MCPcopy
hub / github.com/caddyserver/certmagic / ACMEIssuer

Struct ACMEIssuer

acmeissuer.go:43–177  ·  view source on GitHub ↗

ACMEIssuer gets certificates using ACME. It implements the PreChecker, Issuer, and Revoker interfaces. It is NOT VALID to use an ACMEIssuer without calling NewACMEIssuer(). It fills in any default values from DefaultACME as well as setting up internal state that is necessary for valid use. Always c

Source from the content-addressed store, hash-verified

41// internal state that is necessary for valid use. Always call
42// NewACMEIssuer() to get a valid ACMEIssuer value.
43type ACMEIssuer struct {
44 // The endpoint of the directory for the ACME
45 // CA we are to use
46 CA string
47
48 // TestCA is the endpoint of the directory for
49 // an ACME CA to use to test domain validation,
50 // but any certs obtained from this CA are
51 // discarded; it should perform real and valid
52 // ACME verifications, but probably should not
53 // issue real, publicly-trusted certificates
54 TestCA string
55
56 // The email address to use when creating or
57 // selecting an existing ACME server account
58 Email string
59
60 // The PEM-encoded private key of the ACME
61 // account to use; only needed if the account
62 // is already created on the server and
63 // can be looked up with the ACME protocol
64 AccountKeyPEM string
65
66 // Set to true if agreed to the CA's
67 // subscriber agreement
68 Agreed bool
69
70 // An optional external account to associate
71 // with this ACME account
72 ExternalAccount *acme.EAB
73
74 // Optionally select an ACME profile offered
75 // by the ACME server. The list of supported
76 // profile names can be obtained from the ACME
77 // server's directory endpoint. For details:
78 // https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/
79 //
80 // (EXPERIMENTAL: Subject to change.)
81 Profile string
82
83 // Optionally specify the validity period of
84 // the certificate(s) here as offsets from the
85 // approximate time of certificate issuance,
86 // but note that not all CAs support this
87 // (EXPERIMENTAL: Subject to change)
88 NotBefore, NotAfter time.Duration
89
90 // Disable all HTTP challenges
91 DisableHTTPChallenge bool
92
93 // Disable all TLS-ALPN challenges
94 DisableTLSALPNChallenge bool
95
96 // Disable distributed solving; avoids writing
97 // challenge info to storage backend and will
98 // only use data in memory to solve the HTTP and
99 // TLS-ALPN challenges; will still attempt to
100 // solve distributed HTTP challenges blindly by

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected