Actix-web/Lettre/acme-client OPENSSL version conflict

I'm building a REST API with actix-web 3.3.2, I use lettre 0.10.0-rc.3 to send emails. Lettre compiles the openssl-sys crate as a dependency which expects an Openssl version >1.0 to be installed in the system. Until this, I'm good.

But now I have a problem because I want to add the crate acme-client ( in my dependencies in order to enable https, and acme-client only support older versions of openssl (<1.0). I know this is a known issues and I saw some MR to add support of openssl >1.0 but it doesn't seems to be merged yet ( Does not work with modern openssl versions · Issue #43 · onur/acme-client · GitHub)

So meanwhile I don't know how to work around to be able to work with https on my actix server.

If useful, here is an overview of my project configuration :
Cargo dependencies:

actix-web = "3"
futures = "0.3.17"
serde = "1.0.130"
lettre = "0.10.0-rc.3"
# acme-client="0.5" <-- build fails

And the Dockerfile that builds the API container

FROM rust:1.50-slim-buster
WORKDIR /usr/src/app
COPY ./Cargo.toml ./Cargo.toml
COPY ./src ./src

RUN apt-get update && apt-get install build-essential perl wget -y \
    && wget -P /tmp \
    && tar -xvzf /tmp/openssl-1.1.1l.tar.gz -C /usr/local/include/
WORKDIR /usr/local/include/openssl-1.1.1l
RUN ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl \
    && make && make install \
    && apt-get install -y ca-certificates

ENV OPENSSL_DIR "/usr/local/openssl"

WORKDIR /usr/src/app

I'm not super comfortable with all the HTTPS/SSL/TLS questions, so I might not being seeing the obvious solution...
Thanks for any tip!

acme-client is seriously outdated, and probably won't work (you'd have to downgrade everything else by 3 years).

Try some other library. There's a less outdated fork. Or maybe try acme2?

1 Like

Thanks !
I actually had not even come across those crates when I was doing my researches, I only-found acme-client ...
Acme2 seems like the right solution, it compiles with my other dependencies and it doesn't complain about my openssl version. I didn't try to implement it yet but I'm going to consider this as solved :).
Thanks again.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.