2022-05-12 09:00:43 +00:00
|
|
|
# instant-acme: async, pure-Rust ACME client
|
|
|
|
|
|
|
|
[![Documentation](https://docs.rs/instant-acme/badge.svg)](https://docs.rs/instant-acme/)
|
|
|
|
[![Crates.io](https://img.shields.io/crates/v/instant-acme.svg)](https://crates.io/crates/instant-acme)
|
|
|
|
[![Build status](https://github.com/InstantDomain/instant-acme/workflows/CI/badge.svg)](https://github.com/InstantDomain/instant-acme/actions?query=workflow%3ACI)
|
|
|
|
[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE-APACHE)
|
|
|
|
|
|
|
|
instant-acme is an async, pure-Rust ACME (RFC 8555) client.
|
|
|
|
|
2023-05-31 07:58:09 +00:00
|
|
|
instant-acme is used in production at [Instant Domains](https://instantdomains.com/) to help
|
2022-05-12 09:00:43 +00:00
|
|
|
us provision TLS certificates within seconds for our customers. instant-acme relies
|
|
|
|
on Tokio and rustls to implement the [RFC 8555](https://www.rfc-editor.org/rfc/rfc8555.html)
|
|
|
|
specification.
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
* Store/recover your account credentials by serializing/deserializing
|
|
|
|
* Fully async implementation with tracing support
|
|
|
|
* Support for processing multiple orders concurrently
|
2023-05-15 08:42:58 +00:00
|
|
|
* Support for external account binding
|
2024-01-29 17:10:49 +00:00
|
|
|
* Support for certificate revocation
|
2022-05-12 09:00:43 +00:00
|
|
|
* Uses hyper with rustls and Tokio for HTTP requests
|
2024-07-16 18:35:30 +00:00
|
|
|
* Uses *ring* or aws-lc-rs for ECDSA signing
|
2024-01-29 17:22:15 +00:00
|
|
|
* Minimum supported Rust version: 1.63
|
2022-05-12 09:00:43 +00:00
|
|
|
|
2024-07-16 18:35:30 +00:00
|
|
|
## Cargo features
|
|
|
|
|
|
|
|
* `hyper-rustls` (default): use a hyper client with rustls
|
|
|
|
* `ring` (default): use the *ring* crate as the crypto backend
|
|
|
|
* `aws-lc-rs`: use the aws-lc-rs crate as the crypto backend
|
|
|
|
* `fips`: enable the aws-lc-rs crate's FIPS-compliant mode
|
|
|
|
|
|
|
|
If both `ring` and `aws-lc-rs` are enabled, which backend is used depends on the `fips` feature.
|
|
|
|
If `fips` is enabled, `aws-lc-rs` is used; otherwise, `ring` is used.
|
|
|
|
|
2022-05-12 09:00:43 +00:00
|
|
|
## Limitations
|
|
|
|
|
2024-01-29 17:11:44 +00:00
|
|
|
* Only tested with DNS challenges against Let's Encrypt (staging and production) and ZeroSSL (production) so far
|
2022-05-12 09:00:43 +00:00
|
|
|
* Only supports ECDSA keys for now
|
2022-05-12 09:21:22 +00:00
|
|
|
|
|
|
|
## Getting started
|
|
|
|
|
2023-01-27 09:18:33 +00:00
|
|
|
See the [examples](examples) directory for an example of how to use instant-acme.
|