This is a MirageOS unikernel which provisions TLS certificates using let's encrypt. It looks for certificate signing requests, stored as TLSA records in DNS zones, and uses the let's encrypt ACME DNS challenge to retrieve certificates. The certificate chain is stored in DNS as TLSA record as well. This unikernel also ensures that certificates are valid for at least two weeks.
This can be used with dns-primary-git.
To install this unikernel from source, you need to have opam (>= 2.1.0) and ocaml (>= 4.08.0) installed. Also, mirage is required (>= 4.5.0). Please follow the installation instructions.
The following steps will clone this git repository and compile the unikernel:
$ git clone https://github.com/robur-coop/dns-letsencrypt-secondary.git
$ mirage configure -t <your-favourite-target>
$ make depend
$ make build
Binaries are available at Reproducible OPAM builds, see Deploying binary MirageOS unikernels and Reproducible MirageOS unikernel builds for details.
Please open an issue if you have questions, feature requests, or comments.