Documentation
¶
Overview ¶
The scertecd package provides the code that fetches new TLS certs from LetsEncrypt as needed and puts them in setec before they expire. The code can run either in the foreground once, or most commonly as an HTTP server daemon.
It populates the following setec keys:
- {prefix}acme-key: the private key for the ACME account, as a PEM-encoded ECDSA key
- {prefix}domains/{domain-name}/rsa: PEM of private key, domain cert, LetsEncrypt cert
- {prefix}domains/{domain-name}/ecdsa: PEM of private key, domain cert, LetsEncrypt cert
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertType ¶
type CertType string
CertType is the algorithm type for the cert, either RSA or ECDSA.
type Server ¶
type Server struct {
SetecClient setec.Client // required client for setec
PublicDomains []string // domains to maintain public Let's Encrypt certs for
PrivateDomains []string // domains to maintain private CA certs for
Now func() time.Time // if nil, initialized to time.Now
ACMEContact string // optional email address for ACME registration
Prefix string // setec secret prefix ("prod/scertec/")
Logf func(format string, args ...any) // if nil, initialized to log.Printf
// contains filtered or unexported fields
}
Server is the scertec updater server.
Despite the name "server", it can also be used in a single-shot foreground mode via its UpdateAll method.
All exported fields must be initialized before calling an exported method on the Server: either UpdateAll or Start.
Source Files
Click to show internal directories.
Click to hide internal directories.