package acme import ( "b612.me/starcrypto" "b612.me/starlog" "fmt" "github.com/go-acme/lego/v4/certcrypto" "github.com/go-acme/lego/v4/challenge/http01" "github.com/go-acme/lego/v4/challenge/tlsalpn01" "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/providers/dns/acmedns" "github.com/go-acme/lego/v4/providers/dns/alidns" "github.com/go-acme/lego/v4/providers/dns/azuredns" "github.com/go-acme/lego/v4/providers/dns/cloudflare" "github.com/go-acme/lego/v4/providers/dns/tencentcloud" "os" ) func run(a Acme) error { // Create a user. New accounts need an email and private key to start. if a.KeyPath != "" { data, err := os.ReadFile(a.KeyPath) if err != nil { return fmt.Errorf("read key file error:%w", err) } a.key, err = starcrypto.DecodePrivateKey(data, "") if err != nil { return fmt.Errorf("decode key error:%w", err) } } for _, req := range a.CertReqs { starlog.Info("request cert for %v", req.Domains) config := lego.NewConfig(&a) // This CA URL is configured for a local dev instance of Boulder running in Docker in a VM. config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory" switch req.KeyType { case "rsa2048": config.Certificate.KeyType = certcrypto.RSA2048 case "rsa4096": config.Certificate.KeyType = certcrypto.RSA4096 case "rsa8192": config.Certificate.KeyType = certcrypto.RSA8192 case "ec256": config.Certificate.KeyType = certcrypto.EC256 case "ec384": config.Certificate.KeyType = certcrypto.EC384 default: config.Certificate.KeyType = certcrypto.EC384 } // A client facilitates communication with the CA server. client, err := lego.NewClient(config) if err != nil { starlog.Errorf("new client error:%v", err) return fmt.Errorf("new client error:%w", err) } p := a.DnsPrivders[req.PrivderName] switch p.Type { case "http": err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", p.KeyID)) if err != nil { starlog.Errorf("set http provider error:%v", err) return fmt.Errorf("set http provider error:%w", err) } err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", p.KeySecret)) if err != nil { starlog.Errorf("set tlsalpn provider error:%v", err) return fmt.Errorf("set tlsalpn provider error:%w", err) } case "tencent": cfg := tencentcloud.NewDefaultConfig() cfg.SecretID = p.KeyID cfg.SecretKey = p.KeySecret dnsSet, err := tencentcloud.NewDNSProviderConfig(cfg) if err != nil { starlog.Errorf("new dns provider error:%v", err) return fmt.Errorf("new dns provider error:%w", err) } err = client.Challenge.SetDNS01Provider(dnsSet) if err != nil { starlog.Errorf("set dns provider error:%v", err) return fmt.Errorf("set dns provider error:%w", err) } case "cloudflare": cfg := cloudflare.NewDefaultConfig() cfg.AuthKey = p.KeySecret cfg.AuthEmail = p.KeyID dnsSet, err := cloudflare.NewDNSProviderConfig(cfg) if err != nil { starlog.Errorf("new dns provider error:%v", err) return fmt.Errorf("new dns provider error:%w", err) } err = client.Challenge.SetDNS01Provider(dnsSet) if err != nil { starlog.Errorf("set dns provider error:%v", err) return fmt.Errorf("set dns provider error:%w", err) } case "alidns": cfg := alidns.NewDefaultConfig() cfg.APIKey = p.KeyID cfg.SecretKey = p.KeySecret dnsSet, err := alidns.NewDNSProviderConfig(cfg) if err != nil { starlog.Errorf("new dns provider error:%v", err) return fmt.Errorf("new dns provider error:%w", err) } err = client.Challenge.SetDNS01Provider(dnsSet) if err != nil { starlog.Errorf("set dns provider error:%v", err) return fmt.Errorf("set dns provider error:%w", err) } case "azure": cfg := azuredns.NewDefaultConfig() cfg.ClientID = p.KeyID cfg.ClientSecret = p.KeySecret dnsSet, err := azuredns.NewDNSProviderConfig(cfg) if err != nil { starlog.Errorf("new dns provider error:%v", err) return fmt.Errorf("new dns provider error:%w", err) } err = client.Challenge.SetDNS01Provider(dnsSet) if err != nil { starlog.Errorf("set dns provider error:%v", err) return fmt.Errorf("set dns provider error:%w", err) } default: cfg, _ := acmedns.NewDNSProvider() err = client.Challenge.SetDNS01Provider(cfg) if err != nil { starlog.Errorf("set dns provider error:%v", err) return fmt.Errorf("set dns provider error:%w", err) } } /* // New users will need to register reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) if err != nil { log.Fatal(err) } a.Registration = reg request := certificate.ObtainRequest{ Domains: []string{"mydomain.com"}, Bundle: true, } certificates, err := client.Certificate.Obtain(request) if err != nil { log.Fatal(err) } // Each certificate comes back with the cert bytes, the bytes of the client's // private key, and a certificate URL. SAVE THESE TO DISK. fmt.Printf("%#v\n", certificates) */ } return nil }