Library
Module
Module type
Parameter
Class
Class type
module Time : Mirage_time.S
module Stack : Tcpip.Stack.V4V6
val get_certificates :
yes_my_port_80_is_reachable_and_unused:Stack.t ->
production:bool ->
LE.configuration ->
(Tls.Config.own_cert, [> `Msg of string ]) Stdlib.result Lwt.t
get_certificates ~yes_my_port_80_is_reachable_and_unused ~production cfg
tries to resolve the Let's encrypt challenge by initiating an HTTP server on port 80 and handling requests from it with ocaml-letsencrypt
.
This resolution requires that your domain name (requested in the given cfg.hostname
) redirects Let's encrypt to this HTTP server. You probably need to check your DNS configuration.
module Paf : sig ... end
val with_lets_encrypt_certificates :
?port:int ->
Stack.t ->
production:bool ->
LE.configuration ->
(Paf.TLS.flow, Ipaddr.t * int) Alpn.server_handler ->
(unit, [> `Msg of string ]) Stdlib.result Lwt.t
with_lets_encrypt_certificates ?port stackv4v6 ~production cfg handler
launches 2 servers: 1) An HTTP server which handles let's encrypt challenges and redirections 2) An ALPN server (HTTP/1.1 and H2) servers to the user's request handler
Every 80 days, the fiber re-askes a new certificate from let's encrypt and re-update the ALPN server with this new certificate. The HTTP server does the redirection to the hostname defined into the given cfg
.