#acme #network #client #ssl #certificate

bin+lib acme-rs

An acme client (RFC8555) written in the rust programming language

2 unstable releases

0.2.0 Mar 3, 2021
0.1.0 Feb 11, 2021

#439 in Cryptography

MIT license

665 lines

Latest Version


An ACME Client for Let's Encrypt written in Rust to request SSL/TLS certificates. This client follows the guidelines specified in RFC8555.



  • acme-rs in its current state does only support the http challenge. The port 80 must not be blocked.
  • You have the option to generate you keypair for the certificate first before executing the client.
  • By default, acme-rs will send the request to the URL https://acme-v02.api.letsencrypt.org/directory. However, you can manually change the ACME Server URL by using the --server flag. Just make sure you pass in the URL pointing to the directory information. The client then fetches all paths for further requests from the endpoint.

This crate also exposes a libary which allows users to acquire a certificate within their own code. The documentation can be found on docs.rs. The main function exposed by the libary is generate_cert_for_domain.


The installation process is done via crates.io. To install the lates version of this tool just run

cargo install acme-rs

you could also specify the installation path (e.g. if you would like to install the tool system wide):

cargo install acme-rs --root /usr/local/bin


acme-rs is using the openssl rust wrapper crate to generate keys and the csr.

The client will store the certificate and the certificate chain in the files cert.crt and chain.crt

Request a certificate

You can request a certificate by using the following command:

acme-rs [OPTIONS] --domain <domain> --email <email>


By running the command acme-rs --help you can get an overview of all the commands available.

An acme client (RFC8555) written in the rust programming language

    acme-rs [FLAGS] [OPTIONS] --email <email> --domain <domain>

    -h, --help       Prints help information
    -v, --verbose    Enables debug output
    -V, --version    Prints version information

    -d, --domain <domain>              The domain to register the certificate for
    -e, --email <email>
        --private-key <private-key>    An optional private key file (PEM format) to load the keys
        --public-key <public-key>
    -s, --server <server>              The ACME server's URL


~712K SLoC