instant-labs
/
instant-acme
mirror of https://github.com/instant-labs/instant-acme.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Simple ACME client
143 Commits 3 Branches 4 Tags 844 KiB
Rust 100%
Go to file
Nick Spain e83836b719 Retry bad nonce errors after generating a new nonce 
Retry `urn:ietf:params:acme:error:badNonce` errors as they are defined
as retryable[^1]. Requests failing with a bad nonce error will be
retried three time retried three times before the failure is returned
to the caller.

This implenments the `BytesBody` trait for `bytes::Bytes` as we need
to consume the response body to be able check if the failure was due
to a bad nonce which required parsing the body. The body is only
consumed if the response status is bad request, in all other cases the
body is still lazily consumable.

[^1]: https://datatracker.ietf.org/doc/html/rfc8555/#section-6.5
 		2024-09-17 12:28:35 +00:00
.github Bump MSRV to 1.70 (for tokio 1.39) 2024-07-26 12:17:31 +02:00
examples Upgrade example to rcgen 0.13 2024-07-26 12:17:31 +02:00
src Retry bad nonce errors after generating a new nonce 2024-09-17 12:28:35 +00:00
.gitignore Add .gitignore 2022-05-12 21:47:01 +02:00
Cargo.toml Update links to repository after move 2024-08-20 18:17:00 +02:00
LICENSE Add Apache 2.0 license file 2022-05-12 21:47:01 +02:00
README.md Update links to repository after move 2024-08-20 18:17:00 +02:00
deny.toml Update to hyper dependency to version 1 (#50) 2024-06-27 13:04:02 +02:00

README.md

instant-acme: async, pure-Rust ACME client

Documentation Crates.io Build status License: Apache 2.0

instant-acme is an async, pure-Rust ACME (RFC 8555) client.

instant-acme is used in production at Instant Domain Search to help us provision TLS certificates within seconds for our customers. instant-acme relies on Tokio and rustls to implement the RFC 8555 specification.

Features

  • Store/recover your account credentials by serializing/deserializing
  • Fully async implementation with tracing support
  • Support for processing multiple orders concurrently
  • Support for external account binding
  • Support for certificate revocation
  • Uses hyper with rustls and Tokio for HTTP requests
  • Uses ring or aws-lc-rs for ECDSA signing
  • Minimum supported Rust version: 1.63

Cargo features

  • hyper-rustls (default): use a hyper client with rustls
  • ring (default): use the ring crate as the crypto backend
  • aws-lc-rs: use the aws-lc-rs crate as the crypto backend
  • fips: enable the aws-lc-rs crate's FIPS-compliant mode

If both ring and aws-lc-rs are enabled, which backend is used depends on the fips feature. If fips is enabled, aws-lc-rs is used; otherwise, ring is used.

Limitations

  • Only tested with DNS challenges against Let's Encrypt (staging and production) and ZeroSSL (production) so far
  • Only supports ECDSA keys for now

Getting started

See the examples directory for an example of how to use instant-acme.