Skip to content

Replace salvo-acme with certon for enhanced ACME support#1339

Open
chrislearn wants to merge 2 commits intomainfrom
certon
Open

Replace salvo-acme with certon for enhanced ACME support#1339
chrislearn wants to merge 2 commits intomainfrom
certon

Conversation

@chrislearn
Copy link
Member

@chrislearn chrislearn commented Mar 18, 2026

This pull request updates the ACME crate to leverage the certon library, introducing advanced certificate management features and refactoring the configuration system. The changes modernize the ACME configuration builder, enabling support for multiple issuers, custom solvers, flexible storage, and new challenge types. Additionally, dependencies and features are updated to reflect the transition to certon.

Integration of certon and dependency updates:

  • Added certon as a dependency in Cargo.toml, and removed legacy dependencies and features related to certificate management. The default feature set is now empty, and feature flags are simplified. [1] [2]
  • Updated the crate description to indicate it is now powered by certon.

Configuration system refactor:

  • Refactored AcmeConfig and AcmeConfigBuilder in config.rs to support new fields and options from certon, including key type selection, multiple issuers, custom storage, advanced solvers, OCSP stapling, on-demand TLS, and ZeroSSL integration. [1] [2] [3] [4]
  • Improved documentation and debug output for configuration structures, making the builder API easier to use and understand. [1] [2]

New builder methods for advanced features:

  • Added builder methods for DNS-01 challenges, custom solvers, key type, issuers, storage, OCSP, on-demand TLS, ZeroSSL API key, and terms of service agreement. These methods enable flexible and extensible certificate management. [1] [2]

API and documentation improvements:

  • Enhanced builder method documentation for clarity and completeness, including updated descriptions for contact emails, challenge types, cache path, and certificate renewal timing. [1] [2] [3] [4]

Removal of legacy client implementation:

  • Removed the legacy ACME client implementation in client.rs, as certificate issuance and challenge handling are now managed via certon.

chrislearn and others added 2 commits March 18, 2026 22:56
@chrislearn @claude
Replace salvo-acme internals with certon for more powerful ACME support
9082145 
Integrate the certon crate to replace salvo-acme's internal ACME protocol
implementation. This removes ~1,200 lines of manual ACME client/JOSE/keypair
code and replaces it with a thin adapter layer over certon's production-grade
certificate management.

New capabilities powered by certon:
- Multiple issuers (Let's Encrypt + ZeroSSL + custom CAs)
- DNS-01 challenge support
- On-demand TLS (certificates at handshake time)
- OCSP stapling
- Multiple key types (ECDSA P-256/P-384/P-521, RSA, Ed25519)
- Pluggable Storage trait for custom backends
- Background certificate renewal and OCSP refresh
- Rate limiting and distributed solving

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@chrislearn
refactor: remove unused comments in ACME listener extension
1913b41 
Signed-off-by: Chrislearn Young <chris@acroidea.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrislearn