{"id":13646999,"url":"https://github.com/haproxytech/haproxy-lua-acme","last_synced_at":"2025-04-21T21:32:11.968Z","repository":{"id":55122541,"uuid":"132448182","full_name":"haproxytech/haproxy-lua-acme","owner":"haproxytech","description":null,"archived":true,"fork":false,"pushed_at":"2024-06-18T15:41:06.000Z","size":137,"stargazers_count":105,"open_issues_count":7,"forks_count":15,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-08-02T01:26:37.782Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/haproxytech.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-07T11:01:25.000Z","updated_at":"2024-06-18T15:41:59.000Z","dependencies_parsed_at":"2024-08-02T01:25:25.679Z","dependency_job_id":"9fa43a03-e29f-4878-aaa2-c885831dae89","html_url":"https://github.com/haproxytech/haproxy-lua-acme","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haproxytech%2Fhaproxy-lua-acme","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haproxytech%2Fhaproxy-lua-acme/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haproxytech%2Fhaproxy-lua-acme/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haproxytech%2Fhaproxy-lua-acme/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/haproxytech","download_url":"https://codeload.github.com/haproxytech/haproxy-lua-acme/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223880394,"owners_count":17219113,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:03:18.003Z","updated_at":"2024-11-09T20:30:53.230Z","avatar_url":"https://github.com/haproxytech.png","language":"Lua","readme":"HAProxy ACME v2 client\n======================\n\nDeprecated\n----------\n\nThis project is not maintained anymore. It is recommended to switch to acme.sh instead:\nhttps://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh\n\nImportant notice\n----------------\nBeware, the fixes to support for ACME v2 protocol were recently merged, there\nmight be some sharp edges but it should work.\n\nThis is a client implementation for ACME (Automatic Certificate Management\nEnvironment) protocol, currently draft IETF standard\n(https://tools.ietf.org/html/draft-ietf-acme-acme-12)\n\nThe protocol will be supported by Let's Encrypt project from March 2018.\nand it is expected that other *Certificate Authorities* will support this\nACME version in the future.\n\nIntro\n-----\nThe main idea of this ACME client is to implement as much functionality inside\nHAProxy. In addition to supporting single instance HAProxy installations, we\nalso aim to support multi-instance deployments (i.e. you have a cluster of load\nbalancers on which you want to use ACME issued certs).\n\nBy using the internal HTTP interface (and http client such as `curl`), you will\nbe able to execute the following:\n\n- Upload your own account and domain keys (only RSA keys for now)\n- Automatically register your account on ACME servers (linked to your account\n  key)\n- Request and receive certificates for your domains\n\nThe only thing you need to do on your own is to save the received certificate\nbundles and reload HAProxy.\n\n\nRequirements\n------------\n\n* A modern HAProxy version (v1.8) with Lua support (check with\n  ``haproxy -vv | grep USE_LUA=1``)\n* `haproxy-lua-http`_ - Lua HTTP server/client for HAProxy Lua host\n* `json.lua`_ - Lua JSON library\n* `luaossl`_ - OpenSSL bindings for Lua\n\n\nConfiguration\n-------------\n\nInstall the required Lua libraries to proper LUA_PATH location, and configure\nhaproxy as follows:\n\n::\n\n  global\n      log /dev/log local0 debug\n      nbproc 1\n      daemon\n      lua-load config.lua\n      lua-load acme.lua\n\n  defaults\n      log global\n      mode http\n      option httplog\n      timeout connect 5s\n      timeout client 10s\n      timeout server 10s\n\n  listen http\n      bind *:80\n      http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/  }\n\n  listen acme\n      bind 127.0.0.1:9011\n      http-request use-service lua.acme\n\n  listen acme-ca\n    bind 127.0.0.1:9012\n    server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem\n    http-request set-header Host acme-v02.api.letsencrypt.org\n\n``letsencrypt-x3-ca-chain.pem`` is the concatenation of the active root certificate and intermediate certificate in one pem file, available here : https://letsencrypt.org/certificates/\n\nConfiguration is kept in a separate Lua file, where you must explicitly set\n``termsOfServiceAgreed`` option to ``true`` in order to be able to acquire\ncerts. Before doing that, please read latest Let's Encrypt terms of service and\nsubscriber agreement available at https://letsencrypt.org/repository/\n\n::\n\n  config = {\n      registration = {\n          -- You can read TOS here: https://letsencrypt.org/repository/\n          termsOfServiceAgreed = false,\n          contact = {\"mailto:postmaster@example.net\"}\n      },\n\n      -- ACME certificate authority configuration\n      ca = {\n          -- HAProxy backend/server which proxies requests to ACME server\n          proxy_uri = \"http://127.0.0.1:9012\",\n          -- ACME server URI (also returned by ACME directory listings)\n          -- Use this server name in HAProxy config\n          uri = \"https://acme-v02.api.letsencrypt.org\",\n      }\n  }\n\nKey creation\n------------\n\nAlthough Lua module is able to create account key or domain automatically, for\nperformance and security reasons we require that you create your keys\nseparately.\n\nCurrently, we only support RSA keys. For account key, key size should be\n4096bits, and for domain key 2048bits (minimal key sizes are also enforced by\nLet's Encrypt).\n\nYou can use the following commands to create keys. Note that you need a modern\nopenssl version, we don't use ``openssl genrsa`` but ``openssl genpkey``, as\nwe're going to use the same command to create ECDSA keys in the future.\n\n::\n\n  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key\n  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key\n\n\nUsage\n-----\n\nAfter you have provisioned your keys, you can run certificate order via HTTP.\nFor example by using curl to POST data in *multipart/form-data* format:\n\n::\n\n  curl -XPOST http://127.0.0.1:9011/acme/order -F 'account_key=@account.key' \\\n       -F 'domain=example.net' -F 'domain_key=@example.net.key' \\\n       -F 'aliases=www.example.net,example.com,www.example.com' \\\n       -o example.net.pem\n\nAliases are optional, and we use curl ``@`` syntax to post files.\nThe output is full certificate chain (with key appended), suitable for direct\nconsumption by HAProxy.\n\n.. _`haproxy-lua-http`: https://github.com/haproxytech/haproxy-lua-http\n.. _`json.lua`: https://github.com/rxi/json.lua\n.. _`luaossl`: https://github.com/wahern/luaossl\n","funding_links":[],"categories":["Lua"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhaproxytech%2Fhaproxy-lua-acme","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhaproxytech%2Fhaproxy-lua-acme","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhaproxytech%2Fhaproxy-lua-acme/lists"}