ACME Protocol - RFC 8555

The Lua module acme/engine implements a subset of the ACME client side protocol as specified in RFC-8555. This module is internally used by the two Mako Server modules, acme/bot and acme/dns. You may wish to use the acme Lua module directly if you are not using the Mako Server or if you need management not provided by the two Mako Server modules.

Using module acme/bot and acme/dns in non Mako Server builds

Module acme/bot and acme/dns are designed for the Mako Server, but can be used by other Barracuda App Server builds. For example, the LSP Application Manager example copies the two modules to its own resource directory and enables the modules if the example is compiled with a file system.

The two modules require special initialization if not used by the Mako Server. The following specifies how to initialize the two modules in a non Mako Server environment. You must initialize both modules since the option table initialized with acmedns.init() is also used by the acme/bot module.

require"acme/bot".init(io,loadcerts)

Set the required I/O and loadcerts callback function.

require"acme/dns".init(op [,sendmail])

Compile Time Requirements

The ACME module requires the auxiliary Lua bindings and the following compile time flags, which are not pre-set for any builds, except for POSIX and Win.

 
#define SHARKSSL_ENABLE_ASN1_KEY_CREATION                1
#define SHARKSSL_ENABLE_RSAKEY_CREATE                    1
#define SHARKSSL_ENABLE_ECCKEY_CREATE                    1
#define SHARKSSL_ENABLE_CSR_CREATION                     1

You may add these defines to the inc/arch/[platform]/TargConfig.h header file or set them as part of your build's compiler options.

Module acme/engine

For a deeper understanding of how this module conceptually works, see the online Let's Encrypt v2 Step by Step tutorial (designed for JavaScript).

acme=require"acme/engine"

acme.cert(account, domain, rspCB, op)

Initiates a certificate request for 'domain'. The certificate request is initiated immediately if no other jobs are active or queued if another certificate request job is running. In either case, the function returns immediately and returns the number of jobs queued.

Arguments:

acme.terms()

Returns a URL to the Let's Encrypt terms of service (pdf).

acme.jobs()

Returns the number of active/pending jobs.

acme.revoke(account,cert,rspCB)

Revoke the certificate.