloudflare by @akrantz01 in https://github.com/akrantz01/lers/commit/3fbc935463e25c2ea85257ecf78ac2cd7d515729

    Full Changelog: https://github.com/akrantz01/lers/compare/v0.2.0...v0.3.0

    Source code(tar.gz)
    Source code(zip)
  • v0.2.0(Mar 30, 2023)

    What's Changed

    • chore: add issue templates by @akrantz01 in https://github.com/akrantz01/lers/pull/2
    • feat(certificate): add certificate revocation by @akrantz01 in https://github.com/akrantz01/lers/pull/3

    Full Changelog: https://github.com/akrantz01/lers/compare/v0.1.0...v0.2.0

    Source code(tar.gz)
    Source code(zip)
Owner
Alexander Krantz
UBC Electrical Engineering
Alexander Krantz
Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.

Agnos Presentation Agnos is a single-binary program allowing you to easily obtain certificates (including wildcards) from Let's Encrypt using DNS-01 c

Arthur Carcano 246 Dec 20, 2022
Automatic HTTPS certificates for trillium.rs, via Let's Encrypt and ACME tls-alpn-01 challenges

trillium-acme helps you serve HTTPS with Trillium using automatic certificates, via Let’s Encrypt and ACME tls-alpn-01 challenges. To use trillium-acm

Josh Triplett 12 Nov 6, 2023
Docker containers on a synthetic network. Run applications in a context that lets you manipulate their network conditions.

Synthetic Network Docker containers on a synthetic network. Run applications in a context that lets you manipulate their network conditions. Dependenc

Daily 58 Dec 15, 2022
πŸ“‘ Rust mDNS library designed with user interfaces in mind

?? Searchlight Searchlight is an mDNS server & client library designed to be simple, lightweight and easy to use, even if you just have basic knowledg

William 5 Jan 8, 2023
A minimalistic encryption protocol for rust async streams/packets, based on noise protocol and snow.

Snowstorm A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow. Quickstart Snowstorm allows you to se

Black Binary 19 Nov 22, 2022
A cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Aram Peres 629 Jan 4, 2023
Fast User-Space TCP/UDP Stack

Catnip Catnip is a TCP/IP stack that focuses on being an embeddable, low-latency solution for user-space networking. Building and Running 1. Clone Thi

Demikernel 79 Sep 9, 2022
User-space Wireguard gateway allowing sharing network connection from environment where usual routing rules are inaccessible.

wgslirpy A command line tool (and a Rust library) for accepting incoming connections within a Wireguard link and routing them to external network usin

Vitaly Shukela 4 Aug 21, 2023
A mini async telnet client.

mini-telnet A mini async telnet client.

kolapapa 15 May 5, 2022
Redis backed session store for async-session using fred.rs.

async-fred-session Redis backed session store for async-session using fred.rs. This work is mostly based on async-redis-session. use async_fred_sessio

void* 4 Feb 28, 2023
The gRPC library for Rust built on C Core library and futures

gRPC-rs gRPC-rs is a Rust wrapper of gRPC Core. gRPC is a high performance, open source universal RPC framework that puts mobile and HTTP/2 first. Sta

TiKV Project 1.6k Jan 7, 2023
A Β΅TP (Micro/uTorrent Transport Library) library implemented in Rust

rust-utp A Micro Transport Protocol library implemented in Rust. API documentation Overview The Micro Transport Protocol is a reliable transport proto

Ricardo Martins 134 Dec 11, 2022
DNS Server written in Rust for fun, see https://dev.to/xfbs/writing-a-dns-server-in-rust-1gpn

DNS Fun Ever wondered how you can write a DNS server in Rust? No? Well, too bad, I'm telling you anyways. But don't worry, this is going to be a fun o

Patrick Elsen 26 Jan 13, 2023
neqo β€” an Implementation of QUIC written in Rust

Neqo, an Implementation of QUIC written in Rust To run test HTTP/3 programs (neqo-client and neqo-server): cargo build ./target/debug/neqo-server [::]

Mozilla 1.6k Jan 7, 2023
A telnet chat server written in Rust, running on Lunatic.

Lunatic.chat A telnet chat server written in Rust, running on Lunatic. If you just would like to try it out, join the hosted version with: # US server

Lunatic 101 Jan 2, 2023
A prettier lightweight colored ping utility written in Rust

rustyping A prettier lightweight colored ping utility written in Rust. Installation There are three installation options: From the releases page From

K4YT3X 29 Dec 31, 2022
Hudsucker is a MITM HTTP/S proxy written in Rust.

hudsucker Hudsucker is a MITM HTTP/S proxy written in Rust. Features Modify HTTP/S requests Modify HTTP/S responses Modify websocket messages Usage Fo

null 86 Dec 25, 2022
A small holepunching implementation written in Rust (UDP)

rust-udp-holepunch A small holepunching implementation written in Rust (UDP) Prerequisites Your rendezvous server must lay in a network which doesn't

Amit Katz 8 Dec 26, 2022
Network Block Storage server, written in Rust. Supports pluggable and chainable underlying storage

nbd-rs Disclaimer DO NEVER USE THIS FOR PRODUCTION Do not use this for any data that you cannot afford to lose any moment. Expect data loss, corruptio

Rainlab Inc 10 Sep 30, 2022