Is boulder the golang client for managing thousands of domains?

Issuance Tech
1

I am creating a service that will manage thousands of domains.

So I will need a golang based client and wondering if this is the one I should be using: https://github.com/letsencrypt/boulder
Is it similiar to https://github.com/xenolf/lego ?

My goal is the mimick the steps that certbot does but:

  1. The domains will be stored in a database, I will make requests for each one when creating/renewing.
  2. the response token etc. will be stored in a database
  3. the http challenge will be served using my own web server, and it will pull the token etc. from the database from the previous step
  4. the certification related files will be stored in a custom location that my nginx server will refer too

Have I missed any high level steps?

2

Hi @whateverssl,

Boulder is not an ACME client, but rather an ACME server. It issues certificates rather than requesting them. So it's not comparable in its functionality to lego.

1 Like
3

In addition to xenolf/lego you might be interested in acme package - golang.org/x/crypto/acme - Go Packages & autocert package - golang.org/x/crypto/acme/autocert - Go Packages The "x" package tree is not officially part of the Golang standard library but its close :slight_smile:

2 Likes
4

Neither lego nor /x/crypto/acme support ACME v2 (yet) so I wouldn’t suggest starting a new project on them.

@eggsampler’s https://github.com/eggsampler/acme is a great maintained v2 Go package.

2 Likes
5

Caddy server uses lego so that gave me some comfort. That eggsampler lib looks interesting but it seems very new and the adoption is very low (github stars, collaborators etc).

I guess version 1 is still supported? :slight_smile:

6

I understand. For some background, we use it in our own commercial project deployed to 10k+ servers, so it’s not as dead as it seems (and it’s feature-complete, which is where there are not a lot of commits).

How this matters to you is that if you need any ACME v2-only features, such as wildcard support etc in future, you will be forced to move onto ACME v2, even if v1 is still operational, because v1 will never have those features.

You can try use the lego v2 branch (which will eventually move to master), but it may not be finished yet.

Use whatever you want, but I encourage you to stick to v2.

2 Likes
7

Wow 10K servers? Can you mention the project?

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.