scertec

package module

v0.0.0-...-cdb396a Latest Latest Go to latest Published: Oct 11, 2024 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tailscale/scertec

Links

Open Source Insights

README ¶

scertec

This is scertec, a Let's Encrypt ACME client that stores certs in setec and a Go client library that reads those certs back out of setec at serving time via a tls.Config.GetCertificate hook.

It only supports ACME DNS challenges using Amazon Route53.

Directories involved:

. (package scertec): the client library that gets certs from setec
scertecd (package scertecd): the ACME client code that runs either in the foreground once or in the background as an HTTP server, keeping the certs refreshed in setec
cmd/scertecd: a little package main wrapper around the earlier item.

Documentation ¶

Overview ¶

Package scertec provides a client for the TLS certs stored in setec as placed there by the scertecd service.

Think of it as a replacement for x/crypto/acme/autocert in that it provides the tls.Config.GetCertificate hook that provides the cert.

Index ¶

type Client
- func NewClient(ctx context.Context, c setec.Client, cache setec.Cache, prefix string, ...) (*Client, error)
- func (c *Client) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client looks up TLS certs stored in setec by scertecd as a function of a tls.ClientHelloInfo.

It does not connect to scertecd directly. (in fact, scertecd provides no cert fetching service; scertecd only updates TLS cert secrets in setec.)

func NewClient ¶

func NewClient(ctx context.Context, c setec.Client, cache setec.Cache, prefix string, domains ...string) (*Client, error)

NewClient returns a new HTTPS cert client. It blocks until all the needed secrets are available for retrieval by the Secret method, or ctx ends. The context passed to NewStore is only used for initializing the store.

func (*Client) GetCertificate ¶

func (c *Client) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate returns the RSA or ECDSA certificate for hello.ServerName.

It is the signature needed by tls.Config.GetCertificate.

Source Files ¶

View all Source files

scertec.go

Directories ¶

Path	Synopsis
cmd
scertecd The scertecd command updates HTTPS certs in setec using Let's Encrypt with AWS Route53 DNS challenges.	The scertecd command updates HTTPS certs in setec using Let's Encrypt with AWS Route53 DNS challenges.
scertecd The scertecd package provides the code that fetches new TLS certs from LetsEncrypt as needed and puts them in setec before they expire.	The scertecd package provides the code that fetches new TLS certs from LetsEncrypt as needed and puts them in setec before they expire.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL