# README

go-libp2p-certbot

go-libp2p-certbot is a very thin wrapper around certmagic. It can be used by public libp2p nodes to manage / obtain TLS certificates, which will allow browser nodes to connect directly to them via WebSockets.

Usage

Manual Certificate Management

This mode allows you to import existing keys and TLS certificates from disc. Certificates are OCSP-stapled, if possible. It's the caller's responsiblity to renew certificates. See the certmagic documentation for details.

cb, _ := New()
err := cb.AddCert(certFile, keyFile)
tlsConf := cb.GetTLSConfig()

Automatic Certificate Management

ACME is used to obtain certificates for the domains.

Note that in order to complete the ACME challenge, this will temporarily start a TLS listener on port 443.

Using this option means that you agree with LetsEncrypt's legal documents.

import ma "github.com/multiformats/go-multiaddr"


cb, _ := New()
addrs := []ma.Multiaddr{
	ma.StringCast("/ip4/127.0.0.1/tcp/1234"), // multiaddrs without a domain name are ignored
	ma.StringCast("/dns4/example.com/tcp/1234"),
}
cb.AddAddrs(addrs)
// after completion of the ACME challenge, the config will contain a certificate for example.com
tlsConf := cb.GetTLSConfig()

Testing

Set the LIBP2P_CERTBOT_STAGING environment variable to use the LetsEncrypt staging CA instead of the production CA. This will prevent running into rate limits. Keep in mind that the staging CA doesn't issue trusted certificates.

# Functions

New

New creates a new CertManager.

WithHTTPPort

WithHTTPPort sets an alternate port to use for the ACME HTTP challenge.

WithTLSPort

WithTLSPort sets an alternate port to use for the ACME TLS ALPN challenge.

# Structs

CertManager

No description provided by the author

# Type aliases

Option

No description provided by the author