Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

certmagic

package module

Go to main page

Versions in this module

v0

v0.18.1

Jun 21, 2023

Changes in this version

+ const DefaultOCSPCheckInterval

+ const DefaultRenewCheckInterval

+ const DefaultRenewalWindowRatio

+ const ED25519

+ const HTTPChallengePort

+ const LetsEncryptProductionCA

+ const LetsEncryptStagingCA

+ const P256

+ const P384

+ const RSA2048

+ const RSA4096

+ const RSA8192

+ const TLSALPNChallengePort

+ const UseFirstIssuer

+ const UseFirstRandomIssuer

+ const ZeroSSLProductionCA

+ var AttemptsCtxKey retryStateCtxKey

+ var Default = Config

+ var DefaultACME = ACMEIssuer

+ var DefaultKeyGenerator = StandardKeyGenerator

+ var HTTPPort = 80

+ var HTTPSPort = 443

+ var HTTPTimeout = 30 * time.Second

+ var RateLimitEvents = 10

+ var RateLimitEventsWindow = 10 * time.Second

+ var UserAgent string

+ func CleanStorage(ctx context.Context, storage Storage, opts CleanStorageOptions)

+ func CleanUpOwnLocks(ctx context.Context, logger *zap.Logger)

+ func HTTPS(domainNames []string, mux http.Handler) error

+ func Listen(domainNames []string) (net.Listener, error)

+ func LooksLikeHTTPChallenge(r *http.Request) bool

+ func ManageAsync(ctx context.Context, domainNames []string) error

+ func ManageSync(ctx context.Context, domainNames []string) error

+ func MatchWildcard(subject, wildcard string) bool

+ func PEMDecodePrivateKey(keyPEMBytes []byte) (crypto.Signer, error)

+ func PEMEncodePrivateKey(key crypto.PrivateKey) ([]byte, error)

+ func SolveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, ...) bool

+ func SubjectIsIP(subj string) bool

+ func SubjectIsInternal(subj string) bool

+ func SubjectQualifiesForCert(subj string) bool

+ func SubjectQualifiesForPublicCert(subj string) bool

+ func TLS(domainNames []string) (*tls.Config, error)

+ type ACMEDNSProvider interface

+ type ACMEIssuer struct

+ AccountKeyPEM string

+ Agreed bool

+ AltHTTPPort int

+ AltTLSALPNPort int

+ CA string

+ CertObtainTimeout time.Duration

+ DNS01Solver acmez.Solver

+ DisableHTTPChallenge bool

+ DisableTLSALPNChallenge bool

+ Email string

+ ExternalAccount *acme.EAB

+ HTTPProxy func(*http.Request) (*url.URL, error)

+ ListenHost string

+ Logger *zap.Logger

+ NewAccountFunc func(context.Context, *ACMEIssuer, acme.Account) (acme.Account, error)

+ PreferredChains ChainPreference

+ Resolver string

+ TestCA string

+ TrustedRoots *x509.CertPool

+ func NewACMEIssuer(cfg *Config, template ACMEIssuer) *ACMEIssuer

+ func (am *ACMEIssuer) GetAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error)

+ func (am *ACMEIssuer) HTTPChallengeHandler(h http.Handler) http.Handler

+ func (am *ACMEIssuer) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool

+ func (am *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*IssuedCertificate, error)

+ func (am *ACMEIssuer) IssuerKey() string

+ func (am *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error

+ func (am *ACMEIssuer) Revoke(ctx context.Context, cert CertificateResource, reason int) error

+ type Cache struct

+ func NewCache(opts CacheOptions) *Cache

+ func (certCache *Cache) AllMatchingCertificates(name string) []Certificate

+ func (certCache *Cache) RenewManagedCertificates(ctx context.Context) error

+ func (certCache *Cache) Stop()

+ type CacheOptions struct

+ Capacity int

+ GetConfigForCert ConfigGetter

+ Logger *zap.Logger

+ OCSPCheckInterval time.Duration

+ RenewCheckInterval time.Duration

+ type Certificate struct

+ Names []string

+ Tags []string

+ func DefaultCertificateSelector(hello *tls.ClientHelloInfo, choices []Certificate) (Certificate, error)

+ func (cert Certificate) Empty() bool

+ func (cert Certificate) Expired() bool

+ func (cert Certificate) HasTag(tag string) bool

+ func (cert Certificate) NeedsRenewal(cfg *Config) bool

+ type CertificateResource struct

+ CertificatePEM []byte

+ IssuerData any

+ PrivateKeyPEM []byte

+ SANs []string

+ func (cr *CertificateResource) NamesKey() string

+ type CertificateSelector interface

+ SelectCertificate func(*tls.ClientHelloInfo, []Certificate) (Certificate, error)

+ type ChainPreference struct

+ AnyCommonName []string

+ RootCommonName []string

+ Smallest *bool

+ type Challenge struct

+ func GetACMEChallenge(identifier string) (Challenge, bool)

+ type CleanStorageOptions struct

+ ExpiredCertGracePeriod time.Duration

+ ExpiredCerts bool

+ OCSPStaples bool

+ type Config struct

+ CertSelection CertificateSelector

+ DefaultServerName string

+ DisableStorageCheck bool

+ FallbackServerName string

+ IssuerPolicy IssuerPolicy

+ Issuers []Issuer

+ KeySource KeyGenerator

+ Logger *zap.Logger

+ MustStaple bool

+ OCSP OCSPConfig

+ OnDemand *OnDemandConfig

+ OnEvent func(ctx context.Context, event string, data map[string]any) error

+ RenewalWindowRatio float64

+ ReusePrivateKeys bool

+ Storage Storage

+ func New(certCache *Cache, cfg Config) *Config

+ func NewDefault() *Config

+ func (cfg *Config) CacheManagedCertificate(ctx context.Context, domain string) (Certificate, error)

+ func (cfg *Config) CacheUnmanagedCertificatePEMBytes(ctx context.Context, certBytes, keyBytes []byte, tags []string) error

+ func (cfg *Config) CacheUnmanagedCertificatePEMFile(ctx context.Context, certFile, keyFile string, tags []string) error

+ func (cfg *Config) CacheUnmanagedTLSCertificate(ctx context.Context, tlsCert tls.Certificate, tags []string) error

+ func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string) ([]tls.Certificate, error)

+ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

+ func (cfg *Config) GetCertificateWithContext(ctx context.Context, clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

+ func (cfg *Config) ManageAsync(ctx context.Context, domainNames []string) error

+ func (cfg *Config) ManageSync(ctx context.Context, domainNames []string) error

+ func (cfg *Config) ObtainCertAsync(ctx context.Context, name string) error

+ func (cfg *Config) ObtainCertSync(ctx context.Context, name string) error

+ func (cfg *Config) RenewCertAsync(ctx context.Context, name string, force bool) error

+ func (cfg *Config) RenewCertSync(ctx context.Context, name string, force bool) error

+ func (cfg *Config) RevokeCert(ctx context.Context, domain string, reason int, interactive bool) error

+ func (cfg *Config) TLSConfig() *tls.Config

+ func (cfg *Config) Unmanage(domainNames []string)

+ type ConfigGetter func(Certificate) (*Config, error)

+ type DNS01Solver struct

+ DNSProvider ACMEDNSProvider

+ OverrideDomain string

+ PropagationDelay time.Duration

+ PropagationTimeout time.Duration

+ Resolvers []string

+ TTL time.Duration

+ func (s *DNS01Solver) CleanUp(_ context.Context, challenge acme.Challenge) error

+ func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) error

+ func (s *DNS01Solver) Wait(ctx context.Context, challenge acme.Challenge) error

+ type ErrNoRetry struct

+ Err error

+ func (e ErrNoRetry) Error() string

+ func (e ErrNoRetry) Unwrap() error

+ type FileStorage struct

+ Path string

+ func (s *FileStorage) Delete(_ context.Context, key string) error

+ func (s *FileStorage) Exists(_ context.Context, key string) bool

+ func (s *FileStorage) Filename(key string) string

+ func (s *FileStorage) List(ctx context.Context, prefix string, recursive bool) ([]string, error)

+ func (s *FileStorage) Load(_ context.Context, key string) ([]byte, error)

+ func (s *FileStorage) Lock(ctx context.Context, name string) error

+ func (s *FileStorage) Stat(_ context.Context, key string) (KeyInfo, error)

+ func (s *FileStorage) Store(_ context.Context, key string, value []byte) error

+ func (s *FileStorage) String() string

+ func (s *FileStorage) Unlock(_ context.Context, name string) error

+ type IssuedCertificate struct

+ Certificate []byte

+ Metadata any

+ type Issuer interface

+ Issue func(ctx context.Context, request *x509.CertificateRequest) (*IssuedCertificate, error)

+ IssuerKey func() string

+ type IssuerPolicy string

+ type KeyBuilder struct

+ var StorageKeys KeyBuilder

+ func (keys KeyBuilder) CertsPrefix(issuerKey string) string

+ func (keys KeyBuilder) CertsSitePrefix(issuerKey, domain string) string

+ func (keys KeyBuilder) OCSPStaple(cert *Certificate, pemBundle []byte) string

+ func (keys KeyBuilder) Safe(str string) string

+ func (keys KeyBuilder) SiteCert(issuerKey, domain string) string

+ func (keys KeyBuilder) SiteMeta(issuerKey, domain string) string

+ func (keys KeyBuilder) SitePrivateKey(issuerKey, domain string) string

+ type KeyGenerator interface

+ GenerateKey func() (crypto.PrivateKey, error)

+ type KeyInfo struct

+ IsTerminal bool

+ Key string

+ Modified time.Time

+ Size int64

+ type KeyType string

+ type Locker interface

+ Lock func(ctx context.Context, name string) error

+ Unlock func(ctx context.Context, name string) error

+ type Manager interface

+ GetCertificate func(context.Context, *tls.ClientHelloInfo) (*tls.Certificate, error)

+ type OCSPConfig struct

+ DisableStapling bool

+ ResponderOverrides map[string]string

+ type OnDemandConfig struct

+ DecisionFunc func(name string) error

+ Managers []Manager

+ type PreChecker interface

+ PreCheck func(ctx context.Context, names []string, interactive bool) error

+ type Revoker interface

+ Revoke func(ctx context.Context, cert CertificateResource, reason int) error

+ type RingBufferRateLimiter struct

+ func NewRateLimiter(maxEvents int, window time.Duration) *RingBufferRateLimiter

+ func (r *RingBufferRateLimiter) Allow() bool

+ func (r *RingBufferRateLimiter) MaxEvents() int

+ func (r *RingBufferRateLimiter) SetMaxEvents(maxEvents int)

+ func (r *RingBufferRateLimiter) SetWindow(window time.Duration)

+ func (r *RingBufferRateLimiter) Stop()

+ func (r *RingBufferRateLimiter) Wait(ctx context.Context) error

+ func (r *RingBufferRateLimiter) Window() time.Duration

+ type StandardKeyGenerator struct

+ KeyType KeyType

+ func (kg StandardKeyGenerator) GenerateKey() (crypto.PrivateKey, error)

+ type Storage interface

+ Delete func(ctx context.Context, key string) error

+ Exists func(ctx context.Context, key string) bool

+ List func(ctx context.Context, prefix string, recursive bool) ([]string, error)

+ Load func(ctx context.Context, key string) ([]byte, error)

+ Stat func(ctx context.Context, key string) (KeyInfo, error)

+ Store func(ctx context.Context, key string, value []byte) error