tlscert

package

v0.0.0-...-c6f9f04 Latest Latest Go to latest Published: May 13, 2026 License: MIT Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/posthog/duckgres

Links

Open Source Insights

Documentation ¶

Index ¶

func EnsureCertificates(certFile, keyFile string) error
func GenerateSelfSignedCert(certFile, keyFile string) error
type ACMEDNSManager
- func NewACMEDNSManager(domain, email, zoneID, cacheDir string) (*ACMEDNSManager, error)
- func (m *ACMEDNSManager) Close() error
- func (m *ACMEDNSManager) TLSConfig() *tls.Config
type ACMEManager
- func NewACMEManager(domain, email, cacheDir, httpAddr string) (*ACMEManager, error)
- func (a *ACMEManager) Close() error
- func (a *ACMEManager) TLSConfig() *tls.Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EnsureCertificates ¶

func EnsureCertificates(certFile, keyFile string) error

EnsureCertificates checks if TLS certificates exist, and generates self-signed ones if not. Returns the paths to the cert and key files.

func GenerateSelfSignedCert ¶

func GenerateSelfSignedCert(certFile, keyFile string) error

GenerateSelfSignedCert writes a fresh self-signed certificate and ECDSA private key to the given paths. Used directly by tests that need a cert pair on disk without going through EnsureCertificates' file-existence check.

Types ¶

type ACMEDNSManager ¶

type ACMEDNSManager struct {
	// contains filtered or unexported fields
}

ACMEDNSManager manages TLS certificates via ACME DNS-01 challenges using Route53. Unlike HTTP-01 (which requires port 80 reachable from the internet), DNS-01 works for private/internal interfaces since validation happens via DNS TXT records.

func NewACMEDNSManager ¶

func NewACMEDNSManager(domain, email, zoneID, cacheDir string) (*ACMEDNSManager, error)

NewACMEDNSManager creates a new ACME DNS-01 manager for the given domain. It uses Route53 to create/delete TXT records for DNS-01 challenge validation. The zoneID is the Route53 hosted zone ID that contains the domain.

func (*ACMEDNSManager) Close ¶

func (m *ACMEDNSManager) Close() error

Close stops the renewal timer and releases resources.

func (*ACMEDNSManager) TLSConfig ¶

func (m *ACMEDNSManager) TLSConfig() *tls.Config

TLSConfig returns a tls.Config that serves the ACME-obtained certificate.

type ACMEManager ¶

type ACMEManager struct {
	// contains filtered or unexported fields
}

ACMEManager wraps autocert.Manager to provide Let's Encrypt TLS certificates. It starts an HTTP listener on port 80 for HTTP-01 challenge validation.

func NewACMEManager ¶

func NewACMEManager(domain, email, cacheDir, httpAddr string) (*ACMEManager, error)

NewACMEManager creates a new ACME manager for the given domain. It starts an HTTP listener on the specified address (default ":80") for HTTP-01 challenges. cacheDir is used to persist certificates across restarts.

func (*ACMEManager) Close ¶

func (a *ACMEManager) Close() error

Close gracefully shuts down the HTTP challenge listener. Safe to call multiple times.

func (*ACMEManager) TLSConfig ¶

func (a *ACMEManager) TLSConfig() *tls.Config

TLSConfig returns a tls.Config that uses ACME for certificate management. The GetCertificate callback dynamically obtains/renews certificates.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL