package dns-certify

You can search for identifiers within the package.

in-package search v0.2.0

MirageOS let's encrypt certificate retrieval

Install

Dune Dependency

github.com Readme Changelog BSD-2-Clause License Edit opam file Versions (37)

Authors

H

Hannes Mehnert <hannes@mehnert.org>

Maintainers

T

team AT robur dot coop

Sources

dns-v4.0.0.tbz

sha256=19e856bd3205e3f0294a89501f06d1fb5ee1afd4a4ef26c1b56af866ac254c6a

sha512=62df40202c67632f1f7381f6c6d919d5dcca80ccddb2141c5879ad089a9432df69cfe6245da1b3101139b449463fe0c2d7165f8fec42d325e17f5e4553384a12

doc/dns-certify.mirage/Dns_certify_mirage/Make/index.html

Module `Dns_certify_mirage.Make`

Parameters

module R : Mirage_random.C

module P : Mirage_clock_lwt.PCLOCK

module T : Mirage_time_lwt.S

module S : Mirage_stack_lwt.V4

Signature

val retrieve_certificate : 
  ?ca:[ `Production | `Staging ] ->
  S.t ->
  dns_key:string ->
  hostname:[ `host ] Domain_name.t ->
  ?additional_hostnames:[ `host ] Domain_name.t list ->
  ?key_seed:string ->
  S.TCPV4.ipaddr ->
  int ->
  (Tls.Config.own_cert, [ `Msg of string ]) result Lwt.t

retrieve_certificate ~ca stack ~dns_key ~hostname ~key_seed server_ip port generates a RSA private key (using the key_seed), a certificate signing request for the given hostname and additional_hostnames, and sends server_ip an nsupdate (DNS-TSIG with dns_key) with the csr as TLSA record, awaiting for a matching certificate as TLSA record. Requires a service that interacts with let's encrypt to transform the CSR into a signed certificate. If something fails, an exception (via Lwt.fail) is raised. This is meant for unikernels that require a valid TLS certificate before they can start their service (i.e. most web servers, mail servers). Has let's encrypt certificates (expiry March 2021) hardcoded.

On This Page

Parameters
Signature