_            _    _        _         _
      /\ \         /\ \ /\ \     /\_\      / /\
      \_\ \       /  \ \\ \ \   / / /     / /  \
      /\__ \     / /\ \ \\ \ \_/ / /     / / /\ \__
     / /_ \ \   / / /\ \ \\ \___/ /     / / /\ \___\
    / / /\ \ \ / / /  \ \_\\ \ \_/      \ \ \ \/___/
   / / /  \/_// / /   / / / \ \ \        \ \ \
  / / /      / / /   / / /   \ \ \   _    \ \ \
 / / /      / / /___/ / /     \ \ \ /_/\__/ / /
/_/ /      / / /____\/ /       \ \_\\ \/___/ /
\_\/       \/_________/         \/_/ \_____\/
go-github-com-caddyserver-certmagic 0.21.4
Propagated dependencies: go-github-com-caddyserver-zerossl@0.1.0 go-github-com-klauspost-cpuid-v2@2.2.8 go-github-com-libdns-libdns@0.2.2 go-github-com-mholt-acmez@2.0.3 go-github-com-miekg-dns@1.1.62 go-github-com-zeebo-blake3@0.2.4 go-go-uber-org-zap@1.24.0 go-golang-org-x-crypto@0.27.0 go-golang-org-x-net@0.29.0
Channel: guix
Location: gnu/packages/golang-web.scm (gnu packages golang-web)
Home page: https://github.com/caddyserver/certmagic
Licenses: Expat
Synopsis: Automatic HTTPS for any Go program
Description:

certmagic provides API for TLS Automation with full control over almost every aspect of the system.

Main features:

  • Fully automated certificate management including issuance and renewal, with support for certificate revocation. Also works in conjunction with your own certificates.

  • Wildcard certificates.

  • One-line, fully managed HTTPS servers, with HTTP->HTTPS redirects.

  • Multiple issuers supported: get certificates from multiple sources/CAs for redundancy and resiliency.

  • Solves all 3 common ACME challenges: HTTP, TLS-ALPN, and DNS (and capable of others.)

  • Robust error handling:

    • Challenges are randomized to avoid accidental dependence and rotated to overcome certain network blockages.

    • Robust retries for up to 30 days.

    • Exponential backoff with carefully-tuned intervals.

    • Retries with optional test/staging CA endpoint instead of production, to avoid rate limits.

  • All libdns DNS providers work out-of-the-box.

  • Pluggable storage backends (default: file system) and key sources.

  • Automatic OCSP stapling.

  • Distributed solving of all challenges (works behind load balancers.)

  • Supports on-demand issuance of certificates.

  • Optional event hooks for observation.

  • One-time private keys by default (new key for each cert) to discourage pinning and reduce scope of key compromise.

  • Works with any certificate authority (CA) compliant with the ACME specification RFC 8555.

  • Must-Staple (optional; not default.)

  • Full support for draft-ietf-acme-ari (ACME Renewal Information; ARI) extension.

Total results: 1