ClearFqdnCache clears the cache of fqdn to zone mappings.

DNS01Record returns a DNS record which will fulfill the `dns-01` challenge.

FindZoneByFqdn determines the zone apex for the given fqdn by recursing up the domain labels until the nameserver returns a SOA record in the answer section.

GetOCSPForCert takes a PEM encoded cert or cert bundle returning the raw OCSP response, the parsed response, and an error, if any.

GetPEMCertExpiration returns the "NotAfter" date of a PEM encoded certificate.

HTTP01ChallengePath returns the URL path for the `http-01` challenge.

NewClient creates a new ACME client on behalf of the user.

NewDNSProviderManual returns a DNSProviderManual instance.

NewHTTPProviderServer creates a new HTTPProviderServer on the selected interface and port.

NewTLSALPNProviderServer creates a new TLSALPNProviderServer on the selected interface and port.

TLSALPNChallengeBlocks returns PEM blocks (certPEMBlock, keyPEMBlock) with the acmeValidation-v1 extension and domain name for the `tls-alpn-01` challenge.

TLSALPNChallengeCert returns a certificate with the acmeValidation-v1 extension and domain name for the `tls-alpn-01` challenge.

ToFqdn converts the name into a fqdn appending a trailing dot.

UnFqdn converts the fqdn into a name removing the trailing dot.

WaitFor polls the given function 'f', once every 'interval', up to 'timeout'.

ACMETLS1Protocol is the ALPN Protocol ID for the ACME-TLS/1 Protocol.

DefaultPollingInterval default polling interval.

DefaultPropagationTimeout default propagation timeout.

DefaultTTL default TTL.

DNS01 is the "dns-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#dns Note: DNS01Record returns a DNS record which will fulfill this challenge.

Constants for all key types we support.

Constants for all key types we support.

HTTP01 is the "http-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#http Note: HTTP01ChallengePath returns the URL path to fulfill this challenge.

OCSPGood means that the certificate is valid.

OCSPRevoked means that the certificate has been deliberately revoked.

OCSPServerFailed means that the OCSP responder failed to process the request.

OCSPUnknown means that the OCSP responder doesn't know about the certificate.

Constants for all key types we support.

Constants for all key types we support.

Constants for all key types we support.

TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01.

DNSTimeout is used to override the default DNS timeout of 10 seconds.

HTTPClient is an HTTP client with a reasonable timeout value and potentially a custom *x509.CertPool based on the caCertificatesEnvVar environment variable (see the `initCertPool` function).

PreCheckDNS checks DNS propagation before notifying ACME that the DNS challenge is ready.

RecursiveNameservers are used to pre-check DNS propagation.

UserAgent (if non-empty) will be tacked onto the User-Agent string in requests.

CertificateResource represents a CA issued certificate.

Client is the user-friendy way to ACME.

DNSProviderManual is an implementation of the ChallengeProvider interface.

HTTPProviderServer implements ChallengeProvider for `http-01` challenge It may be instantiated without using the NewHTTPProviderServer function if you want only to use the default values.

NonceError represents the error which is returned if the nonce sent by the client was not accepted by the server.

RegistrationResource represents all important informations about a registration of which the client needs to keep track itself.

RemoteError is the base type for all errors specific to the ACME protocol.

TLSALPNProviderServer implements ChallengeProvider for `TLS-ALPN-01` challenge.

TOSError represents the error which is returned if the user needs to accept the TOS.

ChallengeProvider enables implementing a custom challenge provider.

ChallengeProviderTimeout allows for implementing a ChallengeProvider where an unusually long timeout is required when waiting for an ACME challenge to be satisfied, such as when checking for DNS record progagation.

User interface is to be implemented by users of this library.

Challenge is a string that identifies a particular type and version of ACME challenge.

KeyType represents the key algo as well as the key size or curve to use.

ObtainError is returned when there are specific errors available per domain.