Go Library · Let's Encrypt · Auto-Renewal

Let's Encrypt certs,
the Go way

Certy is a Go library for managing Let's Encrypt SSL/TLS certificates with automatic renewal, HTTP-01 challenge support, custom certificates, and thread-safe operations.

go get certy See Code Examples

main.go

package main

import (
    "log"

    "github.com/kintsdev/certy"
)

func main() {
    // Create a new certificate manager
    manager := certy.NewManager(
        "[email protected]", // Your email for Let's Encrypt
        "./certs",                // Directory to store certificates
        true,                     // Use staging environment first
    )

    // Issue a certificate for a domain
    err := manager.IssueCert("example.com")
    if err != nil {
        log.Fatalf("Failed to issue certificate: %v", err)
    }
}

Scroll

Features

Certificate management
built for Go developers

Everything you need for automated Let's Encrypt certificate lifecycle — from issuing to renewal.

Automatic Let's Encrypt

Issue and renew SSL certificates automatically via Let's Encrypt. Production and staging environment support out of the box.

HTTP-01 Challenge

Built-in ACME challenge handler for domain verification. Just wrap your HTTP handler and Let's Encrypt validates automatically.

Custom Certificates

Add your own PEM certificates alongside Let's Encrypt ones. Use AddCustomCert() with cert and key data.

Thread-Safe Operations

Concurrent certificate issuance with proper mutex locking. Safe to use across multiple goroutines without data races.

Automatic Renewal

Certificates are renewed 30 days before expiry automatically. ECDSA P-256 keys, RSA 4096-bit account keys, 88-day cert lifetime.

Staging Environment

Test with Let's Encrypt staging servers first. 300 new orders per 3 hours — switch to production when you're ready.

Three steps to
production TLS

01

Install the Library

Run go get github.com/kintsdev/certy to add Certy to your Go project.

02

Create Manager & Issue

Call NewManager(email, path, staging) then IssueCert(domain).

03

Serve with Auto-TLS

Use GetCert in your TLS config and wrap with HTTPHandler for challenges.

Full Example

HTTP server with
automatic certificates

Drop Certy into any Go HTTP server. Use GetCert for automatic certificate selection and HTTPHandler for ACME challenge handling.

TLS config with GetCertificate callback
ACME challenge handler wraps your existing routes
Custom certs via AddCustomCert(domain, cert, key)
Certs stored in organized directory structure

server.go

manager := certy.NewManager(
    "[email protected]", "./certs", false,
)

server := &http.Server{
    Addr: ":8443",
    TLSConfig: &tls.Config{
        GetCertificate: manager.GetCert,
    },
    Handler: http.HandlerFunc(
        func(w http.ResponseWriter, r *http.Request) {
            fmt.Fprintf(w, "Hello from %s!", r.Host)
        },
    ),
}

// Wrap with ACME challenge handler
server.Handler = manager.HTTPHandler(server.Handler)
log.Fatal(server.ListenAndServeTLS("", ""))

Ready to automate
your certificates?

Automatic Let's Encrypt certificates with HTTP-01 challenges, auto-renewal, and thread-safe design. Open source, production ready.

View on GitHub [email protected]

Let's Encrypt certs, the Go way

Certificate managementbuilt for Go developers