Lego is an ACME certificate manager and lifecycle tool used to automate the request, renewal, and revocation of SSL and TLS certificates. It implements the ACME protocol to communicate with compliant certificate authorities and manages the full issuance process, including account registration and private key rollovers.
The project distinguishes itself through extensive DNS automation, utilizing a provider-based abstraction to solve DNS-01 challenges across various third-party DNS providers. It supports advanced verification workflows such as CNAME-based challenge delegation, DNS zone discovery, and the issuance of wildcard certificates and IP address certificates.
Lego provides a command line interface for manual operations and supports automation via lifecycle-based hooks that trigger external scripts during the issuance process. It handles identity verification through DNS, HTTP, and TLS-ALPN methods, while maintaining account persistence and certificate data through a structured local archive.
The tool includes detailed logging for network interaction debugging and supports the use of pre-generated certificate signing requests.
