package dns-certify

You can search for identifiers within the package.

in-package search v0.2.0

On This Page

Parameters
Signature

MirageOS let's encrypt certificate retrieval

Install

dune-project

Dependency

github.com Readme Changelog BSD-2-Clause License Edit opam file Versions (6)

Authors

H

Hannes Mehnert <hannes@mehnert.org>

Maintainers

T

team AT robur dot coop

Sources

dns-10.2.1.tbz

sha256=b488cf4c514fd57d4a2cb29b99d4234ae6845eff0d5e79b1059f779f7342478a

sha512=85a7607aee53e5e8a585938c2ab2405a702a1cafbadb609261f27bc7657af8f852d79e9fa014ff79fb1d143e2a77eb7e9c675cdef17b8e9a231295fdb8ce7d79

doc/dns-certify.mirage/Dns_certify_mirage/Make/index.html

Module `Dns_certify_mirage.Make`Source

Parameters

module S : Tcpip.Stack.V4V6

Signature

Source

val retrieve_certificate : 
  S.t ->
  ([ `raw ] Domain_name.t * Dns.Dnskey.t) ->
  hostname:[ `host ] Domain_name.t ->
  ?additional_hostnames:[ `raw ] Domain_name.t list ->
  ?key_type:X509.Key_type.t ->
  ?key_data:string ->
  ?key_seed:string ->
  ?bits:int ->
  S.TCP.ipaddr ->
  int ->
  (X509.Certificate.t list * X509.Private_key.t, [ `Msg of string ]) result
    Lwt.t

retrieve_certificate stack dns_key ~hostname ~key_type ~key_data ~key_seed ~bits server_ip port generates a private key (using key_type, key_data, key_seed, and bits), a certificate signing request for the given hostname and additional_hostnames, and sends server_ip an nsupdate (DNS-TSIG with dns_key) with the csr as TLSA record, awaiting for a matching certificate as TLSA record. Requires a service that interacts with let's encrypt to transform the CSR into a signed certificate. If something fails, an exception (via Lwt.fail) is raised. This is meant for unikernels that require a valid TLS certificate before they can start their service (i.e. most web servers, mail servers).