package letsencrypt-mirage

  1. Overview
  2. Docs

Parameters

module Time : Mirage_time.S
module Mclock : Mirage_clock.MCLOCK
module Pclock : Mirage_clock.PCLOCK

Signature

val get_certificates : yes_my_port_80_is_reachable_and_unused:Stack.t -> production:bool -> LE.configuration -> Http_mirage_client.t -> (Tls.Config.own_cert, [> `Msg of string ]) Stdlib.result Lwt.t

get_certificates ~yes_my_port_80_is_reachable_and_unused ~production cfg http tries to resolve the Let's encrypt challenge by initiating an HTTP server on port 80 and handling requests from it with ocaml-letsencrypt.

This resolution requires that your domain name (requested in the given cfg.hostname) redirects Let's encrypt to this HTTP server. You probably need to check your DNS configuration.

The http value can be made by Http_mirage_client.Make.connect to be able to launch HTTP requests to Let's encrypt.

module Paf : sig ... end
val with_lets_encrypt_certificates : ?port:int -> Stack.t -> production:bool -> LE.configuration -> Http_mirage_client.t -> (Paf.TLS.flow, Ipaddr.t * int) Alpn.server_handler -> (unit, [> `Msg of string ]) Stdlib.result Lwt.t

with_lets_encrypt_certificates ?port stackv4v6 ~production cfg http handler launches 2 servers: 1) An HTTP server which handles let's encrypt challenges and redirections 2) An ALPN server (HTTP/1.1 and H2) servers to the user's request handler

Every 80 days, the fiber re-askes a new certificate from let's encrypt and re-update the ALPN server with this new certificate. The HTTP server does the redirection to the hostname defined into the given cfg.

OCaml

Innovation. Community. Security.