Undefined Title

Sample of ACME autocert in golang


It’s amazaingly easy to use Let’s Encrypt in golang if we use a package, https://godoc.org/golang.org/x/crypto/acme/autocert.

I made a sample running on GCP.

This sample has a terraform code to launch an instance on GCP with firewall to be allowed you to connect via ssh. Also an ansible playbook to provision go-1.10 and vim w/ vim-go. You can do trial-and-error there if you’re familiar with vim-go.

Anyway, x/crypto/acme/autocert is awesome.

mgr := autocert.Manager{
    Prompt:     autocert.AcceptTOS,
    HostPolicy: autocert.HostWhitelist(domains...),
    Cache:      autocert.DirCache("certs"),
go http.ListenAndServe(":http", mgr.HTTPHandler(nil))

That’s all. You give three parameters and start listening.

AcceptTOS indicates acceptance of the Term Of Service of Let’s Encrypt. You provides where to store private key and certificates at Cache which is ./certs directory. HostPolicy is a list of domains you want to serve.

Very easy and cool. TLS now became just a library.