Decorative site banner
Project icon

com.io7m.certusine

  • About
  • Releases
  • Manual
  • Sources
  • License
  • Issues
Maven Central Version Maven Snapshot Code Coverage

certusine

The certusine package provides an ACME client.

Features

  • Uses acme4j internally for strong RFC compliance.
  • Exclusively uses the DNS-01 ACME challenge type for ease of integration with infrastructure without having to set up insecure web servers.
  • A small, easily auditable codebase with a heavy use of modularity for correctness.
  • Exposes a service provider API for integrating with new DNS APIs.
  • Exposes a service provider API for implementing new types of certificate outputs.
  • Supports Hetzner DNS.
  • Supports Vultr DNS.
  • Supports Gandi LiveDNS.
  • Supports writing certificates to looseleaf servers.
  • Heavily instrumented with OpenTelemetry for reliable service monitoring.
  • An extensive automated test suite with high coverage.
  • A small footprint; the client is designed to run in tiny 16-32mb JVM heap configurations.
  • Platform independence. No platform-dependent code is included in any form, and installations can largely be carried between platforms without changes.
  • OSGi-ready.
  • JPMS-ready.
  • ISC license.

Usage

See the documentation.

Releases & Development Snapshots

Releases

You can subscribe to the atom feed to be notified of project releases.

The most recently released version of the package is 4.0.0-beta0004.

4.0.0-beta0004 Release (2026-05-31Z)

  • Refactor DNS handling to allow for prompt and reliable certificate signing.
  • OpenTelemetry is now deprecated. (Tickets: 240)

The compiled artifacts for the release (and all previous releases) are available on Maven Central.

Maven Modules

<dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.api</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.certstore.api</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.cmdline</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.documentation</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.gandi</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.grafana</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.hetzner</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.looseleaf</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.oci</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.tests</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.vanilla</artifactId> <version>4.0.0-beta0004</version> </dependency><dependency> <group>com.io7m.certusine</group> <artifactId>com.io7m.certusine.vultr</artifactId> <version>4.0.0-beta0004</version> </dependency>

Previous Releases

The changelogs for the most recent previous releases are as follows:

4.0.0-beta0003 Release (2026-05-31Z)

  • Fail challenges that are PENDING for too long. (Tickets: 193)

4.0.0-beta0002 Release (2026-05-31Z)

  • Upgrade logback-classic 1.5.21 -> 1.5.33.
  • Upgrade jackson 3.0.3 -> 3.1.4.
  • Upgrade junit 5.14.1 -> 6.1.0.
  • Upgrade opentelemetry 1.61.0 -> 1.62.0.
  • Upgrade dixmont 3.0.0 -> 3.1.0.
  • Upgrade quarrel 1.8.0 -> 1.8.1.
  • Upgrade bouncycastle 1.82 -> 1.84
  • Upgrade dnsjava 3.6.3 -> 3.6.5.
  • Upgrade commons-text 1.14.0 -> 1.15.0.
  • Upgrade sqlite-jdbc 3.51.0.0 -> 3.53.1.0.

4.0.0-beta0001 Release (2026-05-02Z)

  • Update org.apache.commons:commons-text:1.13.0 → 1.13.1.
  • Update io.opentelemetry:opentelemetry-bom:1.48.0 → 1.49.0.
  • Update com.squareup.okio:okio-jvm:3.10.2 → 3.11.0.
  • Update org.junit:junit-bom:5.12.1 → 5.12.2.
  • Update com.squareup.okio:okio-jvm:3.11.0 → 3.12.0.
  • Update io.opentelemetry:opentelemetry-bom:1.49.0 → 1.50.0.
  • Update com.io7m.trasco.version:3.0.0 → 3.1.1.
  • Update com.io7m.quarrel.version:1.6.1 → 1.8.0.
  • Update net.byte-buddy.version:1.17.5 → 1.17.6.
  • Update com.fasterxml.jackson:jackson-bom:2.18.3 → 2.19.2.
  • Update org.xerial:sqlite-jdbc:3.49.1.0 → 3.50.3.0.
  • Upgrade OCI JRE to 21.0.8_9.
  • Upgrade OCI Alpine to 3.22.1.
  • Add an option to remove unreferenced certificates.
  • Update io.opentelemetry:opentelemetry-bom:1.50.0 → 1.53.0.
  • Update bouncycastle.version:1.80 → 1.81.
  • Update com.squareup.okio:okio-jvm:3.12.0 → 3.16.0.
  • Update jetty.version:11.0.25 → 11.0.26.
  • Update org.apache.commons:commons-text:1.13.1 → 1.14.0.
  • Update org.junit:junit-bom:5.12.2 → 5.13.4.
  • Update logback.version:1.5.18 → 1.5.19.
  • Update bouncycastle.version:1.81 → 1.82.
  • Update org.junit:junit-bom:5.13.4 → 5.14.0.
  • Update io.opentelemetry:opentelemetry-bom:1.53.0 → 1.54.1.
  • Update actions/upload-artifact:4.6.2 → 5.0.0.
  • Update org.junit:junit-bom:5.14.0 → 5.14.1.
  • Update com.io7m.dixmont:com.io7m.dixmont.core:2.0.0 → 2.1.0.
  • Update net.byte-buddy.version:1.17.6 → 1.17.8.
  • Update jakarta.xml.bind:jakarta.xml.bind-api:4.0.2 → 4.0.4.
  • Update com.squareup.okio:okio-jvm:3.16.0 → 3.16.2.
  • Update logback.version:1.5.19 → 1.5.20.
  • Update com.sun.xml.bind:jaxb-impl:4.0.5 → 4.0.6.
  • Update com.h2database:h2-mvstore:2.3.232 → 2.4.240.
  • Upgrade to Jackson 3.0.3. (Backwards incompatible)
  • Update io.opentelemetry:opentelemetry-bom:1.55.0 → 1.56.0.
  • Update org.xerial:sqlite-jdbc:3.50.3.0 → 3.51.0.0.
  • Update logback.version:1.5.20 → 1.5.21.
  • Replace obsolete Hetzner DNS API with Hetzner Cloud API. (Tickets: 239)
  • Upgrade alpine 3.22.1 -> 3.23.4.
  • Upgrade temurin 21.0.8_9 -> 25.0.3_9.
  • Remove GRPC telemetry option. (Backwards incompatible)

3.2.0 Release (2025-04-30Z)

  • Update org.junit:junit-bom:5.10.2 → 5.10.3.
  • Update jetty.version:11.0.21 → 11.0.22.
  • Update jackson.version:2.17.1 → 2.17.2.
  • Update io.opentelemetry:opentelemetry-bom:1.39.0 → 1.40.0.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.39.0 → 1.40.0.
  • Update net.byte-buddy.version:1.14.17 → 1.14.18.
  • Update org.jetbrains.kotlin:kotlin-stdlib:1.9.24 → 1.9.25.
  • Update dnsjava:dnsjava:3.5.3 → 3.6.0.
  • Update dnsjava:dnsjava:3.6.0 → 3.6.1.
  • Update org.xerial:sqlite-jdbc:3.46.0.0 → 3.46.0.1.
  • Update org.slf4j:slf4j-api:2.0.13 → 2.0.14.
  • Update org.slf4j:slf4j-api:2.0.14 → 2.0.15.
  • Update io.opentelemetry:opentelemetry-bom:1.40.0 → 1.41.0.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.40.0 → 1.41.0.
  • Update com.h2database:h2-mvstore:2.2.224 → 2.3.232.
  • Update org.slf4j:slf4j-api:2.0.15 → 2.0.16.
  • Update org.junit:junit-bom:5.10.3 → 5.11.0.
  • Update logback.version:1.5.6 → 1.5.7.
  • Update net.byte-buddy.version:1.14.18 → 1.14.19.
  • Update org.xerial:sqlite-jdbc:3.46.0.1 → 3.46.1.0.
  • Update jetty.version:11.0.22 → 11.0.23.
  • Update net.byte-buddy.version:1.14.19 → 1.15.0.
  • Update org.mockito:mockito-core:5.12.0 → 5.13.0.
  • Update net.byte-buddy.version:1.15.0 → 1.15.1.
  • Update jetty.version:11.0.23 → 11.0.24.
  • Update logback.version:1.5.7 → 1.5.8.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.41.0 → 1.42.0.
  • Update io.opentelemetry:opentelemetry-bom:1.41.0 → 1.42.0.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.42.0 → 1.42.1.
  • Update io.opentelemetry:opentelemetry-bom:1.42.0 → 1.42.1.
  • Update com.squareup.okio:okio-jvm:3.9.0 → 3.9.1.
  • Update com.io7m.jproperties:com.io7m.jproperties.core:3.2.0 → 4.0.0.
  • Update com.io7m.looseleaf.version:1.1.0 → 2.0.0.
  • Update com.io7m.dixmont:com.io7m.dixmont.core:1.0.0 → 2.0.0.
  • Update com.io7m.trasco.version:1.1.0 → 2.0.0.
  • Update com.io7m.trasco.version:2.0.0 → 2.0.1.
  • Update dnsjava:dnsjava:3.6.1 → 3.6.2.
  • Update net.byte-buddy.version:1.15.1 → 1.15.2.
  • Update org.xerial:sqlite-jdbc:3.46.1.0 → 3.46.1.2.
  • Update net.byte-buddy.version:1.15.2 → 1.15.3.
  • Update org.junit:junit-bom:5.11.0 → 5.11.1.
  • Update org.xerial:sqlite-jdbc:3.46.1.2 → 3.46.1.3.
  • Update jackson.version:2.17.2 → 2.18.0.
  • Update org.mockito:mockito-core:5.13.0 → 5.14.0.
  • Update org.mockito:mockito-core:5.14.0 → 5.14.1.
  • Update org.junit:junit-bom:5.11.1 → 5.11.2.
  • Update logback.version:1.5.8 → 1.5.9.
  • Update net.byte-buddy.version:1.15.3 → 1.15.4.
  • Update io.opentelemetry:opentelemetry-bom:1.42.1 → 1.43.0.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.42.1 → 1.43.0.
  • Update logback.version:1.5.9 → 1.5.10.
  • Update org.mockito:mockito-core:5.14.1 → 5.14.2.
  • Update logback.version:1.5.10 → 1.5.11.
  • Update net.byte-buddy.version:1.15.4 → 1.15.5.
  • Update org.junit:junit-bom:5.11.2 → 5.11.3.
  • Update net.byte-buddy.version:1.15.5 → 1.15.7.
  • Update org.xerial:sqlite-jdbc:3.46.1.3 → 3.47.0.0.
  • Update logback.version:1.5.11 → 1.5.12.
  • Update jackson.version:2.18.0 → 2.18.1.
  • Update bouncycastle.version:1.78.1 → 1.79.
  • Update net.byte-buddy.version:1.15.7 → 1.15.8.
  • Update net.byte-buddy.version:1.15.8 → 1.15.10.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.43.0 → 1.44.0.
  • Update io.opentelemetry:opentelemetry-bom:1.43.0 → 1.44.0.
  • Update io.opentelemetry:opentelemetry-bom:1.44.0 → 1.44.1.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.44.0 → 1.44.1.
  • Improve telemetry. (Tickets: 136, 137)
  • Handle Vultr DNS API changes. (Tickets: 138)
  • Update org.xerial:sqlite-jdbc:3.47.0.0 → 3.47.1.0.
  • Update jackson.version:2.18.1 → 2.18.2.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.44.1 → 1.45.0.
  • Update io.opentelemetry:opentelemetry-bom:1.44.1 → 1.45.0.
  • Update net.byte-buddy.version:1.15.10 → 1.15.11.
  • Update org.junit:junit-bom:5.11.3 → 5.11.4.
  • Update logback.version:1.5.12 → 1.5.13.
  • Update logback.version:1.5.13 → 1.5.14.
  • Update logback.version:1.5.14 → 1.5.15.
  • Update org.mockito:mockito-core:5.14.2 → 5.15.2.
  • Update org.xerial:sqlite-jdbc:3.47.1.0 → 3.47.2.0.
  • Update logback.version:1.5.15 → 1.5.16.
  • Update com.squareup.okio:okio-jvm:3.9.1 → 3.10.1.
  • Update com.squareup.okio:okio-jvm:3.10.1 → 3.10.2.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.45.0 → 1.46.0.
  • Update bouncycastle.version:1.79 → 1.80.
  • Update codecov/codecov-action:5.1.2 → 5.3.1.
  • Update net.byte-buddy.version:1.15.11 → 1.17.0.
  • Update dnsjava:dnsjava:3.6.2 → 3.6.3.
  • Update io.opentelemetry:opentelemetry-bom:1.45.0 → 1.46.0.
  • Update logback.version:1.5.16 → 1.5.17.
  • Update jackson.version:2.18.2 → 2.18.3.
  • Update org.junit:junit-bom:5.11.4 → 5.12.0.
  • Upgrade to acme4j 3.5.1.
  • Upgrade to trasco 3.0.0.
  • Update io.opentelemetry:opentelemetry-bom:1.46.0 → 1.47.0.
  • Update net.byte-buddy.version:1.17.0 → 1.17.1.
  • Update io.opentelemetry:opentelemetry-sdk-logs:1.46.0 → 1.48.0.
  • Update org.xerial:sqlite-jdbc:3.47.2.0 → 3.49.1.0.
  • Update org.junit:junit-bom:5.12.0 → 5.12.1.
  • Update jetty.version:11.0.24 → 11.0.25.
  • Update org.slf4j:slf4j-api:2.0.16 → 2.0.17.
  • Update org.codehaus.mojo:jaxb2-maven-plugin:3.2.0 → 3.3.0.
  • Update net.byte-buddy.version:1.17.4 → 1.17.5.
  • Update logback.version:1.5.17 → 1.5.18.
  • Disable DNS cache. (Tickets: 185)
  • Use SOA queries instead of NS queries to find name servers.

Development Snapshots

At the time of writing, the current unstable development version of the package is 4.0.0-SNAPSHOT.

Development snapshots may be available in the Central Portal Snapshots repository. Snapshots are published to this repository every time the project is built by the project's continuous integration system, but snapshots do expire after around ninety days and so may or may not be available depending on when a build of the package was last triggered.

Manual

User Manual

  • XHTML - One page per section
  • XHTML - Single page

Sources

This project uses Git to manage source code.

Repository: https://www.github.com/io7m-com/certusine

$ git clone --recursive https://www.github.com/io7m-com/certusine

Issues

This project uses GitHub Issues to track issues.

License

Copyright © 2023 Mark Raynsford <code@io7m.com> https://www.io7m.com Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Last Updated 2026-05-31T18:07:02Z