// returns a preconfigured DNSimple lego.ChallengeProvider
func makeDNSimpleProvider(opts ProviderOpts) (lego.ChallengeProvider, error) {
if len(opts.DNSimpleEmail) == 0 {
return nil, fmt.Errorf("DNSimple Email is not set")
}
if len(opts.DNSimpleKey) == 0 {
return nil, fmt.Errorf("DNSimple API key is not set")
}
provider, err := dnsimple.NewDNSProviderCredentials(opts.DNSimpleEmail, opts.DNSimpleKey)
if err != nil {
return nil, err
}
return provider, nil
}
func main() {
if flag.NArg() != 1 {
flag.Usage()
os.Exit(2)
}
if email == "" {
fmt.Println("--email is required")
os.Exit(2)
}
now := time.Now().Unix()
domains := strings.Split(flag.Args()[0], ",")
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
if err != nil {
log.Fatal(err)
}
if r, _ := regexp.Compile("%v"); r.MatchString(email) {
email = fmt.Sprintf(email, now)
}
user := User{
Email: email,
key: privateKey,
}
usersPath := fmt.Sprintf("%v/users/%v", dataPath, user.GetEmail())
log.Println(usersPath)
fileWrite(usersPath, "privkey.pem", pemEncode(privateKey))
fileWrite(usersPath, "pubkey.pem", pemEncode(privateKey.Public()))
// log: user
log.Println(user)
// A client facilitates communication with the CA server.
client, err := acme.NewClient(strings.Join([]string{acmeUrl, "directory"}, "/"), &user, acme.RSA2048)
if err != nil {
log.Fatal(err)
}
// Force to use DNSimple
provider, err := dnsimple.NewDNSProviderCredentials(dnsimpleEmail, dnsimpleApiKey)
if err != nil {
log.Fatal(err)
}
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
client.SetChallengeProvider(acme.DNS01, provider)
if err != nil {
log.Fatal(err)
}
// New users will need to register; be sure to save it
reg, err := client.Register()
if err != nil {
log.Fatal(err)
}
user.Registration = reg
// log: registration
log.Println(reg)
// The client has a URL to the current Let's Encrypt Subscriber Agreement.
// The user will need to agree to it.
err = client.AgreeToTOS()
if err != nil {
log.Fatal(err)
}
// The acme library takes care of completing the challenges to obtain the certificate(s).
bundle := true
certificates, failures := client.ObtainCertificate(domains, bundle, nil, false)
if len(failures) > 0 {
log.Fatal(failures)
}
// log: certificate
log.Println(fmt.Printf("[INFO][%s] Certificate %s", certificates.CertURL, strings.Join(domains, ", ")))
// Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. This is where you should save them to files!
//fmt.Printf("%#v\n", certificates)
certsPath := fmt.Sprintf("%v/certs/%v", dataPath, now)
log.Println(certsPath)
fileWrite(certsPath, "privkey.pem", certificates.PrivateKey)
fileWrite(certsPath, "fullchain.pem", certificates.Certificate)
log.Println("completed!")
}