Package distributedstek provides TLS session ticket ephemeral keys (STEKs) in a distributed fashion by utilizing configured storage for locking and key sharing.

AllMatchingCertificates returns the list of all certificates in the cache which could be used to satisfy the given SAN.

CipherSuiteID returns the ID of the cipher suite associated with the given name, or 0 if the name is not recognized/supported.

CipherSuiteNameSupported returns true if name is a supported cipher suite.

DefaultIssuers returns empty Issuers (not provisioned) to be used as defaults.

DefaultIssuersProvisioned returns empty but provisioned default Issuers from DefaultIssuers().

ParseCaddyfileNestedMatcherSet parses the Caddyfile tokens for a nested matcher set, and returns its raw module map value.

ProtocolName returns the standard name for the passed protocol version ID (e.g.

SupportedCipherSuites returns a list of all the cipher suites Caddy supports.

ErrPermissionDenied is an error that should be wrapped or returned when the configured permission module does not allow a certificate to be issued, to distinguish that from other errors such as connection failure.

SupportedCurves is the unordered map of supported curves.

SupportedProtocols is a map of supported protocols.

ACMEIssuer manages certificates using the ACME protocol (RFC 8555).

AutomationConfig governs the automated management of TLS certificates.

AutomationPolicy designates the policy for automating the management (obtaining, renewal, and revocation) of managed TLS certificates.

CertCacheOptions configures the certificate cache.

Certificate is a TLS certificate, optionally associated with arbitrary tags.

CertKeyFilePair pairs certificate and key file names along with their encoding format so that they can be loaded from disk.

CertKeyPEMPair pairs certificate and key PEM blocks.

ChainPreference describes the client's preferred certificate chain, useful if the CA offers alternate chains.

ChallengesConfig configures the ACME challenges.

ClientAuthentication configures TLS client auth.

ConnectionPolicy specifies the logic for handling a TLS handshake.

CustomCertSelectionPolicy represents a policy for selecting the certificate used to complete a handshake when there may be multiple options.

DNSChallengeConfig configures the ACME DNS challenge.

FileCAPool generates trusted root certificates pool from the designated DER and PEM file.

HTTPCertGetter can get a certificate via HTTP(S) request.

The HTTPCertPool fetches the trusted root certificates from HTTP(S) endpoints.

HTTPChallengeConfig configures the ACME HTTP challenge.

InlineCAPool is a certificate authority pool provider coming from a DER-encoded certificates in the config.

InternalIssuer is a certificate issuer that generates certificates internally using a locally-configured CA which can be customized using the `pki` app.

LeafCertClientAuth verifies the client's leaf certificate.

LeafFileLoader loads leaf certificates from disk.

LeafFolderLoader loads certificates and their associated keys from disk by recursively walking the specified directories, looking for PEM files which contain both a certificate and a key.

LeafPEMLoader loads leaf certificates by decoding their PEM blocks directly.

LeafStorageLoader loads leaf certificates from the globally configured storage module.

MatchLocalIP matches based on the IP address of the interface receiving the connection.

MatchRegexp is an embeddable type for matching using regular expressions.

MatchRemoteIP matches based on the remote IP of the connection.

MatchServerNameRE matches based on SNI using a regular expression.

OnDemandConfig configures on-demand TLS, for obtaining needed certificates at handshake-time.

PermissionByHTTP determines permission for a TLS certificate by making a request to an HTTP endpoint.

PKIIntermediateCAPool extracts the trusted intermediate certificates from Caddy's native 'pki' app.

PKIRootCAPool extracts the trusted root certificates from Caddy's native 'pki' app.

SessionTicketService configures and manages TLS session tickets.

StorageLoader loads certificates and their associated keys from the globally configured storage module.

StoragePool extracts the trusted certificates root from Caddy storage.

Tailscale is a module that can get certificates from the local Tailscale process.

TLS provides TLS facilities including certificate loading and management, client auth, and more.

TLSALPNChallengeConfig configures the ACME TLS-ALPN challenge.

TLSConfig holds configuration related to the TLS configuration for the transport/client.

ZeroSSLIssuer uses the ZeroSSL API to get certificates.

The interface to be implemented by all guest modules part of the namespace 'tls.ca_pool.source.'.

CertificateLoader is a type that can load certificates.

ClientCertificateVerifier is a type which verifies client certificates.

ConfigSetter is implemented by certmagic.Issuers that need access to a parent certmagic.Config as part of their provisioning phase.

ConnectionMatcher is a type which matches TLS handshakes.

LeafCertificateLoader is a type that loads the trusted leaf certificates for the tls.leaf_cert_loader modules.

OnDemandPermission is a type that can give permission for whether a certificate should be allowed to be obtained or loaded from storage on-demand.

STEKProvider is a type that can provide session ticket ephemeral keys (STEKs).

AutomateLoader will automatically manage certificates for the names in the list, including obtaining and renewing certificates.

ConnectionPolicies govern the establishment of TLS connections.

FileLoader loads certificates and their associated keys from disk.

FolderLoader loads certificates and their associated keys from disk by recursively walking the specified directories, looking for PEM files which contain both a certificate and a key.

MatchServerName matches based on SNI.

PEMLoader loads certificates and their associated keys by decoding their PEM blocks directly.

PublicKeyAlgorithm is a JSON-unmarshalable wrapper type.