Crates.io | tide-acme |
lib.rs | tide-acme |
version | 0.2.0 |
source | src |
created_at | 2021-03-21 05:09:55.848831 |
updated_at | 2022-06-20 08:34:29.945907 |
description | Automatic HTTPS certificates for Tide, via Let's Encrypt and ACME tls-alpn-01 challenges |
homepage | |
repository | https://github.com/http-rs/tide-acme |
max_upload_size | |
id | 371583 |
size | 10,091 |
tide-acme
helps you serve HTTPS with Tide using automatic certificates, via
Let's Encrypt and ACME tls-alpn-01 challenges.
To use tide-acme
, set up HTTPS with Tide normally using tide_rustls
, but
instead of specifying a certificate and key, call the acme
method to
configure automatic certificates in the TLS listener:
use tide_acme::{AcmeConfig, TideRustlsExt};
use tide_acme::rustls_acme::caches::DirCache;
let mut app = tide::new();
app.at("/").get(|_| async { Ok("Hello TLS") });
app.listen(
tide_rustls::TlsListener::build().addrs("0.0.0.0:443").acme(
AcmeConfig::new(vec!["domain.example"])
.contact_push("mailto:admin@example.org")
.cache(DirCache::new("/srv/example/tide-acme-cache-dir")),
),
)
.await?;
This will configure the TLS stack to obtain a certificate for the domain
domain.example
, which must be a domain for which your Tide server handles
HTTPS traffic.
On initial startup, your server will register a certificate via Let's Encrypt.
Let's Encrypt will verify your server's control of the domain via an ACME
tls-alpn-01 challenge, which the TLS
listener configured by tide-acme
will respond to.
You must supply a cache via [AcmeConfig::cache
] or one of the other cache
methods. This cache will keep the ACME account key and registered certificates
between runs, needed to avoid hitting rate limits. You can use
[rustls_acme::caches::DirCache
] for a simple filesystem cache, or implement
your own caching using the rustls_acme
cache traits.
By default, tide-acme
will use the Let's Encrypt staging environment, which
is suitable for testing purposes; it produces certificates signed by a staging
root so that you can verify your stack is working, but those certificates will
not be trusted in browsers or other HTTPS clients. The staging environment has
more generous rate limits for use while testing.
When you're ready to deploy to production, you can call
.directory_lets_encrypt(true)
to switch to the production Let's Encrypt
environment, which produces certificates trusted in browsers and other HTTPS
clients. The production environment has stricter rate
limits.
tide-acme
builds upon tide-rustls
and rustls-acme
.