Lego

Let’s Encrypt client and ACME library written in Go.

Features

• ACME v2 RFC 8555
  • Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
  • Support RFC 8738: issues certificates for IP addresses
  • Support draft-ietf-acme-ari-03: Renewal Information (ARI) Extension
  • Support draft-aaron-acme-profiles-00: Profiles Extension
• Comes with about 150 DNS providers
• Register with CA
• Obtain certificates, both from scratch or with an existing CSR
• Renew certificates
• Revoke certificates
• Robust implementation of ACME challenges:
  • HTTP (http-01)
  • DNS (dns-01)
  • TLS (tls-alpn-01)
• SAN certificate support
• CNAME support by default
• Custom challenge solvers
• Certificate bundling
• OCSP helper function