roman

Roman is a Go library that obtains, caches, and automatically reloads TLS certificates from an ACME server. Roman is inspired by golang.org/x/crypto/acme/autocert with the primary difference being pluggable challenge performers.

Example

import (
    "os"
    "net/http"

	golang_acme "golang.org/x/crypto/acme"
	"golang.org/x/crypto/acme/autocert"

    "github.com/mailgun/roman"
    "github.com/mailgun/roman/acme"
    "github.com/mailgun/roman/challenge"
)

func main() {
    // create a certificate manager
    m := roman.CertificateManager{
      ACMEClient:  &acme.Client{
          Directory:          acme.LetsEncryptProduction,
          AgreeTOS:           golang_acme.AcceptTOS,
          Email:              "[email protected]",
          ChallengePerformer: &challenge.Route53 {
             Region:           "us-east-1",
             AccessKeyID:      "AK000000000000000000",
             SecretAccessKey:  "a000000000000000000000000000000000000000",
             HostedZoneID:     "Z0000000000000",
             HostedDomainName: "example.com.",
             WaitForSync:      true,
          },
       },
       Cache:       autocert.DirCache(".")
       KnownHosts:  []string{"foo.example.com"},
       RenewBefore: 30 * 24 * time.Hour, // 30 days
    }

    // start the certificate manager, this is a blocking call that
    // ensures that certificates are ready before the server starts
    // accepting connections
    err := m.Start()
    if err != nil {
        fmt.Printf("Unable to start the CertificateManager: %v", err)
        os.Exit(255)
    }

    // start the http server with a *tls.Config that uses the certificate manager
    // to obtain certificates
    s := &http.Server{
        Addr: ":https",
        TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
    }
    s.ListenAndServeTLS("", "")
}