Question 1

How to automatically renew certificates with Lego?

Accepted Answer

Use Lego's CLI with cron jobs or systemd timers to run renewal commands periodically. As a library, you can programmatically check expiration dates and call renew functions, leveraging its support for Renewal Information (ARI) for optimized scheduling.

Question 2

Lego vs Certbot: which is better for my project?

Accepted Answer

Lego excels in Go-based integrations and broad DNS provider support, while Certbot is more beginner-friendly with pre-built plugins for common web servers. Choose Lego for flexibility in custom automation or if your DNS provider isn't supported by Certbot.

Question 3

How to use Lego with Docker containers?

Accepted Answer

Pull the official goacme/lego Docker image, mount volumes for certificate storage, and set environment variables for your DNS provider. The documentation includes examples for running it as a sidecar container or in standalone mode.

Question 4

What happens if my DNS provider isn't supported?

Accepted Answer

You can write a custom challenge solver using Lego's library or open a GitHub issue to request support. However, implementation may depend on community contributions, and unsupported providers require manual workarounds.

Question 5

Can Lego issue certificates for internal IP addresses?

Accepted Answer

Yes, via support for RFC 8738, Lego can obtain certificates for IP addresses using TLS-ALPN-01 challenges, making it suitable for securing internal services with ACME CAs that support this extension.

Question 6

How to handle HTTP-01 challenges without running a web server?

Accepted Answer

Lego doesn't serve challenge files itself; you must configure your existing web server (e.g., Nginx, Apache) to serve the .well-known/acme-challenge directory or use a custom solver for alternative validation methods.

lego

What is lego?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions