Certbot v0.5.1 Certbot.Provider.Acme View Source
Certificate provider for the Acme protocol
When a request is made for a hostname, the provider will look into the
certificate store (Certbot.CertificateStore
) to see whether it has a
certificate for that hostname.
If so, it will return the certificate.
If not, it will try to request a certificate using the acme client. This is done by retrieving an authorization, which has challenges. We need to prove to the acme server that we own the hostname.
One of these challenges can be done over http. We use this one to prove ownership.
The challenge is stored in the challenge store (Certbot.Acme.ChallengeStore
),
then the Acme server is asked to verify the challenge. The Certbot.Acme.Plug
verifies the challenge by using the store.
Next step is to build a Certificate Signing Request (csr
) and send this to
the Acme server. In the response there will be a url where the signed certificate
can be retrieved from the Acme server.
The downloaded certificate is used for the serving the request, and also stored in the certificate store for subsequent requests.
Example
use Certbot.Provider.Acme,
acme_client: YourApp.Certbot,
certificate_store: Certbot.CertificateStore.Default,
challenge_store: Certbot.ChallengeStore.Default
For the options that can be given to the use
macro, see Certbot.Provider.Acme.Config