package letsencrypt-mirage

  1. Overview
  2. Docs

encrypt challenge with paf.

Paf provides a layer to be able to: 1) launch a simple HTTP server which will do the Let's encrypt challenge 2) launch a simple HTTP client to ask a new certificate

The HTTP server must be behind the domain-name for which you want a certificate.

The usual way to get a certificate is to prepare a configuration value, prepare the HTTP server and launch concurrently the server and the client with an ability to stop the server when the client finish the job:

module LE = LE.Make (Time) (Stack)

let provision ctx =
  Paf.init ~port:80 (Stack.tcp stackv4v6) >>= fun t ->
  let service = Paf.http_service
    ~error_handler:ignore_error
    (fun _ -> LE.request_handler) in
  let stop = Lwt_switch.create () in
  let `Initialized th0 = Paf.serve ~stop service in
  let th1 =
    LE.provision_certificate
      ~production:false
      configuration
      ctx 
    >>= fun certificates ->
    Lwt_switch.turn_off stop >>= fun () ->
    Lwt.return certificates in
  Lwt.both th0 th1 >>= function
  | ((), Ok certificates) -> ...
  | ((), Error _) -> ...

The client requires an Http_mirage_client.t to be able to do HTTP requests (http/1.1 or h2) which can be made by Http_mirage_client.Make.connect.

type configuration = {
  1. email : Emile.mailbox option;
  2. certificate_seed : string option;
  3. certificate_key_type : X509.Key_type.t;
  4. certificate_key_bits : int option;
  5. hostname : [ `host ] Domain_name.t;
  6. account_seed : string option;
  7. account_key_type : X509.Key_type.t;
  8. account_key_bits : int option;
}
module Make (Time : Mirage_time.S) (Stack : Tcpip.Stack.V4V6) : sig ... end
OCaml

Innovation. Community. Security.