{"id":21038681,"url":"https://github.com/n0-computer/tokio-rustls-acme","last_synced_at":"2025-04-06T00:07:18.964Z","repository":{"id":175049534,"uuid":"643820137","full_name":"n0-computer/tokio-rustls-acme","owner":"n0-computer","description":"Automatic TLS certificate management using rustls","archived":false,"fork":false,"pushed_at":"2025-03-07T10:14:32.000Z","size":94,"stargazers_count":27,"open_issues_count":4,"forks_count":9,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-03-29T23:07:32.356Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/n0-computer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-22T08:18:50.000Z","updated_at":"2025-03-27T17:10:37.000Z","dependencies_parsed_at":"2024-08-01T14:15:00.957Z","dependency_job_id":"fc231601-9fc1-4396-be52-692504e2ee50","html_url":"https://github.com/n0-computer/tokio-rustls-acme","commit_stats":null,"previous_names":["n0-computer/tokio-rustls-acme"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0-computer%2Ftokio-rustls-acme","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0-computer%2Ftokio-rustls-acme/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0-computer%2Ftokio-rustls-acme/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0-computer%2Ftokio-rustls-acme/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/n0-computer","download_url":"https://codeload.github.com/n0-computer/tokio-rustls-acme/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415967,"owners_count":20935388,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T13:34:11.553Z","updated_at":"2025-04-06T00:07:18.943Z","avatar_url":"https://github.com/n0-computer.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003etokio-rustls-acme\u003c/h1\u003e\n\u003cdiv align=\"center\"\u003e\n \u003cstrong\u003e\n    Automatic TLS certificate management using rustls with ring.\n \u003c/strong\u003e\n\u003c/div\u003e\n\n\u003cbr /\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003c!-- Crates version --\u003e\n  \u003ca href=\"https://crates.io/crates/tokio-rustls-acme\"\u003e\n    \u003cimg src=\"https://img.shields.io/crates/v/tokio-rustls-acme.svg?style=flat-square\"\n    alt=\"Crates.io version\" /\u003e\n  \u003c/a\u003e\n  \u003c!-- Downloads --\u003e\n  \u003ca href=\"https://crates.io/crates/tokio-rustls-acme\"\u003e\n    \u003cimg src=\"https://img.shields.io/crates/d/tokio-rustls-acme.svg?style=flat-square\"\n      alt=\"Download\" /\u003e\n  \u003c/a\u003e\n  \u003c!-- docs.rs docs --\u003e\n  \u003ca href=\"https://docs.rs/tokio-rustls-acme\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/docs-latest-blue.svg?style=flat-square\"\n      alt=\"docs.rs docs\" /\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003ch3\u003e\n    \u003ca href=\"https://docs.rs/tokio-rustls-acme\"\u003e\n      API Docs\n    \u003c/a\u003e\n  \u003c/h3\u003e\n\u003c/div\u003e\n\u003cbr/\u003e\n\n\u003e Original implementation based on https://github.com/FlorianUekermann/rustls-acme. \n\nAn easy-to-use, async compatible [ACME] client library using [rustls] with [ring].\nThe validation mechanism used is tls-alpn-01, which allows serving acme challenge responses and\nregular TLS traffic on the same port.\n\nIs designed to use the tokio runtime, if you need support for other runtimes take a look\nat the original implementation [rustls-acme](https://github.com/FlorianUekermann/rustls-acme).\n\nNo persistent tasks are spawned under the hood and the certificate acquisition/renewal process\nis folded into the streams and futures being polled by the library user.\n\nThe goal is to provide a [Let's Encrypt](https://letsencrypt.org/) compatible TLS serving and\ncertificate management using a simple and flexible stream based API.\n\nThis crate uses [ring] as [rustls]'s backend, instead of [aws-lc-rs]. This generally makes it\nmuch easier to compile. If you'd like to use [aws-lc-rs] as [rustls]'s backend, we're open to\ncontributions with the necessary `Cargo.toml` changes and feature-flags to enable you to do so.\n\nTo use tokio-rustls-acme add the following lines to your `Cargo.toml`:\n\n```toml\n[dependencies]\ntokio-rustls-acme = \"*\"\n```\n\n## High-level API\n\nThe high-level API consists of a single stream `Incoming` of incoming TLS connection.\nPolling the next future of the stream takes care of acquisition and renewal of certificates, as\nwell as accepting TLS connections, which are handed over to the caller on success.\n\n```rust\nuse tokio::io::AsyncWriteExt;\nuse futures::StreamExt;\nuse tokio_rustls_acme::{AcmeConfig, caches::DirCache};\nuse tokio_stream::wrappers::TcpListenerStream;\n\n#[tokio::main]\nasync fn main() {\n    simple_logger::init_with_level(log::Level::Info).unwrap();\n\n    let tcp_listener = tokio::net::TcpListener::bind(\"[::]:443\").await.unwrap();\n    let tcp_incoming = TcpListenerStream::new(tcp_listener);\n\n    let mut tls_incoming = AcmeConfig::new([\"example.com\"])\n        .contact_push(\"mailto:admin@example.com\")\n        .cache(DirCache::new(\"./rustls_acme_cache\"))\n        .incoming(tcp_incoming, Vec::new());\n\n    while let Some(tls) = tls_incoming.next().await {\n        let mut tls = tls.unwrap();\n        tokio::spawn(async move {\n            tls.write_all(HELLO).await.unwrap();\n            tls.shutdown().await.unwrap();\n        });\n    }\n}\n\nconst HELLO: \u0026'static [u8] = br#\"HTTP/1.1 200 OK\nContent-Length: 11\nContent-Type: text/plain; charset=utf-8\n\nHello Tls!\"#;\n```\n\n`examples/high_level.rs` implements a \"Hello Tls!\" server similar to the one above, which accepts\ndomain, port and cache directory parameters.\n\nNote that all examples use the let's encrypt staging directory by default.\nThe production directory imposes strict rate limits, which are easily exhausted accidentally\nduring testing and development.\nFor testing with the staging directory you may open `https://\u003cyour domain\u003e:\u003cport\u003e` in a browser\nthat allows TLS connections to servers signed by an untrusted CA (in Firefox click \"Advanced...\"\n-\u003e \"Accept the Risk and Continue\").\n\n## Low-level Rustls API\n\nFor users who may want to interact with [`rustls`] or [`tokio-rustls`]\ndirectly, the library exposes the underlying certificate management `AcmeState` as well as a\nmatching resolver `ResolvesServerCertAcme` which implements the `rustls::server::ResolvesServerCert` trait.\nSee the `server_low_level` example on how to use the low-level API directly with [`tokio-rustls`].\n\n## Account and certificate caching\n\nA production server using the let's encrypt production directory must implement both account and\ncertificate caching to avoid exhausting the let's encrypt API rate limits.\nA file based cache using a cache directory is provided by `caches::DirCache`.\nCaches backed by other persistence layers may be implemented using the `Cache` trait,\nor the underlying `CertCache`, `AccountCache` traits (contributions welcome).\n`caches::CompositeCache` provides a wrapper to combine two implementors of `CertCache` and\n`AccountCache` into a single `Cache`.\n\nNote, that the error type parameters of the cache carries over to some other types in this\ncrate via the `AcmeConfig` they are added to.\nIf you want to avoid different specializations based on cache type use the\n`AcmeConfig::cache_with_boxed_err` method to construct the an `AcmeConfig` object.\n\n\n## The acme module\n\nThe underlying implementation of an async acme client may be useful to others and is exposed as\na module. It is incomplete (contributions welcome) and not covered by any stability\npromises.\n\n## Special thanks\n\nThis crate was inspired by the [autocert](https://golang.org/x/crypto/acme/autocert/)\npackage for [Go](https://golang.org).\n\nThe original implementation of this crate can be found at [FlorianUekermann/rustls-acme](https://github.com/FlorianUekermann/rustls-acme/commits/main), this is just a version focused on supporting only tokio.\n\nThis crate also builds on the excellent work of the authors of\n[`rustls`](https://github.com/ctz/rustls),\n[`tokio-rustls`](https://github.com/tokio-rs/tls/tree/master/tokio-rustls) and many others.\n\n\n# License\n\nThis project is licensed under either of\n\n * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or\n   http://www.apache.org/licenses/LICENSE-2.0)\n * MIT license ([LICENSE-MIT](LICENSE-MIT) or\n   http://opensource.org/licenses/MIT)\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in this project by you, as defined in the Apache-2.0 license,\nshall be dual licensed as above, without any additional terms or conditions.\n\n\n[ACME]: https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment\n[ring]: https://github.com/briansmith/ring\n[rustls]: https://github.com/ctz/rustls\n[aws-lc-rs]: https://github.com/aws/aws-lc-rs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0-computer%2Ftokio-rustls-acme","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fn0-computer%2Ftokio-rustls-acme","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0-computer%2Ftokio-rustls-acme/lists"}