A Let's Encrypt/ACME client and library written in Go for automatic certificate management.
Lego is an ACME client and library written in Go that automates the process of obtaining and renewing TLS/SSL certificates from Let's Encrypt and other ACME certificate authorities. It solves the problem of manual certificate management by providing a robust, extensible tool for securing web services with HTTPS.
System administrators, DevOps engineers, and developers who need to automate TLS certificate management for their servers, containers, or applications.
Developers choose Lego for its extensive DNS provider support, compliance with ACME standards, and flexibility as both a CLI tool and a library, making it suitable for both simple deployments and complex, customized integrations.
Let's Encrypt/ACME client and library written in Go
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Supports about 180 DNS providers for DNS-01 challenges, covering a vast range of hosting services and enabling automated certificate issuance without web server access.
Fully implements ACME v2 RFC 8555 and extensions like TLS ALPN, IP address certificates, and Renewal Information (ARI), ensuring compatibility with modern CAs including Let's Encrypt.
Offers HTTP-01, DNS-01, and TLS-ALPN-01 challenges, plus the ability to write custom solvers, making it adaptable to diverse deployment scenarios like internal networks or specialized infrastructures.
Functions as both a command-line tool for quick automation and a Go library for programmatic integration, catering to sysadmins and developers building custom certificate management into applications.
Each DNS provider requires specific API credentials and configuration, which can be complex and error-prone, especially for users managing multiple providers or lacking API experience.
Some providers are marked as deprecated (e.g., Azure, CloudXNS), indicating potential breaking changes or lack of updates, which could disrupt automation in affected environments.
For HTTP-01 challenges, Lego does not include an embedded web server, forcing users to manually serve challenge files or integrate with existing servers, adding setup overhead.