You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
star/acme/acme.go

161 lines
5.0 KiB
Go

6 months ago
package acme
import (
"b612.me/starcrypto"
"b612.me/starlog"
"fmt"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/providers/dns/acmedns"
"github.com/go-acme/lego/v4/providers/dns/alidns"
"github.com/go-acme/lego/v4/providers/dns/azuredns"
"github.com/go-acme/lego/v4/providers/dns/cloudflare"
"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
"os"
)
func run(a Acme) error {
// Create a user. New accounts need an email and private key to start.
if a.KeyPath != "" {
data, err := os.ReadFile(a.KeyPath)
if err != nil {
return fmt.Errorf("read key file error:%w", err)
}
a.key, err = starcrypto.DecodePrivateKey(data, "")
if err != nil {
return fmt.Errorf("decode key error:%w", err)
}
}
for _, req := range a.CertReqs {
starlog.Info("request cert for %v", req.Domains)
config := lego.NewConfig(&a)
// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory"
switch req.KeyType {
case "rsa2048":
config.Certificate.KeyType = certcrypto.RSA2048
case "rsa4096":
config.Certificate.KeyType = certcrypto.RSA4096
case "rsa8192":
config.Certificate.KeyType = certcrypto.RSA8192
case "ec256":
config.Certificate.KeyType = certcrypto.EC256
case "ec384":
config.Certificate.KeyType = certcrypto.EC384
default:
config.Certificate.KeyType = certcrypto.EC384
}
// A client facilitates communication with the CA server.
client, err := lego.NewClient(config)
if err != nil {
starlog.Errorf("new client error:%v", err)
return fmt.Errorf("new client error:%w", err)
}
p := a.DnsPrivders[req.PrivderName]
switch p.Type {
case "http":
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", p.KeyID))
if err != nil {
starlog.Errorf("set http provider error:%v", err)
return fmt.Errorf("set http provider error:%w", err)
}
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", p.KeySecret))
if err != nil {
starlog.Errorf("set tlsalpn provider error:%v", err)
return fmt.Errorf("set tlsalpn provider error:%w", err)
}
case "tencent":
cfg := tencentcloud.NewDefaultConfig()
cfg.SecretID = p.KeyID
cfg.SecretKey = p.KeySecret
dnsSet, err := tencentcloud.NewDNSProviderConfig(cfg)
if err != nil {
starlog.Errorf("new dns provider error:%v", err)
return fmt.Errorf("new dns provider error:%w", err)
}
err = client.Challenge.SetDNS01Provider(dnsSet)
if err != nil {
starlog.Errorf("set dns provider error:%v", err)
return fmt.Errorf("set dns provider error:%w", err)
}
case "cloudflare":
cfg := cloudflare.NewDefaultConfig()
cfg.AuthKey = p.KeySecret
cfg.AuthEmail = p.KeyID
dnsSet, err := cloudflare.NewDNSProviderConfig(cfg)
if err != nil {
starlog.Errorf("new dns provider error:%v", err)
return fmt.Errorf("new dns provider error:%w", err)
}
err = client.Challenge.SetDNS01Provider(dnsSet)
if err != nil {
starlog.Errorf("set dns provider error:%v", err)
return fmt.Errorf("set dns provider error:%w", err)
}
case "alidns":
cfg := alidns.NewDefaultConfig()
cfg.APIKey = p.KeyID
cfg.SecretKey = p.KeySecret
dnsSet, err := alidns.NewDNSProviderConfig(cfg)
if err != nil {
starlog.Errorf("new dns provider error:%v", err)
return fmt.Errorf("new dns provider error:%w", err)
}
err = client.Challenge.SetDNS01Provider(dnsSet)
if err != nil {
starlog.Errorf("set dns provider error:%v", err)
return fmt.Errorf("set dns provider error:%w", err)
}
case "azure":
cfg := azuredns.NewDefaultConfig()
cfg.ClientID = p.KeyID
cfg.ClientSecret = p.KeySecret
dnsSet, err := azuredns.NewDNSProviderConfig(cfg)
if err != nil {
starlog.Errorf("new dns provider error:%v", err)
return fmt.Errorf("new dns provider error:%w", err)
}
err = client.Challenge.SetDNS01Provider(dnsSet)
if err != nil {
starlog.Errorf("set dns provider error:%v", err)
return fmt.Errorf("set dns provider error:%w", err)
}
default:
cfg, _ := acmedns.NewDNSProvider()
err = client.Challenge.SetDNS01Provider(cfg)
if err != nil {
starlog.Errorf("set dns provider error:%v", err)
return fmt.Errorf("set dns provider error:%w", err)
}
}
/*
// New users will need to register
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
log.Fatal(err)
}
a.Registration = reg
request := certificate.ObtainRequest{
Domains: []string{"mydomain.com"},
Bundle: true,
}
certificates, err := client.Certificate.Obtain(request)
if err != nil {
log.Fatal(err)
}
// Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. SAVE THESE TO DISK.
fmt.Printf("%#v\n", certificates)
*/
}
return nil
}