Lego

Let’s Encrypt client and ACME library written in Go.

Features

  • ACME v2 RFC 8555
    • Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
    • Support RFC 8738: issues certificates for IP addresses
    • Support draft-ietf-acme-ari-01: Renewal Information (ARI) Extension
  • Register with CA
  • Obtain certificates, both from scratch or with an existing CSR
  • Renew certificates
  • Revoke certificates
  • Robust implementation of all ACME challenges
    • HTTP (http-01)
    • DNS (dns-01)
    • TLS (tls-alpn-01)
  • SAN certificate support
  • CNAME support by default
  • Comes with multiple optional DNS providers
  • Custom challenge solvers
  • Certificate bundling
  • OCSP helper function