package letsencrypt

  1. Overview
  2. Docs

ACME Client.

This module provides client commands. Note: right now this module implements only the strict necessary in order to register an account, solve http-01 challenges provided by the CA, and fetch the certificate. This means that you will be able to maintain your server with this.

type t
type solver = {
  1. typ : [ `Dns | `Http | `Alpn ];
  2. solve_challenge : token:string -> key_authorization:string -> [ `host ] Domain_name.t -> (unit, [ `Msg of string ]) Stdlib.result Lwt.t;
}
val http_solver : ([ `host ] Domain_name.t -> prefix:string -> token:string -> content:string -> (unit, [ `Msg of string ]) Stdlib.result Lwt.t) -> solver

http_solver (fun domain ~prefix ~token ~content) is a solver for http-01 challenges. The provided function should return Ok () once the web server at domain serves content as prefix/token: a GET request to http://domain/prefix/token should return content. The prefix is ".well-known/acme-challenge".

val print_http : solver

print_http outputs the HTTP challenge solution, and waits for user input before continuing with ACME.

val alpn_solver : ?key_type:X509.Key_type.t -> ?bits:int -> ([ `host ] Domain_name.t -> alpn:string -> X509.Private_key.t -> X509.Certificate.t -> (unit, [ `Msg of string ]) Stdlib.result Lwt.t) -> solver

alpn_solver ~key_type ~bits (fun domain ~alpn private_key certificate) is a solver for tls-alpn-01 challenges. The provided function should return Ok () once the TLS server at domain serves the self-signed certificate (with private_key) under the ALPN alpn ("acme-tls/1"). The key_type and bits are used for the self-signed certificate, while bits is only relevant if key_type is `RSA (default: RSA with 2048 bits).

val print_alpn : solver

print_alpn outputs the ALPN challenge solution, and waits for user input before continuing with ACME.

module Make (Http : HTTP_client.S) : sig ... end
OCaml

Innovation. Community. Security.