Lego

Let’s Encrypt client and ACME library written in Go.

Important

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

This project is not owned by a company. I’m not an employee of a company.

I don’t have gifted domains/accounts from DNS companies.

I’ve been maintaining it for about 10 years.

Features

  • ACME v2 RFC 8555
    • Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
    • Support RFC 8738: issues certificates for IP addresses
    • Support RFC 9773: Renewal Information (ARI) Extension
    • Support draft-ietf-acme-profiles-00: Profiles Extension
  • Comes with about 170 DNS providers
  • Register with CA
  • Obtain certificates, both from scratch or with an existing CSR
  • Renew certificates
  • Revoke certificates
  • Robust implementation of ACME challenges:
    • HTTP (http-01)
    • DNS (dns-01)
    • TLS (tls-alpn-01)
  • SAN certificate support
  • CNAME support by default
  • Custom challenge solvers
  • Certificate bundling
  • OCSP helper function