Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

certmagic

package module

Go to main page

Versions in this module

v0

v0.13.2

May 22, 2021

Changes in this version

+ const DefaultOCSPCheckInterval

+ const DefaultRenewCheckInterval

+ const DefaultRenewalWindowRatio

+ const ED25519

+ const HTTPChallengePort

+ const LetsEncryptProductionCA

+ const LetsEncryptStagingCA

+ const P256

+ const P384

+ const RSA2048

+ const RSA4096

+ const RSA8192

+ const TLSALPNChallengePort

+ const ZeroSSLProductionCA

+ var AttemptsCtxKey retryStateCtxKey

+ var Default = Config

+ var DefaultACME = ACMEManager

+ var DefaultKeyGenerator = StandardKeyGenerator

+ var HTTPPort = 80

+ var HTTPSPort = 443

+ var HTTPTimeout = 30 * time.Second

+ var RateLimitEvents = 20

+ var RateLimitEventsWindow = 1 * time.Minute

+ var UserAgent string

+ func CleanStorage(ctx context.Context, storage Storage, opts CleanStorageOptions)

+ func CleanUpOwnLocks(logger *zap.Logger)

+ func HTTPS(domainNames []string, mux http.Handler) error

+ func Listen(domainNames []string) (net.Listener, error)

+ func LooksLikeHTTPChallenge(r *http.Request) bool

+ func ManageAsync(ctx context.Context, domainNames []string) error

+ func ManageSync(domainNames []string) error

+ func MatchWildcard(subject, wildcard string) bool

+ func SolveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, ...) bool

+ func SubjectIsIP(subj string) bool

+ func SubjectIsInternal(subj string) bool

+ func SubjectQualifiesForCert(subj string) bool

+ func SubjectQualifiesForPublicCert(subj string) bool

+ func TLS(domainNames []string) (*tls.Config, error)

+ type ACMEDNSProvider interface

+ type ACMEManager struct

+ AccountKeyPEM string

+ Agreed bool

+ AltHTTPPort int

+ AltTLSALPNPort int

+ CA string

+ CertObtainTimeout time.Duration

+ DNS01Solver acmez.Solver

+ DisableHTTPChallenge bool

+ DisableTLSALPNChallenge bool

+ Email string

+ ExternalAccount *acme.EAB

+ ListenHost string

+ Logger *zap.Logger

+ NewAccountFunc func(context.Context, *ACMEManager, acme.Account) (acme.Account, error)

+ PreferredChains ChainPreference

+ Resolver string

+ TestCA string

+ TrustedRoots *x509.CertPool

+ func NewACMEManager(cfg *Config, template ACMEManager) *ACMEManager

+ func (am *ACMEManager) GetAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error)

+ func (am *ACMEManager) HTTPChallengeHandler(h http.Handler) http.Handler

+ func (am *ACMEManager) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool

+ func (am *ACMEManager) Issue(ctx context.Context, csr *x509.CertificateRequest) (*IssuedCertificate, error)

+ func (am *ACMEManager) IssuerKey() string

+ func (am *ACMEManager) PreCheck(_ context.Context, names []string, interactive bool) error

+ func (am *ACMEManager) Revoke(ctx context.Context, cert CertificateResource, reason int) error

+ type Cache struct

+ func NewCache(opts CacheOptions) *Cache

+ func (certCache *Cache) AllMatchingCertificates(name string) []Certificate

+ func (certCache *Cache) RenewManagedCertificates(ctx context.Context) error

+ func (certCache *Cache) Stop()

+ type CacheOptions struct

+ Capacity int

+ GetConfigForCert ConfigGetter

+ Logger *zap.Logger

+ OCSPCheckInterval time.Duration

+ RenewCheckInterval time.Duration

+ type Certificate struct

+ Names []string

+ Tags []string

+ func DefaultCertificateSelector(hello *tls.ClientHelloInfo, choices []Certificate) (Certificate, error)

+ func (cert Certificate) Expired() bool

+ func (cert Certificate) HasTag(tag string) bool

+ func (cert Certificate) NeedsRenewal(cfg *Config) bool

+ type CertificateResource struct

+ CertificatePEM []byte

+ IssuerData interface{}

+ PrivateKeyPEM []byte

+ SANs []string

+ func (cr *CertificateResource) NamesKey() string

+ type CertificateSelector interface

+ SelectCertificate func(*tls.ClientHelloInfo, []Certificate) (Certificate, error)

+ type ChainPreference struct

+ AnyCommonName []string

+ RootCommonName []string

+ Smallest *bool

+ type Challenge struct

+ func GetACMEChallenge(identifier string) (Challenge, bool)

+ type CleanStorageOptions struct

+ ExpiredCertGracePeriod time.Duration

+ ExpiredCerts bool

+ OCSPStaples bool

+ type Config struct

+ CertSelection CertificateSelector

+ DefaultCommonName string

+ DefaultServerName string

+ Issuers []Issuer

+ KeySource KeyGenerator

+ Logger *zap.Logger

+ MustStaple bool

+ OCSP OCSPConfig

+ OnDemand *OnDemandConfig

+ OnEvent func(event string, data interface{})

+ RenewalWindowRatio float64

+ Storage Storage

+ func New(certCache *Cache, cfg Config) *Config

+ func NewDefault() *Config

+ func (cfg *Config) CacheManagedCertificate(domain string) (Certificate, error)

+ func (cfg *Config) CacheUnmanagedCertificatePEMBytes(certBytes, keyBytes []byte, tags []string) error

+ func (cfg *Config) CacheUnmanagedCertificatePEMFile(certFile, keyFile string, tags []string) error

+ func (cfg *Config) CacheUnmanagedTLSCertificate(tlsCert tls.Certificate, tags []string) error

+ func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string) ([]tls.Certificate, error)

+ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

+ func (cfg *Config) ManageAsync(ctx context.Context, domainNames []string) error

+ func (cfg *Config) ManageSync(domainNames []string) error

+ func (cfg *Config) ObtainCert(ctx context.Context, name string, interactive bool) error

+ func (cfg *Config) RenewCert(ctx context.Context, name string, interactive bool) error

+ func (cfg *Config) RevokeCert(ctx context.Context, domain string, reason int, interactive bool) error

+ func (cfg *Config) TLSConfig() *tls.Config

+ func (cfg *Config) Unmanage(domainNames []string)

+ type ConfigGetter func(Certificate) (*Config, error)

+ type DNS01Solver struct

+ DNSProvider ACMEDNSProvider

+ PropagationTimeout time.Duration

+ Resolvers []string

+ TTL time.Duration

+ func (s *DNS01Solver) CleanUp(ctx context.Context, challenge acme.Challenge) error

+ func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) error

+ func (s *DNS01Solver) Wait(ctx context.Context, challenge acme.Challenge) error

+ type ErrNoRetry struct

+ Err error

+ func (e ErrNoRetry) Error() string

+ func (e ErrNoRetry) Unwrap() error

+ type ErrNotExist interface

+ type FileStorage struct

+ Path string

+ func (fs *FileStorage) Delete(key string) error

+ func (fs *FileStorage) Exists(key string) bool

+ func (fs *FileStorage) Filename(key string) string

+ func (fs *FileStorage) List(prefix string, recursive bool) ([]string, error)

+ func (fs *FileStorage) Load(key string) ([]byte, error)

+ func (fs *FileStorage) Lock(ctx context.Context, key string) error

+ func (fs *FileStorage) Stat(key string) (KeyInfo, error)

+ func (fs *FileStorage) Store(key string, value []byte) error

+ func (fs *FileStorage) String() string

+ func (fs *FileStorage) Unlock(key string) error

+ type IssuedCertificate struct

+ Certificate []byte

+ Metadata interface{}

+ type Issuer interface

+ Issue func(ctx context.Context, request *x509.CertificateRequest) (*IssuedCertificate, error)

+ IssuerKey func() string

+ type KeyBuilder struct

+ var StorageKeys KeyBuilder

+ func (keys KeyBuilder) CertsPrefix(issuerKey string) string

+ func (keys KeyBuilder) CertsSitePrefix(issuerKey, domain string) string

+ func (keys KeyBuilder) OCSPStaple(cert *Certificate, pemBundle []byte) string

+ func (keys KeyBuilder) Safe(str string) string

+ func (keys KeyBuilder) SiteCert(issuerKey, domain string) string

+ func (keys KeyBuilder) SiteMeta(issuerKey, domain string) string

+ func (keys KeyBuilder) SitePrivateKey(issuerKey, domain string) string

+ type KeyGenerator interface

+ GenerateKey func() (crypto.PrivateKey, error)

+ type KeyInfo struct

+ IsTerminal bool

+ Key string

+ Modified time.Time

+ Size int64

+ type KeyType string

+ type Locker interface

+ Lock func(ctx context.Context, key string) error

+ Unlock func(key string) error

+ type OCSPConfig struct

+ DisableStapling bool

+ ResponderOverrides map[string]string

+ type OnDemandConfig struct

+ DecisionFunc func(name string) error

+ type PreChecker interface

+ PreCheck func(ctx context.Context, names []string, interactive bool) error

+ type Revoker interface

+ Revoke func(ctx context.Context, cert CertificateResource, reason int) error

+ type RingBufferRateLimiter struct

+ func NewRateLimiter(maxEvents int, window time.Duration) *RingBufferRateLimiter

+ func (r *RingBufferRateLimiter) Allow() bool

+ func (r *RingBufferRateLimiter) MaxEvents() int

+ func (r *RingBufferRateLimiter) SetMaxEvents(maxEvents int)

+ func (r *RingBufferRateLimiter) SetWindow(window time.Duration)

+ func (r *RingBufferRateLimiter) Stop()

+ func (r *RingBufferRateLimiter) Wait(ctx context.Context) error

+ func (r *RingBufferRateLimiter) Window() time.Duration

+ type StandardKeyGenerator struct

+ KeyType KeyType

+ func (kg StandardKeyGenerator) GenerateKey() (crypto.PrivateKey, error)

+ type Storage interface

+ Delete func(key string) error

+ Exists func(key string) bool

+ List func(prefix string, recursive bool) ([]string, error)

+ Load func(key string) ([]byte, error)

+ Stat func(key string) (KeyInfo, error)

+ Store func(key string, value []byte) error