Module LE

encrypt challenge with paf.

Paf provides a layer to be able to: 1) launch a simple HTTP server which will do the Let's encrypt challenge 2) launch a simple HTTP client to ask a new certificate

The HTTP server must be behind the domain-name for which you want a certificate.

The usual way to get a certificate is to prepare a configuration value, prepare the HTTP server and launch concurrently the server and the client with an ability to stop the server when the client finish the job:

  module LE = LE.Make (Stack)

  let provision ctx =
    Paf.init ~port:80 (Stack.tcp stackv4v6) >>= fun t ->
    let service = Paf.http_service
      ~error_handler:ignore_error
      (fun _ -> LE.request_handler) in
    let stop = Lwt_switch.create () in
    let `Initialized th0 = Paf.serve ~stop service in
    let th1 =
      LE.provision_certificate
        ~production:false
        configuration
        ctx
      >>= fun certificates ->
      Lwt_switch.turn_off stop >>= fun () ->
      Lwt.return certificates in
    Lwt.both th0 th1 >>= function
    | ((), Ok certificates) -> ...
    | ((), Error _) -> ...

The client requires an Http_mirage_client.t to be able to do HTTP requests (http/1.1 or h2) which can be made by Http_mirage_client.Make.connect.

type configuration = {
  1. email : Emile.mailbox option;
  2. certificate_seed : string option;
  3. certificate_key_type : X509.Key_type.t;
  4. certificate_key_bits : int option;
  5. hostname : [ `host ] Domain_name.t;
  6. account_seed : string option;
  7. account_key_type : X509.Key_type.t;
  8. account_key_bits : int option;
}
module Client : Letsencrypt.Client.Client with type 'a t = 'a Lwt.t and type ctx = Http_mirage_client.t and type error = Mimic.error
module Make (Stack : Tcpip.Stack.V4V6) : sig ... end