Skip to content
English
Submit Ticket
  • There are no suggestions because the search field is empty.

LEGO ACME Client Integration with OpusDNS

Introduction

Lego (go-acme/lego) is an open-source ACME client and library written in Go that enables fully automated management of SSL/TLS certificates. It is widely used with Let’s Encrypt and other ACME-compatible certificate authorities to simplify certificate issuance, renewal, and revocation in modern infrastructure.

Originally designed for flexibility and automation, Lego is commonly used in DevOps workflows, CI/CD pipelines, self-hosted systems, and automated HTTPS deployments where manual certificate handling is not practical.


What is Lego?

Lego (go-acme/lego) is both a command-line tool and a reusable Go library that implements the ACME v2 protocol (RFC 8555) for automated certificate management.

It allows users to:

  • Obtain TLS certificates automatically
  • Renew certificates before expiration
  • Revoke certificates when no longer needed
  • Manage multiple domains in SAN certificates
  • Integrate ACME functionality directly into applications

Lego is widely recognized for its simplicity and extensive compatibility with DNS providers.


Why use ACME automation?

Modern infrastructure is highly dynamic. Services change frequently, domains evolve, and automated deployments require secure HTTPS without manual intervention.

With ACME automation, certificate lifecycle tasks are fully automated:

  • Domain validation
  • Certificate issuance
  • Renewal and rotation
  • Revocation when required

This ensures secure HTTPS while reducing operational overhead and eliminating manual certificate management.


OpusDNS Integration with Lego

OpusDNS can be used with Lego (go-acme/lego) to automate DNS-01 challenges during certificate issuance.

In this integration, Lego uses OpusDNS as a DNS provider to dynamically manage TXT records required for ACME validation.

GitHub Repository:
https://github.com/go-acme/lego

The process works as follows:

  1. Lego starts a certificate request via ACME
  2. A DNS-01 challenge is selected
  3. Lego communicates with the OpusDNS API
  4. A temporary DNS TXT record is created automatically
  5. The ACME provider validates domain ownership
  6. The certificate is issued
  7. The temporary DNS record is removed automatically

This enables fully automated wildcard certificate issuance and removes the need for manual DNS updates.


Key Features of Lego

Lego (go-acme/lego) provides a robust feature set for production environments:

  • ACME v2 support (RFC 8555)
  • HTTP-01, DNS-01, and TLS-ALPN-01 challenge support
  • Automatic certificate renewal
  • Wildcard certificate support via DNS-01
  • Support for ~180 DNS providers
  • IP address certificate issuance
  • CLI and Go library usage
  • Integration with custom ACME servers

Its flexibility makes it suitable for everything from small self-hosted environments to large-scale automated infrastructures.


How Lego works

The certificate lifecycle with Lego (go-acme/lego) follows a fully automated flow:

  1. A certificate request is initiated (CLI or API)
  2. Lego registers or uses an existing ACME account
  3. An ACME challenge is selected (HTTP-01, DNS-01, or TLS-ALPN-01)
  4. Domain ownership is validated
  5. The Certificate Authority issues the certificate
  6. The certificate is stored locally or exported
  7. Renewal jobs are scheduled automatically

For DNS-01 challenges, Lego can interact with DNS providers via APIs, which is especially useful for wildcard certificates.


Use cases

Lego is commonly used for:

  • Automated HTTPS deployments
  • Reverse proxies and load balancers
  • Self-hosted applications
  • API services requiring TLS
  • CI/CD pipelines
  • Wildcard certificate automation
  • Embedded ACME functionality inside Go applications

Lego can operate fully standalone or be integrated into larger automation workflows.


Benefits

  • Fully automated certificate lifecycle
  • No need for manual renewal scripts
  • Broad DNS provider compatibility
  • Suitable for both CLI and embedded usage
  • Lightweight and production-ready
  • Strong support for modern ACME extensions


Conclusion

Lego (go-acme/lego) is one of the most flexible and widely adopted ACME clients available today. By implementing the ACME protocol, it enables seamless automation of TLS certificate management across modern infrastructures.

Combined with OpusDNS for DNS-01 validation, Lego provides a reliable and fully automated solution for secure HTTPS deployments without manual DNS or certificate management.

GitHub Repository:
https://github.com/go-acme/lego