https://github.com/djc/instant-acme
Simple ACME client
https://github.com/djc/instant-acme
acme rust
Last synced: 3 months ago
JSON representation
Simple ACME client
- Host: GitHub
- URL: https://github.com/djc/instant-acme
- Owner: djc
- License: apache-2.0
- Created: 2022-05-12T08:02:56.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2025-03-28T17:00:40.000Z (3 months ago)
- Last Synced: 2025-04-12T05:36:31.373Z (3 months ago)
- Topics: acme, rust
- Language: Rust
- Homepage:
- Size: 256 KB
- Stars: 119
- Watchers: 5
- Forks: 24
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# instant-acme: async, pure-Rust ACME client
[](https://docs.rs/instant-acme/)
[](https://crates.io/crates/instant-acme)
[](https://github.com/djc/instant-acme/actions?query=workflow%3ACI)
[](LICENSE-APACHE)instant-acme is an async, pure-Rust ACME (RFC 8555) client.
instant-acme is used in production at [Instant Domain Search](https://instantdomainsearch.com/) to help
us provision TLS certificates within seconds for our customers. instant-acme relies
on Tokio and rustls to implement the [RFC 8555](https://www.rfc-editor.org/rfc/rfc8555.html)
specification.## Features
* Store/recover your account credentials by serializing/deserializing
* Fully async implementation with tracing support
* Support for processing multiple orders concurrently
* Support for external account binding
* Support for certificate revocation
* Support for the [ACME renewal information (ARI)] extension
* Support for the [profiles] extension
* Uses hyper with rustls and Tokio for HTTP requests
* Uses *ring* or aws-lc-rs for ECDSA signing
* Minimum supported Rust version (MSRV): 1.70[ACME renewal information (ARI)]: https://www.ietf.org/archive/id/draft-ietf-acme-ari-08.html
[profiles]: https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/## Cargo features
* `hyper-rustls` (default): use a hyper client with rustls
* `aws-lc-rs` (default): use the aws-lc-rs crate as the crypto backend
* `ring`: use the *ring* crate as the crypto backend
* `fips`: enable the aws-lc-rs crate's FIPS-compliant mode
* `x509-parser`: enable extracting `CertificateIdentifier` values for ARI from
certificates
* `time`: enable fetching `RenewalInfo` for a `CertificateIdentifier`If both `ring` and `aws-lc-rs` are enabled, `aws-lc-rs` will be used.
## Limitations
* Only supports P-256 ECDSA account keys for now
## Getting started
See the [examples](examples) directory for an example of how to use instant-acme.