Automatic Certificates and HTTPS for everyone.

Lego

Let's Encrypt client and ACME library written in Go.

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

Features

• ACME v2 RFC 8555
  • Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
  • Support RFC 8738: certificates for IP addresses
  • Support RFC 9773: Renewal Information (ARI) Extension
  • Support draft-aaron-acme-profiles-00: Profiles Extension
• Comes with about 170 DNS providers
• Register with CA
• Obtain certificates, both from scratch or with an existing CSR
• Renew certificates
• Revoke certificates
• Robust implementation of ACME challenges:
  • HTTP (http-01)
  • DNS (dns-01)
  • TLS (tls-alpn-01)
• SAN certificate support
• CNAME support by default
• Custom challenge solvers
• Certificate bundling
• OCSP helper function

Installation

How to install.

Usage

• as a CLI
• as a library

Documentation

Documentation is hosted live at https://go-acme.github.io/lego/.

DNS providers

Detailed documentation is available here.

Active24	Akamai EdgeDNS	Alibaba Cloud DNS	all-inkl
Amazon Lightsail	Amazon Route 53	ArvanCloud	Aurora DNS
Autodns	Axelname	Azion	Azure (deprecated)
Azure DNS	Baidu Cloud	Beget.com	Binary Lane
Bindman	Bluecat	BookMyName	Brandit (deprecated)
Bunny	Checkdomain	Civo	Cloud.ru
CloudDNS	Cloudflare	ClouDNS	CloudXNS (Deprecated)
ConoHa v2	ConoHa v3	Constellix	Core-Networks
CPanel/WHM	Derak Cloud	deSEC.io	Designate DNSaaS for Openstack
Digital Ocean	DirectAdmin	DNS Made Easy	dnsHome.de
DNSimple	DNSPod (deprecated)	Domain Offensive (do.de)	Domeneshop
DreamHost	Duck DNS	Dyn	DynDnsFree.de
Dynu	EasyDNS	Efficient IP	Epik
Exoscale	External program	F5 XC	freemyip.com
G-Core	Gandi	Gandi Live DNS (v5)	Glesys
Go Daddy	Google Cloud	Google Domains	Hetzner
Hosting.de	Hostinger	Hosttech	HTTP request
http.net	Huawei Cloud	Hurricane Electric DNS	HyperOne
IBM Cloud (SoftLayer)	IIJ DNS Platform Service	Infoblox	Infomaniak
Internet Initiative Japan	Internet.bs	INWX	Ionos
IPv64	iwantmyname	Joker	Joohoi's ACME-DNS
KeyHelp	Liara	Lima-City	Linode (v4)
Liquid Web	Loopia	LuaDNS	Mail-in-a-Box
ManageEngine CloudDNS	Manual	Metaname	Metaregistrar
mijn.host	Mittwald	myaddr.{tools,dev,io}	MyDNS.jp
MythicBeasts	Name.com	Namecheap	Namesilo
NearlyFreeSpeech.NET	Netcup	Netlify	Nicmanager
NIFCloud	Njalla	Nodion	NS1
Octenium	Open Telekom Cloud	Oracle Cloud	OVH
plesk.com	Porkbun	PowerDNS	Rackspace
Rain Yun/雨云	RcodeZero	reg.ru	Regfish
RFC2136	RimuHosting	RU CENTER	Sakura Cloud
Scaleway	Selectel	Selectel v2	SelfHost.(de|eu)
Servercow	Shellrent	Simply.com	Sonic
Spaceship	Stackpath	Technitium	Tencent Cloud DNS
Tencent EdgeOne	Timeweb Cloud	TransIP	UKFast SafeDNS
Ultradns	Variomedia	VegaDNS	Vercel
Versio.[nl|eu|uk]	VinylDNS	VK Cloud	Volcano Engine/火山引擎
Vscale	Vultr	Webnames	Websupport
WEDOS	West.cn/西部数码	Yandex 360	Yandex Cloud
Yandex PDD	Zone.ee	ZoneEdit	Zonomi

If your DNS provider is not supported, please open an issue.