8个版本
| 0.5.1 | 2022年5月2日 |
|---|---|
| 0.5.0 | 2021年5月20日 |
| 0.4.0 | 2021年5月5日 |
| 0.3.3 | 2021年4月28日 |
| 0.2.0 | 2021年1月14日 |
#1044 在 加密学
每月下载量 517
用于 agnos
61KB
1K SLoC
acme2
特性
- 支持ACME v2,已针对Let's Encrypt和Pebble进行测试
- 完全异步,使用
reqwest/ Tokio - 支持DNS01和HTTP01验证
- 完全使用
tracing进行仪表化
示例
此示例演示了如何使用http-01验证为example.com域名配置证书。
use acme2::gen_rsa_private_key;
use acme2::AccountBuilder;
use acme2::AuthorizationStatus;
use acme2::ChallengeStatus;
use acme2::DirectoryBuilder;
use acme2::Error;
use acme2::OrderBuilder;
use acme2::OrderStatus;
use acme2::Csr;
use std::time::Duration;
const LETS_ENCRYPT_URL: &'static str =
"https://acme-v02.api.letsencrypt.org/directory";
#[tokio::main]
async fn main() -> Result<(), Error> {
// Create a new ACMEv2 directory for Let's Encrypt.
let dir = DirectoryBuilder::new(LETS_ENCRYPT_URL.to_string())
.build()
.await?;
// Create an ACME account to use for the order. For production
// purposes, you should keep the account (and private key), so
// you can renew your certificate easily.
let mut builder = AccountBuilder::new(dir.clone());
builder.contact(vec!["mailto:[email protected]".to_string()]);
builder.terms_of_service_agreed(true);
let account = builder.build().await?;
// Create a new order for a specific domain name.
let mut builder = OrderBuilder::new(account);
builder.add_dns_identifier("example.com".to_string());
let order = builder.build().await?;
// Get the list of needed authorizations for this order.
let authorizations = order.authorizations().await?;
for auth in authorizations {
// Get an http-01 challenge for this authorization (or panic
// if it doesn't exist).
let challenge = auth.get_challenge("http-01").unwrap();
// At this point in time, you must configure your webserver to serve
// a file at `https://example.com/.well-known/${challenge.token}`
// with the content of `challenge.key_authorization()??`.
// Start the validation of the challenge.
let challenge = challenge.validate().await?;
// Poll the challenge every 5 seconds until it is in either the
// `valid` or `invalid` state.
let challenge = challenge.wait_done(Duration::from_secs(5), 3).await?;
assert_eq!(challenge.status, ChallengeStatus::Valid);
// You can now remove the challenge file hosted on your webserver.
// Poll the authorization every 5 seconds until it is in either the
// `valid` or `invalid` state.
let authorization = auth.wait_done(Duration::from_secs(5), 3).await?;
assert_eq!(authorization.status, AuthorizationStatus::Valid)
}
// Poll the order every 5 seconds until it is in either the
// `ready` or `invalid` state. Ready means that it is now ready
// for finalization (certificate creation).
let order = order.wait_ready(Duration::from_secs(5), 3).await?;
assert_eq!(order.status, OrderStatus::Ready);
// Generate an RSA private key for the certificate.
let pkey = gen_rsa_private_key(4096)?;
// Create a certificate signing request for the order, and request
// the certificate.
let order = order.finalize(Csr::Automatic(pkey)).await?;
// Poll the order every 5 seconds until it is in either the
// `valid` or `invalid` state. Valid means that the certificate
// has been provisioned, and is now ready for download.
let order = order.wait_done(Duration::from_secs(5), 3).await?;
assert_eq!(order.status, OrderStatus::Valid);
// Download the certificate, and panic if it doesn't exist.
let cert = order.certificate().await?.unwrap();
assert!(cert.len() > 1);
Ok(())
}
开发
要运行测试,您需要安装pebble和pebble-challtestsrv。
在运行以下命令之前启动这些服务(在不同的shell中)
pebble -config ./pebble-config.json -strict
pebble-challtestsrv
Windows
在Windows上编译需要OpenSSL。以下是安装它的简单方法。
(Git Bash中的示例)
git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
./vcpkg.exe install openssl
./vcpkg.exe install openssl:x64-windows-static
# Add OPENSSL_DIR=/vcpkg/path/installed/x64-windows-static
cargo build
许可证
本项目采用MIT许可证。有关更多信息,请参阅LICENCE文件。
依赖关系
~8–23MB
~333K SLoC