go-acme | A Let 's Encrypt client for Go | TLS library

by ericchiang Go Version: Current License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | go-acme Summary

go-acme is a Go library typically used in Security, TLS applications. go-acme has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

This is a client package for Let's Encrypt. Rather than being a "one click TLS" service like Let's Encrypt's command line tool, this package exposes the functionality defined by the ACME spec. It is up to the user to determine which challenges they support and how they wish to complete them. Since the ACME spec is still a draft and Let's Encrypt has yet to enter public beta, this package should be regarded as experimental (though it should still work!). Read more about the package in this blog post.

Support

Quality

Security

License

Reuse

Support

go-acme has a low active ecosystem.

It has 220 star(s) with 15 fork(s). There are 15 watchers for this library.

It had no major release in the last 6 months.

There are 6 open issues and 8 have been closed. On average issues are closed in 15 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of go-acme is current.

Quality

go-acme has 0 bugs and 0 code smells.

Security

go-acme has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

go-acme code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

go-acme is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

go-acme releases are not available. You will need to build from source code and install.

Installation instructions are not available. Examples and code snippets are available.

It has 1787 lines of code, 64 functions and 11 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of go-acme

Get all kandi verified functions for this library.

go-acme Key Features

No Key Features are available at this moment for go-acme.

go-acme Examples and Code Snippets

No Code Snippets are available at this moment for go-acme.

Community Discussions

Trending Discussions on go-acme

Traefik + Let's Encrypt on AWS Lightsail

QUESTION

Traefik + Let's Encrypt on AWS Lightsail

Asked 2021-Jun-28 at 00:33

I'm currently using Traefik and Lego in order to have HTTPS connection for my docker containers (as mentioned here) In the following documentation, it's mentioned that I need to use the following provider to do DNS Challenge.

But I get this error:

...

ANSWER

Answered 2021-Jun-27 at 20:14

The error message tells that Lego made the request using the IAM role assigned to your lightsail instance. I guess your instance lacks permissions to modify DNS settings for lightsail.

You should create a new user in AWS IAM and enable programmatic access in order to obtain AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

Then, pass those values as environment variables to your containers running Lego. Lego will use those env vars to authenticate with Lightsail APIs in us-east-1. [1]

My instance's region is eu-west-3 (I tried changing the region in Lego config, doesn't work)

Your Lego instance must call AWS APIs in us-east-1, see [2][3].

Lego and Traefik do not call the AssumeRole directly and do not create the temporary token

I guess Traefik/Lego assume the lightsail instance role automatically using EC2 instance metadata service, see [4]:

For applications, AWS CLI, and Tools for Windows PowerShell commands that run on the instance, you do not have to explicitly get the temporary security credentials—the AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 instance metadata service and use them. To make a call outside of the instance using temporary security credentials (for example, to test IAM policies), you must provide the access key, secret key, and the session token.

I'm using AWS_ACCESS_KEY_ID_FILE and AWS_SECRET_ACCESS_KEY_FILE in Traefik environment configuration.

I could not find those env vars in the Lego source code [1]. Make sure that Lego is actually using your configured AWS credentials. The error message posted above suggests it's not using them and falls back to the instance profile instead.

[1] https://github.com/go-acme/lego/blob/master/providers/dns/lightsail/lightsail.go#L81
[2] https://docs.aws.amazon.com/cli/latest/reference/lightsail/create-domain-entry.html#examples
[3] https://github.com/go-acme/lego/blob/master/providers/dns/lightsail/lightsail.go#L69
[4] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

Source https://stackoverflow.com/questions/68124714

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install go-acme

You can download it from GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: