Automatic HTTPS certificates for Tide, via Let's Encrypt and ACME tls-alpn-01 challenges

Related tags

Template engine tide-acme
Overview

tide-acme helps you serve HTTPS with Rust and Tide using automatic certificates, via Let's Encrypt and ACME tls-alpn-01 challenges.

Documentation

To use tide-acme, set up HTTPS with Tide normally using tide_rustls, but instead of specifying a certificate and key, call the acme method to configure automatic certificates in the TLS listener:

use tide_acme::{AcmeConfig, TideRustlsExt};

let mut app = tide::new();
app.at("/").get(|_| async { Ok("Hello TLS") });
app.listen(
    tide_rustls::TlsListener::build().addrs("0.0.0.0:443").acme(
        AcmeConfig::new()
            .domains(vec!["domain.example".to_string()])
            .cache_dir("/srv/example/tide-acme-cache-dir"),
    ),
)
.await?;

This will configure the TLS stack to obtain a certificate for the domain domain.example, which must be a domain for which your Tide server handles HTTPS traffic.

On initial startup, your server will register a certificate via Let's Encrypt. Let's Encrypt will verify your server's control of the domain via an ACME tls-alpn-01 challenge, which the TLS listener configured by tide-acme will respond to.

You must supply a persistent cache directory via [AcmeConfig::cache_dir]. This cache directory will keep the ACME account key and registered certificates between runs, needed to avoid hitting rate limits.

By default, tide-acme will use the Let's Encrypt staging environment, which is suitable for testing purposes; it produces certificates signed by a staging root so that you can verify your stack is working, but those certificates will not be trusted in browsers or other HTTPS clients. The staging environment has more generous rate limits for use while testing.

When you're ready to deploy to production, you can call the [AcmeConfig::production] method to switch to the production Let's Encrypt environment, which produces certificates trusted in browsers and other HTTPS clients. The production environment has stricter rate limits.

tide-acme builds upon tide-rustls and rustls-acme.

You might also like...
Automatic wallpaper downloader of posters of your favorite movies and TV shows via TMDb.

Wallpaperflix Automatic wallpaper downloader of posters of your favorite movies and TV shows via TMDb. Prerequisities https://tauri.app/v1/guides/gett

İsmail Karslı 2 Sep 8, 2022
A tool to identify related SSL keys, CSRs, and certificates.

⛓ sslchains A tool to identify related SSL keys, CSRs, and certificates. Usage Default Display Mode Run with any number of path arguments to define th

Gary Locke 1 Apr 2, 2022
Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes.

Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and a

Scott Lamb 3 Jun 10, 2022
Contains challenges, write-ups, and deployment configurations from b01lersCTF 2023.

CTF Name A template repository for a CTF competition. This is a description of the CTF event. CTFTime Link Structure Challenges are organized by categ

null 7 Mar 29, 2023
Rust-advent - Learning Rust by solving advent of code challenges (Streaming live on Twitch every Monday)
Rust-advent - Learning Rust by solving advent of code challenges (Streaming live on Twitch every Monday)

Rust advent 🦀 🐚 Learning Rust by implementing solutions for Advent of Code problems. 🎥 HEY, we are live-streaming our attempts to solve the exercis

Luciano Mammino 20 Nov 11, 2022
Fastest solutions for various Rust algorithms from challenges

Algs These are the results of going through various challenges and solutions to find the fastest and most concise algorithms. It is structured by data

Jack Clayton 1 Jan 20, 2022
The fly.io distributed systems challenges solved in Rust

The fly.io distributed systems challenges solved in Rust. Live-streamed in https://youtu.be/gboGyccRVXI License Licensed under either of Apache Licens

Jon Gjengset 162 Apr 19, 2023
Extract data from helium-programs via Solana RPC and serves it via HTTP

hnt-explorer This application extracts data from helium-programs via Solana RPC and serves it via HTTP. There are CLI commands meant to run and test t

Louis Thiery 3 May 4, 2023
Rust Attribute-Based Encryption library rabe's C FFI binding , support CP-ABE and KP-ABE encrypt and decrypt, submodule of Rabe.Core c# library.

Rabe-ffi Rust Attribute-Based Encryption library rabe's C FFI binding , support CP-ABE and KP-ABE encrypt and decrypt, submodule of Rabe.Core c# libra

Aya0wind 2 Oct 10, 2022
Tools to encrypt/decrypt and pack/unpack RouterOS v6.13+ backup files

RouterOS-Backup-Tools Tools to encrypt/decrypt and pack/unpack RouterOS v6.13+ backup files Usage examples Info cargo run -- info -i MikroTik.backup D

Marco Grassi 24 Dec 5, 2022
Rust command-line tool to encrypt and decrypt files or directories with age

Bottle A Rust command-line tool that can compress and encrypt (and decrypt and extract) files or directories using age, gzip, and tar. Bottle has no c

Sam Schlinkert 1 Aug 1, 2022
Encrypt and decrypt files by playing melodies on your MIDI keyboard.

midicrypt Encrypt and decrypt files by playing melodies on your MIDI keyboard. Written in Rust. ❯ ./midicrypt -h midicrypt 0.1.0 NINNiT Encrypts and D

null 2 Jun 24, 2022
Provision your authorized_keys via HTTPS/GitHub/GitLab

Keyps Key Provisioning Service Provision authorized_keys from HTTPS/GitHub/GitLab and automatically keep them up to date. Motivation Problem Provision

Samuel Rounce 6 Apr 27, 2023
Fusion is a cross-platform App Dev ToolKit build on Rust . Fusion lets you create Beautiful and Fast apps for mobile and desktop platform.
Fusion is a cross-platform App Dev ToolKit build on Rust . Fusion lets you create Beautiful and Fast apps for mobile and desktop platform.

Fusion is a cross-platform App Dev ToolKit build on Rust . Fusion lets you create Beautiful and Fast apps for mobile and desktop platform.

Fusion 1 Oct 19, 2021
ssh-box: use ssh keys to encrypt files

ssh-box: use ssh keys to encrypt files work in progress ssh-box file format A file encrypted by ssh-box is an ASCII-armored binary file. The binary co

Tony Finch 3 Jun 27, 2022
Encrypt your files in cow language 🐄
Encrypt your files in cow language 🐄

Cow-encryptor Encrypt your files in cow language 🐮 Installation 📦 Arch Linux 🐧 cow-encryptor is in the AUR yay -S cow-encryptor Other 🪟 🐧 With ma

Skwal 2 Sep 19, 2022
An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust

lers An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust. The API and implementation were inspired by acme2, acme-micro, and lego. Fe

Alexander Krantz 20 Apr 3, 2023
A simple self-contained CLI tool that makes it easy to efficiently encrypt/decrypt your files.

cryptic A simple self-contained CLI tool that makes it easy to efficiently encrypt/decrypt your files. Contents Features Building Usage License Featur

Arthur Ivanets 5 May 2, 2023
Encrypt any C# binary or bin file

RC4_Encryptor A quick-build Encryptor for C# binaries and raw shellcode using RC4 encryption, combined with a "Loader" for enhanced obfuscation. By de

C2Pain 4 Sep 9, 2024
Comments
  • Provide email address in example code

    Provide email address in example code

    Hi! Let's Encrypt engineer here. Could I ask you to make the example code in the README provide an email address, like [email protected]? Our experience with ACME clients has been that people don't go out of their way to configure an email address if it's not in the default, but if it is in the default, they're usually happy to provide it.

    Providing the email address has a lot of advantages. The main one is that the user can get expiration emails, but also when clients are buggy and spam the service, we really make an effort to connect the user with the client developer so the bugs can be fixed. That starts with an email to the user. Also, we occasionally make breaking changes to our API and need to email our users about it.

    If the example email domain is, e.g. example.com, Boulder will reject it until the user provides a different email address.

    opened by jsha 5
  • hello world example fails for me

    hello world example fails for me

    I tried the hello world example and rust-analyzer says the TideRustlsExt is not used and then gives this error:

    no method named acme found for struct TlsListenerBuilder<_> in the current scope method not found in `TlsListenerBuilder<_>

    Any help would be great - thanks!

    opened by bevanhunt 2
  • access denied

    access denied

    What's the best way to get some more information why this isn't working? I assume this is because there is no way to obtain an acme cert? Or would it fall back to self-signed certs?

    use tide_acme::{AcmeConfig, TideRustlsExt};

#[async_std::main]
async fn main() -> tide::Result<()> {
    let mut app = tide::new();
    app.at("/").get(|_| async { Ok("Hello TLS") });

    // app.listen("127.0.0.1:8080").await?;

    app.listen(tide_rustls::TlsListener::build().addrs("127.0.0.1:4443").acme(
        AcmeConfig::new()
            .domains(vec!["domain.example".to_string()])
            .contact_email("[email protected]")
            .cache_dir("/Users/foo/tide-acme-cache-dir"),
        )
    ).await?;

    Ok(())
}

    $ curl -k https://localhost:4443
curl: (35) error:14004419:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert access denied
    opened by tcurdt 1
Owner
http-rs
Fast, friendly, asynchronous HTTP in Rust
http-rs
GitHub
Quickly create boilerplate projects and templates.

boyl boyl is a command-line tool written in Rust to manage template folders. boyl can copy existing folders (with support for glob-like ignore pattern

Miguel M. 13 Feb 16, 2022
finch - a super fast and efficient template rendering engine for node.js

finch A super fast and efficient template rendering engine for node.js, inspired by Handlebars. Usage Finch is very simple to use: Register a template

null 1 Nov 2, 2021
A template for creating services in Rust using Axum and Prisma.

A template for creating services in Rust using Axum and Prisma. This uses the super cool Prisma Rust Client.

Aaron Leopold 6 Oct 19, 2022
Automatic HTTPS certificates for trillium.rs, via Let's Encrypt and ACME tls-alpn-01 challenges

trillium-acme helps you serve HTTPS with Trillium using automatic certificates, via Let’s Encrypt and ACME tls-alpn-01 challenges. To use trillium-acm

Josh Triplett 12 Nov 6, 2023
Bot creating DNS-01 challenged certificates. This is useful for automating wildcard certificates.

ACME Client Automating DNS-01 Challenge for Alfahosting Domains This is an ACME (letsencrypt by default) client that performs DNS-01 proofs agains an

hardworking 4 Apr 11, 2024
Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.

Agnos Presentation Agnos is a single-binary program allowing you to easily obtain certificates (including wildcards) from Let's Encrypt using DNS-01 c

Arthur Carcano 246 Dec 20, 2022
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
rust-native-tls — Bindings for native TLS libraries

rust-native-tls Documentation An abstraction over platform-specific TLS implementations. Specifically, this crate uses SChannel on Windows (via the sc

Steven Fackler 371 Jan 8, 2023
Tide middleware for Diesel pooled connections & transactions

tide-diesel Tide middleware for Diesel pooled connections & transactions. A Tide middleware which holds a pool of Diesel database connections, and aut

Bradford Toney 2 Feb 7, 2022
Björn - The AS207960 ACME server

Björn - The AS207960 ACME server Björn is not a full CA upon to itself, but contains many of the building blocks of a complete ACME CA. Components Bjö

AS207960 / Glauca 5 Feb 17, 2022