# go-acme/lego **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/go-acme-lego).** 9,265 stars · 1,114 forks · Go · mit ## Links - GitHub: https://github.com/go-acme/lego - Homepage: https://go-acme.github.io/lego/ - awesome-repositories: https://awesome-repositories.com/repository/go-acme-lego.md ## Topics `acme` `acme-client` `certificate` `dns` `letsencrypt` `rfc8555` `rfc8737` `rfc8738` `security` `tls` ## Description Lego is an ACME certificate manager and lifecycle tool used to automate the request, renewal, and revocation of SSL and TLS certificates. It implements the ACME protocol to communicate with compliant certificate authorities and manages the full issuance process, including account registration and private key rollovers. The project distinguishes itself through extensive DNS automation, utilizing a provider-based abstraction to solve DNS-01 challenges across various third-party DNS providers. It supports advanced verification workflows such as CNAME-based challenge delegation, DNS zone discovery, and the issuance of wildcard certificates and IP address certificates. Lego provides a command line interface for manual operations and supports automation via lifecycle-based hooks that trigger external scripts during the issuance process. It handles identity verification through DNS, HTTP, and TLS-ALPN methods, while maintaining account persistence and certificate data through a structured local archive. The tool includes detailed logging for network interaction debugging and supports the use of pre-generated certificate signing requests. ## Tags ### Security & Cryptography - [ACME Clients](https://awesome-repositories.com/f/security-cryptography/acme-clients.md) — Implements the ACME protocol as a command-line tool for automated certificate lifecycle management. ([source](https://go-acme.github.io/lego/advanced/caservers)) - [ACME Protocol Implementations](https://awesome-repositories.com/f/security-cryptography/acme-protocol-implementations.md) — Implements standardized communication flows for interacting with certificate authorities via challenge-response mechanisms. - [CA Server Configurations](https://awesome-repositories.com/f/security-cryptography/api-access-control/endpoint-controls/endpoint-configurations/ca-server-configurations.md) — Allows specifying the CA server endpoints and settings required to validate and issue security certificates. ([source](https://go-acme.github.io/lego/advanced/index.html)) - [Certificate Lifecycle Management](https://awesome-repositories.com/f/security-cryptography/certificate-lifecycle-management.md) — Manages the full lifecycle of obtaining, renewing, and rotating security certificates from compliant authorities. ([source](https://go-acme.github.io/lego/advanced/index.html)) - [Certificate Renewal Managers](https://awesome-repositories.com/f/security-cryptography/certificate-renewal-managers.md) — Automatically extends the validity of existing certificates before they expire to ensure continuous encryption. ([source](https://cdn.jsdelivr.net/gh/go-acme/lego@master/README.md)) - [SSL/TLS Certificate Management](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management.md) — Requests and renews digital certificates by completing identity challenges through various protocols. ([source](https://go-acme.github.io/lego/obtain/index.html)) - [Domain Ownership Verification](https://awesome-repositories.com/f/security-cryptography/dns-security/authenticated-record-retrievers/domain-ownership-verification.md) — Proves domain control by solving identity challenges via DNS, HTTP, or TLS-ALPN methods. ([source](https://go-acme.github.io/lego/)) - [DNS Validation Providers](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers.md) — Provides a common interface to manage TXT records across diverse DNS APIs for automated ownership validation. - [ACME Account Archives](https://awesome-repositories.com/f/security-cryptography/user-account-archiving/acme-account-archives.md) — Stores account registration details and private keys in local archives for long-term management and recovery. - [Account Management](https://awesome-repositories.com/f/security-cryptography/account-management.md) — Manages ACME account registration, private key rollovers, and account recovery for CA communication. ([source](https://go-acme.github.io/lego/advanced/index.html)) - [Custom Issuance Workflows](https://awesome-repositories.com/f/security-cryptography/certificate-issuance-utilities/custom-issuance-workflows.md) — Integrates external scripts and pre-generated certificate signing requests into the automated issuance process. - [Certificate Signing Request Managers](https://awesome-repositories.com/f/security-cryptography/certificate-signing-request-managers.md) — Supports the use of pre-generated certificate signing requests (CSRs) alongside automatic key pair generation. - [Credential Revocation](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/credential-revocation.md) — Invalidates active certificates with the issuing authority to prevent trust in compromised credentials. ([source](https://cdn.jsdelivr.net/gh/go-acme/lego@master/README.md)) - [Identity Challenge Dispatchers](https://awesome-repositories.com/f/security-cryptography/identity-challenge-dispatchers.md) — Dispatches identity verification requests across multiple network layers to satisfy various certificate authority requirements. - [Wildcard Certificate Issuers](https://awesome-repositories.com/f/security-cryptography/wildcard-certificate-issuers.md) — Generates single certificates that secure an unlimited number of subdomains for a primary domain. ([source](https://go-acme.github.io/lego/)) - [Wildcard Certificate Management](https://awesome-repositories.com/f/security-cryptography/wildcard-certificate-management.md) — Automates the provisioning and renewal of wildcard certificates to secure primary domains and all subdomains. ### Part of an Awesome List - [Certificate Archives](https://awesome-repositories.com/f/awesome-lists/security/ssl-and-certificates/certificate-archives.md) — Stores and retrieves certificate data and private keys in a structured archive for persistence. ([source](https://go-acme.github.io/lego/advanced/index.html)) ### Development Tools & Productivity - [Command Line Interfaces](https://awesome-repositories.com/f/development-tools-productivity/command-line-interfaces.md) — Provides a terminal-based interface for managing certificate lifecycles, account registrations, and key rollovers. ([source](https://go-acme.github.io/lego/references/index.html)) - [Lifecycle Event Hooks](https://awesome-repositories.com/f/development-tools-productivity/environment-customization-tools/lifecycle-event-hooks.md) — Provides script triggers that execute during lifecycle events such as before creation or after deployment. ([source](https://go-acme.github.io/lego/index.print.html)) - [Lifecycle Script Execution](https://awesome-repositories.com/f/development-tools-productivity/lifecycle-script-execution.md) — Triggers external shell scripts at predefined stages of the certificate issuance and renewal process. ### Software Engineering & Architecture - [DNS Challenge Modules](https://awesome-repositories.com/f/software-engineering-architecture/modular-extension-architectures/dns-challenge-modules.md) — Automates the creation and deletion of DNS TXT records to prove domain ownership for the DNS-01 challenge. ([source](https://go-acme.github.io/lego/dns/edgedns/)) ### DevOps & Infrastructure - [Lifecycle Event Hooks](https://awesome-repositories.com/f/devops-infrastructure/lifecycle-event-hooks.md) — Lego triggers external scripts at specific stages of the issuance and renewal process to execute custom automation. ([source](https://go-acme.github.io/lego/advanced/index.html)) ### Networking & Communication - [Challenge Delegation](https://awesome-repositories.com/f/networking-communication/dns-record-updaters/challenge-delegation.md) — Supports delegating DNS challenge resolution to secondary zones using CNAME records. - [CNAME Challenge Resolution](https://awesome-repositories.com/f/networking-communication/domain-name-systems/dns-record-verification/cname-challenge-resolution.md) — Follows CNAME records during the validation process to verify domain ownership. ([source](https://go-acme.github.io/lego/advanced/options/index.html))