AddClientCA adds to the tls.Config ClientCAs the given certificate.

AddFederationToCAs does a federation request and adds the resulting certs to the tls.Config RootCAs and ClientCAs.

AddFederationToClientCAs does a federation request and adds to the tls.Config ClientCAs all the certificates in the response.

AddFederationToRootCAs does a federation request and adds to the tls.Config RootCAs all the certificates in the response.

AddRootCA adds to the tls.Config RootCAs the given certificate.

AddRootsToCAs does a roots request and adds the resulting certs to the tls.Config RootCAs and ClientCAs.

AddRootsToClientCAs does a roots request and adds to the tls.Config ClientCAs all the certificates in the response.

AddRootsToRootCAs does a roots request and adds to the tls.Config RootCAs all the certificates in the response.

Bootstrap is a helper function that initializes a client with the configuration in the bootstrap token.

BootstrapClient is a helper function that using the given bootstrap token return an http.Client configured with a Transport prepared to do TLS connections using the client certificate returned by the certificate authority.

BootstrapListener is a helper function that using the given token returns a TLS listener which accepts connections from an inner listener and wraps each connection with Server.

BootstrapServer is a helper function that using the given token returns the given http.Server configured with a TLS certificate signed by the Certificate Authority.

Certificate returns the server or client certificate from the sign response.

CreateSignRequest is a helper function that given an x509 OTT returns a simple but secure sign request as well as the private key used.

IntermediateCertificate returns the CA intermediate certificate from the sign response.

New creates and initializes the CA with the given configuration and options.

NewACMEClient initializes a new ACMEClient.

NewClient creates a new Client with the given endpoint and options.

NewProvisioner loads and decrypts key material from the CA for the named provisioner.

NewTLSRenewer creates a TLSRenewer for the given cert.

RequireAndVerifyClientCert is a tls.Config option used on servers to enforce a valid TLS client certificate.

RootCertificate returns the root certificate from the sign response.

StopHandler watches SIGINT, SIGTERM on a list of servers implementing the Stopper interface, and when one of those signals is caught we'll run Stop (SIGINT, SIGTERM) on all servers.

StopReloaderHandler watches SIGINT, SIGTERM and SIGHUP on a list of servers implementing the StopReloader interface, and when one of those signals is caught we'll run Stop (SIGINT, SIGTERM) or Reload (SIGHUP) on all servers.

TLSCertificate creates a new TLS certificate from the sign response and the private key used.

VerifyClientCertIfGiven is a tls.Config option used on on servers to validate a TLS client certificate if it is provided.

WithCABundle will create the transport using the given root certificates.

WithConfigFile sets the given name as the configuration file name in the CA options.

WithDatabase sets the given authority database to the CA options.

WithPassword sets the given password as the configured password in the CA options.

WithProvisionerCursor will request the provisioners starting with the given cursor.

WithProvisionerLimit will request the given number of provisioners.

WithRenewBefore modifies a tlsRenewer by setting the renewBefore attribute.

WithRenewJitter modifies a tlsRenewer by setting the renewJitter attribute.

WithRootFile will create the transport using the given root certificate.

WithRootSHA256 will create the transport using an insecure client to retrieve the root certificate using its fingerprint.

WithTransport adds a custom transport to the Client.

ACMEClient implements an HTTP client to an ACME API.

CA is the type used to build the complete certificate authority.

Client implements an HTTP client for the CA server.

Provisioner is an authorized entity that can sign tokens necessary for signature requests.

TLSOptionCtx is the context modified on TLSOption methods.

TLSRenewer automatically renews a tls certificate using a RenewFunc.

Stopper is the interface that external commands can implement to stop the server.

StopReloader is the interface that external commands can implement to stop the server and reload the configuration while running.

ClientOption is the type of options passed to the Client constructor.

Option is the type of options passed to the CA constructor.

ProvisionerOption is the type of options passed to the Provisioner method.

RenewFunc defines the type of the functions used to get a new tls certificate.

TLSOption defines the type of a function that modifies a tls.Config.