Library
Module
Module type
Parameter
Class
Class type
ACME Client.
This module provides client commands. Note: right now this module implements only the strict necessary in order to register an account, solve http-01 challenges provided by the CA, and fetch the certificate. This means that you will be able to maintain your server with this.
val http_solver :
([ `host ] Domain_name.t ->
prefix:string ->
token:string ->
content:string ->
(unit, [ `Msg of string ]) Stdlib.result Lwt.t) ->
solver
http_solver (fun domain ~prefix ~token ~content)
is a solver for http-01 challenges. The provided function should return Ok ()
once the web server at domain
serves content
as prefix/token
: a GET request to http://domain
/prefix
/token
should return content
. The prefix
is ".well-known/acme-challenge".
val print_http : solver
print_http
outputs the HTTP challenge solution, and waits for user input before continuing with ACME.
val dns_solver :
([ `raw ] Domain_name.t ->
string ->
(unit, [ `Msg of string ]) Stdlib.result Lwt.t) ->
solver
dns_solver (fun domain content)
is a solver for dns-01 challenges. The provided function should return Ok ()
once the authoritative name servers serve a TXT record at domain
with the content. The domain
already has the _acme-challenge.
prepended.
val print_dns : solver
print_dns
outputs the DNS challenge solution, and waits for user input before continuing with ACME.
val nsupdate :
?proto:Dns.proto ->
int ->
(unit -> Ptime.t) ->
(Cstruct.t -> (unit, [ `Msg of string ]) Stdlib.result Lwt.t) ->
?recv:(unit -> (Cstruct.t, [ `Msg of string ]) Stdlib.result Lwt.t) ->
zone:[ `host ] Domain_name.t ->
keyname:'a Domain_name.t ->
Dns.Dnskey.t ->
solver
nsupdate ~proto id now send ~recv ~keyname key ~zone
constructs a dns solver that sends a DNS update packet (using send
) and optionally waits for a signed reply (using recv
if present) to solve challenges. The update is signed with a hmac transaction signature (DNS TSIG) using now ()
as timestamp, and the keyname
and key
for the cryptographic material. The zone
is the one to be used in the query section of the update packet. If signing, sending, or receiving fails, the error is reported.
val alpn_solver :
([ `host ] Domain_name.t ->
alpn:string ->
X509.Private_key.t ->
X509.Certificate.t ->
(unit, [ `Msg of string ]) Stdlib.result Lwt.t) ->
solver
alpn_solver (fun domain ~alpn private_key certificate)
is a solver for tls-alpn-01 challenes. The provided function should return Ok ()
once the TLS server at domain
serves the self-signed certificate
(with private_key
) under the ALPN alpn
("acme-tls/1").
val print_alpn : solver
print_alpn
outputs the ALPN challenge solution, and waits for user input before continuing with ACME.