ACMEIssuer gets certificates using ACME. It implements the PreChecker, Issuer, and Revoker interfaces. It is NOT VALID to use an ACMEIssuer without calling NewACMEIssuer(). It fills in any default values from DefaultACME as well as setting up internal state that is necessary for valid use. Always c
| 41 | // internal state that is necessary for valid use. Always call |
| 42 | // NewACMEIssuer() to get a valid ACMEIssuer value. |
| 43 | type ACMEIssuer struct { |
| 44 | // The endpoint of the directory for the ACME |
| 45 | // CA we are to use |
| 46 | CA string |
| 47 | |
| 48 | // TestCA is the endpoint of the directory for |
| 49 | // an ACME CA to use to test domain validation, |
| 50 | // but any certs obtained from this CA are |
| 51 | // discarded; it should perform real and valid |
| 52 | // ACME verifications, but probably should not |
| 53 | // issue real, publicly-trusted certificates |
| 54 | TestCA string |
| 55 | |
| 56 | // The email address to use when creating or |
| 57 | // selecting an existing ACME server account |
| 58 | Email string |
| 59 | |
| 60 | // The PEM-encoded private key of the ACME |
| 61 | // account to use; only needed if the account |
| 62 | // is already created on the server and |
| 63 | // can be looked up with the ACME protocol |
| 64 | AccountKeyPEM string |
| 65 | |
| 66 | // Set to true if agreed to the CA's |
| 67 | // subscriber agreement |
| 68 | Agreed bool |
| 69 | |
| 70 | // An optional external account to associate |
| 71 | // with this ACME account |
| 72 | ExternalAccount *acme.EAB |
| 73 | |
| 74 | // Optionally select an ACME profile offered |
| 75 | // by the ACME server. The list of supported |
| 76 | // profile names can be obtained from the ACME |
| 77 | // server's directory endpoint. For details: |
| 78 | // https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/ |
| 79 | // |
| 80 | // (EXPERIMENTAL: Subject to change.) |
| 81 | Profile string |
| 82 | |
| 83 | // Optionally specify the validity period of |
| 84 | // the certificate(s) here as offsets from the |
| 85 | // approximate time of certificate issuance, |
| 86 | // but note that not all CAs support this |
| 87 | // (EXPERIMENTAL: Subject to change) |
| 88 | NotBefore, NotAfter time.Duration |
| 89 | |
| 90 | // Disable all HTTP challenges |
| 91 | DisableHTTPChallenge bool |
| 92 | |
| 93 | // Disable all TLS-ALPN challenges |
| 94 | DisableTLSALPNChallenge bool |
| 95 | |
| 96 | // Disable distributed solving; avoids writing |
| 97 | // challenge info to storage backend and will |
| 98 | // only use data in memory to solve the HTTP and |
| 99 | // TLS-ALPN challenges; will still attempt to |
| 100 | // solve distributed HTTP challenges blindly by |
nothing calls this directly
no outgoing calls
no test coverage detected