You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
5.0 KiB
Go
161 lines
5.0 KiB
Go
package acme
|
|
|
|
import (
|
|
"b612.me/starcrypto"
|
|
"b612.me/starlog"
|
|
"fmt"
|
|
"github.com/go-acme/lego/v4/certcrypto"
|
|
"github.com/go-acme/lego/v4/challenge/http01"
|
|
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
|
|
"github.com/go-acme/lego/v4/lego"
|
|
"github.com/go-acme/lego/v4/providers/dns/acmedns"
|
|
"github.com/go-acme/lego/v4/providers/dns/alidns"
|
|
"github.com/go-acme/lego/v4/providers/dns/azuredns"
|
|
"github.com/go-acme/lego/v4/providers/dns/cloudflare"
|
|
"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
|
|
"os"
|
|
)
|
|
|
|
func run(a Acme) error {
|
|
|
|
// Create a user. New accounts need an email and private key to start.
|
|
if a.KeyPath != "" {
|
|
data, err := os.ReadFile(a.KeyPath)
|
|
if err != nil {
|
|
return fmt.Errorf("read key file error:%w", err)
|
|
}
|
|
a.key, err = starcrypto.DecodePrivateKey(data, "")
|
|
if err != nil {
|
|
return fmt.Errorf("decode key error:%w", err)
|
|
}
|
|
}
|
|
for _, req := range a.CertReqs {
|
|
starlog.Info("request cert for %v", req.Domains)
|
|
config := lego.NewConfig(&a)
|
|
// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
|
|
config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory"
|
|
switch req.KeyType {
|
|
case "rsa2048":
|
|
config.Certificate.KeyType = certcrypto.RSA2048
|
|
case "rsa4096":
|
|
config.Certificate.KeyType = certcrypto.RSA4096
|
|
case "rsa8192":
|
|
config.Certificate.KeyType = certcrypto.RSA8192
|
|
case "ec256":
|
|
config.Certificate.KeyType = certcrypto.EC256
|
|
case "ec384":
|
|
config.Certificate.KeyType = certcrypto.EC384
|
|
default:
|
|
config.Certificate.KeyType = certcrypto.EC384
|
|
}
|
|
|
|
// A client facilitates communication with the CA server.
|
|
client, err := lego.NewClient(config)
|
|
if err != nil {
|
|
starlog.Errorf("new client error:%v", err)
|
|
return fmt.Errorf("new client error:%w", err)
|
|
}
|
|
p := a.DnsPrivders[req.PrivderName]
|
|
switch p.Type {
|
|
case "http":
|
|
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", p.KeyID))
|
|
if err != nil {
|
|
starlog.Errorf("set http provider error:%v", err)
|
|
return fmt.Errorf("set http provider error:%w", err)
|
|
}
|
|
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", p.KeySecret))
|
|
if err != nil {
|
|
starlog.Errorf("set tlsalpn provider error:%v", err)
|
|
return fmt.Errorf("set tlsalpn provider error:%w", err)
|
|
}
|
|
case "tencent":
|
|
cfg := tencentcloud.NewDefaultConfig()
|
|
cfg.SecretID = p.KeyID
|
|
cfg.SecretKey = p.KeySecret
|
|
dnsSet, err := tencentcloud.NewDNSProviderConfig(cfg)
|
|
if err != nil {
|
|
starlog.Errorf("new dns provider error:%v", err)
|
|
return fmt.Errorf("new dns provider error:%w", err)
|
|
}
|
|
err = client.Challenge.SetDNS01Provider(dnsSet)
|
|
if err != nil {
|
|
starlog.Errorf("set dns provider error:%v", err)
|
|
return fmt.Errorf("set dns provider error:%w", err)
|
|
}
|
|
case "cloudflare":
|
|
cfg := cloudflare.NewDefaultConfig()
|
|
cfg.AuthKey = p.KeySecret
|
|
cfg.AuthEmail = p.KeyID
|
|
dnsSet, err := cloudflare.NewDNSProviderConfig(cfg)
|
|
if err != nil {
|
|
starlog.Errorf("new dns provider error:%v", err)
|
|
return fmt.Errorf("new dns provider error:%w", err)
|
|
}
|
|
err = client.Challenge.SetDNS01Provider(dnsSet)
|
|
if err != nil {
|
|
starlog.Errorf("set dns provider error:%v", err)
|
|
return fmt.Errorf("set dns provider error:%w", err)
|
|
}
|
|
case "alidns":
|
|
cfg := alidns.NewDefaultConfig()
|
|
cfg.APIKey = p.KeyID
|
|
cfg.SecretKey = p.KeySecret
|
|
dnsSet, err := alidns.NewDNSProviderConfig(cfg)
|
|
if err != nil {
|
|
starlog.Errorf("new dns provider error:%v", err)
|
|
return fmt.Errorf("new dns provider error:%w", err)
|
|
}
|
|
err = client.Challenge.SetDNS01Provider(dnsSet)
|
|
if err != nil {
|
|
starlog.Errorf("set dns provider error:%v", err)
|
|
return fmt.Errorf("set dns provider error:%w", err)
|
|
}
|
|
case "azure":
|
|
cfg := azuredns.NewDefaultConfig()
|
|
cfg.ClientID = p.KeyID
|
|
cfg.ClientSecret = p.KeySecret
|
|
dnsSet, err := azuredns.NewDNSProviderConfig(cfg)
|
|
if err != nil {
|
|
starlog.Errorf("new dns provider error:%v", err)
|
|
return fmt.Errorf("new dns provider error:%w", err)
|
|
}
|
|
err = client.Challenge.SetDNS01Provider(dnsSet)
|
|
if err != nil {
|
|
starlog.Errorf("set dns provider error:%v", err)
|
|
return fmt.Errorf("set dns provider error:%w", err)
|
|
}
|
|
default:
|
|
cfg, _ := acmedns.NewDNSProvider()
|
|
err = client.Challenge.SetDNS01Provider(cfg)
|
|
if err != nil {
|
|
starlog.Errorf("set dns provider error:%v", err)
|
|
return fmt.Errorf("set dns provider error:%w", err)
|
|
}
|
|
}
|
|
|
|
/*
|
|
// New users will need to register
|
|
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
a.Registration = reg
|
|
|
|
request := certificate.ObtainRequest{
|
|
Domains: []string{"mydomain.com"},
|
|
Bundle: true,
|
|
}
|
|
certificates, err := client.Certificate.Obtain(request)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
// Each certificate comes back with the cert bytes, the bytes of the client's
|
|
// private key, and a certificate URL. SAVE THESE TO DISK.
|
|
fmt.Printf("%#v\n", certificates)
|
|
|
|
*/
|
|
}
|
|
return nil
|
|
}
|