instant-acme is an async, pure-Rust ACME (RFC 8555) client.
instant-acme is used in production at Instant Domain Search to help us provision TLS certificates within seconds for our customers. instant-acme relies on Tokio and rustls to implement the RFC 8555 specification.
- Store/recover your account credentials by serializing/deserializing
- Fully async implementation with tracing support
- Support for processing multiple orders concurrently
- Support for external account binding
- Support for certificate revocation
- Support for the ACME renewal information (ARI) extension
- Support for the profiles extension
- Uses hyper with rustls and Tokio for HTTP requests
- Uses ring or aws-lc-rs for ECDSA signing
- Minimum supported Rust version (MSRV): 1.70
hyper-rustls(default): use a hyper client with rustlsaws-lc-rs(default): use the aws-lc-rs crate as the crypto backendring: use the ring crate as the crypto backendfips: enable the aws-lc-rs crate's FIPS-compliant modex509-parser: enable extractingCertificateIdentifiervalues for ARI from certificatestime: enable fetchingRenewalInfofor aCertificateIdentifier
If both ring and aws-lc-rs are enabled, aws-lc-rs will be used.
- Only supports P-256 ECDSA account keys for now
See the examples directory for an example of how to use instant-acme.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
