CertMagex (CertMagex v1.3.0)

Automatic SSL certs from Let's Encrypt for your Phoenix applications.

Installation

For Cowboy add to your prod.exs:

config <your_app>, <your_endpoint>,
  # ATTENTION: Ensure you comment http: out and port 80 is free!
  https: [port: 443, sni_fun: &CertMagex.sni_fun/1],
  ...

For Bandit add to your prod.exs:

config <your_app>, <your_endpoint>,
  # ATTENTION: Ensure you comment http: out and port 80 is free!
  https: [port: 443, thousand_island_options: [transport_options: [sni_fun: &CertMagex.sni_fun/1]]],
  ...

SNI hostname allow list (optional)

With sni_fun, each TLS client SNI can trigger a certificate request. To avoid issuing or renewing certificates for random scan traffic, set config :certmagex, :sni_allowed_hosts, ["www.example.com", "api.example.com"]. When this list is non-empty, only those hostnames (compared case-insensitively) are handled; any other SNI returns :undefined and no ACME work runs. If unset or [], all SNIs are considered (unchanged default).

Summary

Functions

insert(cert_priv_key, public_cert)

Insert a certificate into the cache. Automatically detects all domains in the certificate.

insert(domain, cert_priv_key, public_cert)

Insert a certificate into the cache for a specific domain.

ip?(domain)

Returns true if the given string is a valid IPv4 or IPv6 address.

sni_fun(domain)

The SNI function to be used in your Phoenix or Cowboy configuration. E.g. for Cowboy add this to your prod.exs

ssl_opts(domain)

Returns the SSL options for the given domain. This is useful for IP based SSL certificates. Info: https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability