// DefaultACMEDirectory is the default ACME Directory URL used when the Manager's Client is nil. const DefaultACMEDirectory = "https://acme-v02.api.letsencrypt.org/directory"


// ErrCacheMiss is returned when a certificate is not found in cache. var ErrCacheMiss = errors.New("acme/autocert: certificate cache miss")


// Cache is used by Manager to store and retrieve previously obtained certificates // and other account data as opaque blobs. // // Cache implementations should not rely on the key naming pattern. Keys can // include any printable ASCII characters, except the following: \/:*?"<>| type Cache interface { // Get returns a certificate data for the specified key. // If there's no such key, Get returns ErrCacheMiss. Get(ctx context.Context, key string) ([]byte, error) // Put stores the data in the cache under the specified key. // Underlying implementations may use any data storage format, // as long as the reverse operation, Get, results in the original data. Put(ctx context.Context, key string, data []byte) error // Delete removes a certificate data from the cache under the specified key. // If there's no such key in the cache, Delete returns nil. Delete(ctx context.Context, key string) error }


// AcceptTOS is a Manager.Prompt function that always returns true to // indicate acceptance of the CA's Terms of Service during account // registration. func AcceptTOS(tosURL string) bool


// HostWhitelist returns a policy where only the specified host names are allowed. // Only exact matches are currently supported. Subdomains, regexp or wildcard // will not match. // // Note that all hosts will be converted to Punycode via idna.Lookup.ToASCII so that // Manager.GetCertificate can handle the Unicode IDN and mixedcase hosts correctly. // Invalid hosts will be silently ignored. func HostWhitelist(hosts ...string) HostPolicy


// NewListener returns a net.Listener that listens on the standard TLS // port (443) on all interfaces and returns *tls.Conn connections with // LetsEncrypt certificates for the provided domain or domains. // // It enables one-line HTTPS servers: // // log.Fatal(http.Serve(autocert.NewListener("example.com"), handler)) // // NewListener is a convenience function for a common configuration. // More complex or custom configurations can use the autocert.Manager // type instead. // // Use of this function implies acceptance of the LetsEncrypt Terms of // Service. If domains is not empty, the provided domains are passed // to HostWhitelist. If domains is empty, the listener will do // LetsEncrypt challenges for any requested domain, which is not // recommended. // // Certificates are cached in a "golang-autocert" directory under an // operating system-specific cache or temp directory. This may not // be suitable for servers spanning multiple machines. // // The returned listener uses a *tls.Config that enables HTTP/2, and // should only be used with servers that support HTTP/2. // // The returned Listener also enables TCP keep-alives on the accepted // connections. The returned *tls.Conn are returned before their TLS // handshake has completed. func NewListener(domains ...string) net.Listener