Automatic Certificates and HTTPS for everyone.

This is not the real Lego!

This is a fork of Lego created in support of ISRG's research into digital identity. It is not intended for production use. If you want to get certificates from an ACME CA like Let's Encrypt, use the real Lego or one of the other ACME clients recommended by Let's Encrypt.

Lego

Let's Encrypt client and ACME library written in Go.

Features

• ACME v2 RFC 8555
  • Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
  • Support RFC 8738: certificates for IP addresses
  • Support draft-ietf-acme-ari-03: Renewal Information (ARI) Extension
  • Support draft-aaron-acme-profiles-00: Profiles Extension
• Register with CA
• Obtain certificates, both from scratch or with an existing CSR
• Renew certificates
• Revoke certificates
• Robust implementation of all ACME challenges
  • HTTP (http-01)
  • DNS (dns-01)
  • TLS (tls-alpn-01)
• SAN certificate support
• CNAME support by default
• Comes with multiple optional DNS providers
• Custom challenge solvers
• Certificate bundling
• OCSP helper function

Installation

How to install.

Usage

• as a CLI
• as a library

Documentation

Documentation is hosted live at https://go-acme.github.io/lego/.

DNS providers

Detailed documentation is available here.

Akamai EdgeDNS	Alibaba Cloud DNS	all-inkl	Amazon Lightsail
Amazon Route 53	ArvanCloud	Aurora DNS	Autodns
Azure (deprecated)	Azure DNS	Bindman	Bluecat
Brandit (deprecated)	Bunny	Checkdomain	Civo
Cloud.ru	CloudDNS	Cloudflare	ClouDNS
CloudXNS (Deprecated)	ConoHa	Constellix	Core-Networks
CPanel/WHM	Derak Cloud	deSEC.io	Designate DNSaaS for Openstack
Digital Ocean	DirectAdmin	DNS Made Easy	dnsHome.de
DNSimple	DNSPod (deprecated)	Domain Offensive (do.de)	Domeneshop
DreamHost	Duck DNS	Dyn	Dynu
EasyDNS	Efficient IP	Epik	Exoscale
External program	freemyip.com	G-Core	Gandi
Gandi Live DNS (v5)	Glesys	Go Daddy	Google Cloud
Google Domains	Hetzner	Hosting.de	Hosttech
HTTP request	http.net	Huawei Cloud	Hurricane Electric DNS
HyperOne	IBM Cloud (SoftLayer)	IIJ DNS Platform Service	Infoblox
Infomaniak	Internet Initiative Japan	Internet.bs	INWX
Ionos	IPv64	iwantmyname	Joker
Joohoi's ACME-DNS	Liara	Lima-City	Linode (v4)
Liquid Web	Loopia	LuaDNS	Mail-in-a-Box
ManageEngine CloudDNS	Manual	Metaname	mijn.host
Mittwald	myaddr.{tools,dev,io}	MyDNS.jp	MythicBeasts
Name.com	Namecheap	Namesilo	NearlyFreeSpeech.NET
Netcup	Netlify	Nicmanager	NIFCloud
Njalla	Nodion	NS1	Open Telekom Cloud
Oracle Cloud	OVH	plesk.com	Porkbun
PowerDNS	Rackspace	Rain Yun/雨云	RcodeZero
reg.ru	Regfish	RFC2136	RimuHosting
Sakura Cloud	Scaleway	Selectel	Selectel v2
SelfHost.(de|eu)	Servercow	Shellrent	Simply.com
Sonic	Stackpath	Technitium	Tencent Cloud DNS
Timeweb Cloud	TransIP	UKFast SafeDNS	Ultradns
Variomedia	VegaDNS	Vercel	Versio.[nl|eu|uk]
VinylDNS	VK Cloud	Volcano Engine/火山引擎	Vscale
Vultr	Webnames	Websupport	WEDOS
West.cn/西部数码	Yandex 360	Yandex Cloud	Yandex PDD
Zone.ee	Zonomi

If your DNS provider is not supported, please open an issue.