Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/CrisisTextLine/modular/modules/letsencrypt

Package Overview
Dependencies
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/CrisisTextLine/modular/modules/letsencrypt

Source
Go Modules
Version
v0.3.0
Version published
Created
Source

Let's Encrypt Module

The Let's Encrypt module provides automatic SSL/TLS certificate generation and management using Let's Encrypt's ACME protocol. It integrates seamlessly with the Modular framework to provide HTTPS capabilities for your applications.

Go Reference

Features

  • Automatic Certificate Generation: Obtain SSL/TLS certificates from Let's Encrypt automatically
  • Multiple Challenge Types: Support for HTTP-01 and DNS-01 challenges
  • Auto-Renewal: Automatic certificate renewal before expiration
  • Multiple DNS Providers: Support for various DNS providers (Cloudflare, Route53, Azure DNS, etc.)
  • Staging Environment: Use Let's Encrypt's staging environment for testing
  • Certificate Storage: Persistent storage of certificates and account information
  • Production Ready: Built with best practices for production deployments

Installation

go get github.com/CrisisTextLine/modular/modules/letsencrypt

Quick Start

Basic Usage with HTTP Challenge

package main

import (
    "context"
    "log/slog"
    "os"

    "github.com/CrisisTextLine/modular"
    "github.com/CrisisTextLine/modular/modules/letsencrypt"
    "github.com/CrisisTextLine/modular/modules/httpserver"
)

type AppConfig struct {
    LetsEncrypt letsencrypt.LetsEncryptConfig `yaml:"letsencrypt"`
    HTTPServer  httpserver.HTTPServerConfig   `yaml:"httpserver"`
}

func main() {
    logger := slog.New(slog.NewTextHandler(os.Stdout, nil))
    
    config := &AppConfig{
        LetsEncrypt: letsencrypt.LetsEncryptConfig{
            Email:       "your-email@example.com",
            Domains:     []string{"example.com", "www.example.com"},
            UseStaging:  false, // Set to true for testing
            StoragePath: "./certs",
            AutoRenew:   true,
            RenewBefore: 30, // Renew 30 days before expiration
        },
        HTTPServer: httpserver.HTTPServerConfig{
            Host: "0.0.0.0",
            Port: 443,
            TLS:  &httpserver.TLSConfig{Enabled: true},
        },
    }

    configProvider := modular.NewStdConfigProvider(config)
    app := modular.NewStdApplication(configProvider, logger)

    // Register modules
    app.RegisterModule(letsencrypt.NewLetsEncryptModule())
    app.RegisterModule(httpserver.NewHTTPServerModule())

    if err := app.Run(); err != nil {
        logger.Error("Application error", "error", err)
        os.Exit(1)
    }
}

DNS Challenge with Cloudflare

config := &AppConfig{
    LetsEncrypt: letsencrypt.LetsEncryptConfig{
        Email:       "your-email@example.com",
        Domains:     []string{"*.example.com", "example.com"},
        UseStaging:  false,
        StoragePath: "./certs",
        AutoRenew:   true,
        UseDNS:      true,
        DNSProvider: &letsencrypt.DNSProviderConfig{
            Name: "cloudflare",
        },
        DNSConfig: map[string]string{
            "CLOUDFLARE_EMAIL":   "your-email@example.com",
            "CLOUDFLARE_API_KEY": "your-api-key",
        },
    },
}

Configuration

LetsEncryptConfig

FieldTypeDescriptionDefault
emailstringEmail address for Let's Encrypt registrationRequired
domains[]stringList of domain names to obtain certificates forRequired
use_stagingboolUse Let's Encrypt staging environmentfalse
storage_pathstringDirectory for certificate storage"./letsencrypt"
renew_beforeintDays before expiry to renew certificates30
auto_renewboolEnable automatic renewaltrue
use_dnsboolUse DNS-01 challenges instead of HTTP-01false

DNS Provider Configuration

For DNS challenges, configure the DNS provider:

letsencrypt:
  email: "your-email@example.com"
  domains:
    - "example.com"
    - "*.example.com"
  use_dns: true
  dns_provider:
    name: "cloudflare"
  dns_config:
    CLOUDFLARE_EMAIL: "your-email@example.com"
    CLOUDFLARE_API_KEY: "your-api-key"

Supported DNS Providers

  • Cloudflare: cloudflare
  • Route53 (AWS): route53
  • Azure DNS: azuredns
  • Google Cloud DNS: gcloud
  • DigitalOcean: digitalocean
  • Namecheap: namecheap

Each provider requires specific environment variables or configuration parameters.

Integration with HTTP Server

The Let's Encrypt module works seamlessly with the HTTP Server module by implementing the CertificateService interface:

// The HTTP server module will automatically use certificates from Let's Encrypt
app.RegisterModule(letsencrypt.NewLetsEncryptModule())
app.RegisterModule(httpserver.NewHTTPServerModule())

Advanced Usage

Custom Certificate Handling

// Get certificate service for custom handling
var certService httpserver.CertificateService
app.GetService("certificateService", &certService)

// Get certificate for a specific domain
cert := certService.GetCertificate("example.com")

Manual Certificate Operations

letsEncryptModule := letsencrypt.NewLetsEncryptModule()

// Force certificate renewal
if err := letsEncryptModule.RenewCertificate("example.com"); err != nil {
    log.Printf("Failed to renew certificate: %v", err)
}

Environment Variables

You can configure the module using environment variables:

LETSENCRYPT_EMAIL=your-email@example.com
LETSENCRYPT_DOMAINS=example.com,www.example.com
LETSENCRYPT_USE_STAGING=false
LETSENCRYPT_STORAGE_PATH=./certs
LETSENCRYPT_AUTO_RENEW=true

Best Practices

  • Use Staging for Testing: Always test with use_staging: true to avoid rate limits
  • Secure Storage: Ensure certificate storage directory has proper permissions
  • Monitor Renewals: Set up monitoring for certificate renewal failures
  • Backup Certificates: Regularly backup your certificate storage directory
  • DNS Challenge for Wildcards: Use DNS challenges for wildcard certificates

Troubleshooting

Common Issues

  • Rate Limits: Use staging environment for testing
  • DNS Propagation: DNS challenges may take time to propagate
  • Firewall: Ensure port 80 is accessible for HTTP challenges
  • Domain Validation: Verify domain ownership and DNS configuration

Debug Mode

Enable debug logging to troubleshoot issues:

logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
    Level: slog.LevelDebug,
}))

Examples

See the examples directory for complete working examples:

  • Basic HTTPS server with Let's Encrypt
  • Multi-domain certificate management
  • DNS challenge configuration

Dependencies

  • lego - ACME client library
  • Works with the httpserver module for HTTPS support

License

This module is part of the Modular framework and is licensed under the MIT License.

FAQs

Package last updated on 02 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Firewall Now Available in Docker Hardened Images

Security News

/

Product

Socket Firewall Now Available in Docker Hardened Images

Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection on top of hardened base images for Node.js, Python, and Rust.

By Sarah Gooding  -  Dec 17, 2025
The Nightmare Before Deployment

Security News

The Nightmare Before Deployment

Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.

By Ahmad Nassri  -  Dec 16, 2025