certbot

package module

v0.0.0-...-54d0089 Latest Latest Go to latest Published: Mar 22, 2024 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/libp2p/go-libp2p-certbot

Links

Open Source Insights

README ¶

go-libp2p-certbot

go-libp2p-certbot is a very thin wrapper around certmagic. It can be used by public libp2p nodes to manage / obtain TLS certificates, which will allow browser nodes to connect directly to them via WebSockets.

Usage

Manual Certificate Management

This mode allows you to import existing keys and TLS certificates from disc. Certificates are OCSP-stapled, if possible. It's the caller's responsiblity to renew certificates. See the certmagic documentation for details.

cb, _ := New()
err := cb.AddCert(certFile, keyFile)
tlsConf := cb.GetTLSConfig()

Automatic Certificate Management

ACME is used to obtain certificates for the domains.

Note that in order to complete the ACME challenge, this will temporarily start a TLS listener on port 443.

Using this option means that you agree with LetsEncrypt's legal documents.

import ma "github.com/multiformats/go-multiaddr"


cb, _ := New()
addrs := []ma.Multiaddr{
	ma.StringCast("/ip4/127.0.0.1/tcp/1234"), // multiaddrs without a domain name are ignored
	ma.StringCast("/dns4/example.com/tcp/1234"),
}
cb.AddAddrs(addrs)
// after completion of the ACME challenge, the config will contain a certificate for example.com
tlsConf := cb.GetTLSConfig()

Testing

Set the LIBP2P_CERTBOT_STAGING environment variable to use the LetsEncrypt staging CA instead of the production CA. This will prevent running into rate limits. Keep in mind that the staging CA doesn't issue trusted certificates.

Documentation ¶

Index ¶

type CertManager
- func New(opts ...Option) (*CertManager, error)
type Option
- func WithHTTPPort(port int) Option
- func WithTLSPort(port int) Option

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts ...Option) (*CertManager, error)

New creates a new CertManager. Using the ACME functionality in this package means that you've read and agree to your CA's legal documents.

func (*CertManager) AddAddrs ¶

func (m *CertManager) AddAddrs(addrs []ma.Multiaddr)

func (*CertManager) AddCert ¶

func (m *CertManager) AddCert(certFile, keyFile string) error

AddCert adds a certificate from a file on disk. It's the caller's responsibility to deal with certificate renewal. OCSP stapling is performed, if possible. See https://pkg.go.dev/github.com/caddyserver/certmagic#readme-can-i-use-some-of-my-own-certificates-while-using-certmagic for details.

func (*CertManager) Close ¶

func (m *CertManager) Close() error

func (*CertManager) GetTLSConfig ¶

func (m *CertManager) GetTLSConfig() *tls.Config

GetTLSConfig returns a tls.Config that can be use for a TLS listener.

type Option ¶

type Option func(*config) error

func WithHTTPPort ¶

func WithHTTPPort(port int) Option

WithHTTPPort sets an alternate port to use for the ACME HTTP challenge.

func WithTLSPort ¶

func WithTLSPort(port int) Option

WithTLSPort sets an alternate port to use for the ACME TLS ALPN challenge.

Source Files ¶

View all Source files

certmanager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL