package paf-le

You can search for identifiers within the package.

in-package search v0.2.0

On This Page

Parameters
Signature

package paf-le

paf-le
- LE
  - Make
    
    Stack
    
    IP
    
    TCP
    
    UDP
    
    Time
paf-le.mirage
- LE_mirage
  - Make
    
    Mclock
    
    Paf
    
    TCP
    
    TLS
    
    Pclock
    
    Random
    
    Stack
    
    IP
    
    TCP
    
    UDP
    
    Time

Legend:
Library
Module
Module type
Parameter
Class
Class type

Parameters

module Time : Mirage_time.S

module Stack : Tcpip.Stack.V4V6

module Random : Mirage_random.S

module Mclock : Mirage_clock.MCLOCK

module Pclock : Mirage_clock.PCLOCK

Signature

val get_certificates : 
  yes_my_port_80_is_reachable_and_unused:Stack.t ->
  production:bool ->
  LE.configuration ->
  (Tls.Config.own_cert, [> `Msg of string ]) Stdlib.result Lwt.t

get_certificates ~yes_my_port_80_is_reachable_and_unused ~production cfg tries to resolve the Let's encrypt challenge by initiating an HTTP server on port 80 and handling requests from it with ocaml-letsencrypt.

This resolution requires that your domain name (requested in the given cfg.hostname) redirects Let's encrypt to this HTTP server. You probably need to check your DNS configuration.

module Paf : sig ... end

val with_lets_encrypt_certificates : 
  ?port:int ->
  Stack.t ->
  production:bool ->
  LE.configuration ->
  (Paf.TLS.flow, Ipaddr.t * int) Alpn.server_handler ->
  (unit, [> `Msg of string ]) Stdlib.result Lwt.t

with_lets_encrypt_certificates ?port stackv4v6 ~production cfg handler launches 2 servers: 1) An HTTP server which handles let's encrypt challenges and redirections 2) An ALPN server (HTTP/1.1 and H2) servers to the user's request handler

Every 80 days, the fiber re-askes a new certificate from let's encrypt and re-update the ALPN server with this new certificate. The HTTP server does the redirection to the hostname defined into the given cfg.