Пример #1
0
// returns a preconfigured DNSimple lego.ChallengeProvider
func makeDNSimpleProvider(opts ProviderOpts) (lego.ChallengeProvider, error) {
	if len(opts.DNSimpleEmail) == 0 {
		return nil, fmt.Errorf("DNSimple Email is not set")
	}
	if len(opts.DNSimpleKey) == 0 {
		return nil, fmt.Errorf("DNSimple API key is not set")
	}

	provider, err := dnsimple.NewDNSProviderCredentials(opts.DNSimpleEmail, opts.DNSimpleKey)
	if err != nil {
		return nil, err
	}
	return provider, nil
}
Пример #2
0
func main() {
	if flag.NArg() != 1 {
		flag.Usage()
		os.Exit(2)
	}
	if email == "" {
		fmt.Println("--email is required")
		os.Exit(2)
	}

	now := time.Now().Unix()
	domains := strings.Split(flag.Args()[0], ",")

	privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
	if err != nil {
		log.Fatal(err)
	}

	if r, _ := regexp.Compile("%v"); r.MatchString(email) {
		email = fmt.Sprintf(email, now)
	}
	user := User{
		Email: email,
		key:   privateKey,
	}

	usersPath := fmt.Sprintf("%v/users/%v", dataPath, user.GetEmail())
	log.Println(usersPath)

	fileWrite(usersPath, "privkey.pem", pemEncode(privateKey))
	fileWrite(usersPath, "pubkey.pem", pemEncode(privateKey.Public()))

	// log: user
	log.Println(user)

	// A client facilitates communication with the CA server.
	client, err := acme.NewClient(strings.Join([]string{acmeUrl, "directory"}, "/"), &user, acme.RSA2048)
	if err != nil {
		log.Fatal(err)
	}

	// Force to use DNSimple
	provider, err := dnsimple.NewDNSProviderCredentials(dnsimpleEmail, dnsimpleApiKey)
	if err != nil {
		log.Fatal(err)
	}

	client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
	client.SetChallengeProvider(acme.DNS01, provider)
	if err != nil {
		log.Fatal(err)
	}

	// New users will need to register; be sure to save it
	reg, err := client.Register()
	if err != nil {
		log.Fatal(err)
	}
	user.Registration = reg

	// log: registration
	log.Println(reg)

	// The client has a URL to the current Let's Encrypt Subscriber Agreement.
	// The user will need to agree to it.
	err = client.AgreeToTOS()
	if err != nil {
		log.Fatal(err)
	}

	// The acme library takes care of completing the challenges to obtain the certificate(s).
	bundle := true
	certificates, failures := client.ObtainCertificate(domains, bundle, nil, false)
	if len(failures) > 0 {
		log.Fatal(failures)
	}

	// log: certificate
	log.Println(fmt.Printf("[INFO][%s] Certificate %s", certificates.CertURL, strings.Join(domains, ", ")))

	// Each certificate comes back with the cert bytes, the bytes of the client's
	// private key, and a certificate URL. This is where you should save them to files!
	//fmt.Printf("%#v\n", certificates)

	certsPath := fmt.Sprintf("%v/certs/%v", dataPath, now)
	log.Println(certsPath)
	fileWrite(certsPath, "privkey.pem", certificates.PrivateKey)
	fileWrite(certsPath, "fullchain.pem", certificates.Certificate)

	log.Println("completed!")
}