I am delighted to announce the release of ocaml-letsencrypt (version 2.1.0). This version introduces a new API that allows it to operate independently of a scheduler and an HTTP client. It is also a rewrite using our brand-new jws library, which now utilises the jsont library (rather than yojson).
ocaml-letsencrypt implements challenges needed to obtain a certificate via the three ways: DNS, HTTP and ACME-TLS. It therefore enables a website deployment strategy (implemented with Vif, for example) to be provided entirely in OCaml.
We use it within our cooperative for projects such as:
dns-letsencrypt-secondary, a unikernel that acts as a secondary DNS server capable of performing the DNS challenge for a specific domain and uploading the certificate as a TLSA record. It generally works in tandem with ourprimary-git, our primary DNS server.contruno, a unikernel that acts as a TLS reverse proxy and is capable of performing HTTP challenges. The latter is currently being completely rewritten usingmnet.
Good luck with deploying your websites, and happy hacking! Here’s hoping that jws also finds its place as a library within the OCaml ecosystem.