instant-acme: async, pure-Rust ACME client

instant-acme is an async, pure-Rust ACME (RFC 8555) client.

instant-acme is used in production at Instant Domain Search to help us provision TLS certificates within seconds for our customers. instant-acme relies on Tokio and rustls to implement the RFC 8555 specification.

Features

• Store/recover your account credentials by serializing/deserializing
• Fully async implementation with tracing support
• Support for processing multiple orders concurrently
• Support for external account binding
• Support for certificate revocation
• Support for the ACME renewal information (ARI) extension
• Uses hyper with rustls and Tokio for HTTP requests
• Uses ring or aws-lc-rs for ECDSA signing
• Minimum supported Rust version (MSRV): 1.70

Cargo features

• hyper-rustls (default): use a hyper client with rustls
• aws-lc-rs (default): use the aws-lc-rs crate as the crypto backend
• ring: use the ring crate as the crypto backend
• fips: enable the aws-lc-rs crate's FIPS-compliant mode
• x509-parser: enable extracting CertificateIdentifier values for ARI from certificates
• time: enable fetching RenewalInfo for a CertificateIdentifier

If both ring and aws-lc-rs are enabled, aws-lc-rs will be used.

Limitations

• Only supports P-256 ECDSA account keys for now

Getting started

See the examples directory for an example of how to use instant-acme.