acme

package module
v0.0.0-...-0996bc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2022 License: MIT Imports: 23 Imported by: 0

README

noumia/acme

ACME v2 client for Golang

Support Let's Encrypt issue wildcard certificate

How to use

Build acme tool

$ go get -u github.com/noumia/acme/cmd/wild-le
Regiter your account
$ openssl ecparam -out account.key -name prime256v1 -genkey

or

$ openssl genrsa -out account.key 4096

$ wild-le account -c [email protected] --agree-tos

To register mail address is optional but to agree the tos is required.

Make server key
$ openssl ecparam -out server.key -name prime256v1 -genkey

or

$ openssl genrsa -out server.key 2048

To use an account key as a server key is not possible.

Make server csr
[req]
distinguished_name=dn
req_extensions=ex
[dn]
[ex]
subjectAltName=@alt_names
[alt_names]
DNS.1=example.com
DNS.2=*.example.com

$ openssl req -new -key server.key -sha256 -out server.csr -subj "/CN=example.com" -config example.conf

Review your server csr file.

$ openssl req -in server.csr -text -noout
Issue wildcard certificate
$ wild-le renew server.crt
DNSSetup TXT: _acme-challenge.example.com 8ZkX2so-Beyzq2RWmntJ_dsR_-W1B_j5X-7OXNNoPiI
Continue?

Press 'y' 'enter' key, after you setup DNS TXT record "8ZkX2...".

To validate DNS settings may take several minutes.

Validation process required twice. (for 'example.com' and '*.example.com')

Everything OK, you can deploy server.key and server.crt to your web servers.

Automation

Build lego DNS setup tool

$ go get -u github.com/noumia/acme/cmd/dns-lego
Google Cloud DNS example
$ export GOOGLE_APPLICATION_CREDENTIALS=<path/to/ServiceAccountKeyJSON>
$ export GCE_PROJECT=<projectName>
$ export LEGO_DNS_PROVIDER=gcloud

$ wild-le renew -l dns-lego server.crt

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DNS01Challenge 

func DNS01Challenge(pub crypto.PublicKey, token string) (string, error)

func EncodeJWK 

func EncodeJWK(pub crypto.PublicKey) (string, error)

func EncodeJWS 

func EncodeJWS(claimset interface{}, key crypto.Signer, nonce string, kid string, url string) ([]byte, error)

func ErrorWithResponse 

func ErrorWithResponse(res *http.Response) error

func Hasher 

func Hasher(key crypto.Signer) (string, crypto.Hash)

func KeyAuthorization 

func KeyAuthorization(pub crypto.PublicKey, token string) (string, error)

func Sign 

func Sign(key crypto.Signer, hasher crypto.Hash, digest []byte) ([]byte, error)

func Sleep 

func Sleep(ctx context.Context, ms int) error

func ThumbprintJWK 

func ThumbprintJWK(pub crypto.PublicKey) (string, error)

Types

type Account 

type Account struct {
	Status  string
	Contact []string
}

type Authorization 

type Authorization struct {
	Status     string
	Expires    string
	Identifier Identifier
	Challenges []Challenge
}

type Challenge 

type Challenge struct {
	Type             string
	URL              string
	Status           string
	Validated        string
	Token            string
	KeyAuthorization string
}

type Client 

type Client struct {
	Logger  *log.Logger
	Verbose bool

	HTTPClient *http.Client

	Key crypto.Signer
	Kid string

	Directory *Directory
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(key crypto.Signer) *Client

func (*Client) Describe 

func (p *Client) Describe(ctx context.Context, url string) error

func (*Client) DoGet 

func (p *Client) DoGet(ctx context.Context, url string) (*http.Response, error)

func (*Client) DoPost 

func (p *Client) DoPost(ctx context.Context, url, ctype string, body io.Reader) (*http.Response, error)

func (*Client) GetAuthorization 

func (p *Client) GetAuthorization(ctx context.Context, url string) (*Authorization, error)

func (*Client) GetCertificate 

func (p *Client) GetCertificate(ctx context.Context, url string) ([]byte, error)

func (*Client) GetDNS01Challenge 

func (p *Client) GetDNS01Challenge(token string) (string, error)

func (*Client) GetKeyAuthorization 

func (p *Client) GetKeyAuthorization(token string) (string, error)

func (*Client) GetNonce 

func (p *Client) GetNonce(ctx context.Context, url string) (string, error)

func (*Client) GetOrder 

func (p *Client) GetOrder(ctx context.Context, url string) (*Order, error)

func (*Client) LookupAccount 

func (p *Client) LookupAccount(ctx context.Context) (*Account, error)

func (*Client) NewAccount 

func (p *Client) NewAccount(ctx context.Context, req map[string]interface{}) (*Account, error)

func (*Client) NewOrder 

func (p *Client) NewOrder(ctx context.Context, req map[string]interface{}) (string, *Order, error)

func (*Client) PostAuthorization 

func (p *Client) PostAuthorization(ctx context.Context, url string, req map[string]interface{}) (*Authorization, error)

func (*Client) PostChallenge 

func (p *Client) PostChallenge(ctx context.Context, url string, req map[string]interface{}) (*Challenge, error)

func (*Client) PostFinalize 

func (p *Client) PostFinalize(ctx context.Context, url string, req map[string]interface{}) (*Order, error)

func (*Client) PostJWS 

func (p *Client) PostJWS(ctx context.Context, url string, body interface{}) (*http.Response, error)

func (*Client) PostJWSWithRetry 

func (p *Client) PostJWSWithRetry(ctx context.Context, url string, body interface{}) (*http.Response, error)

func (*Client) PutNonce 

func (p *Client) PutNonce(nonce string)

type Continue 

type Continue interface {
	DNSSetup(ctx context.Context, domain, text string) bool
}

type Directory 

type Directory struct {
	NewAccount string
	NewNonce   string
	RevokeCert string
	NewOrder   string
	KeyChange  string

	Meta map[string]interface{}
}

type Error 

type Error struct {
	Status int
	Type   string
	Detail string
}

func (*Error) Error 

func (e *Error) Error() string

type Identifier 

type Identifier struct {
	Type  string `json:"type"`
	Value string `json:"value"`
}

type Lego 

type Lego interface {
	Continue
	Present(ctx context.Context, domain, token, keyAuth string) error
}

type Order 

type Order struct {
	Status         string
	Expires        string
	Identifiers    []Identifier
	Authorizations []string
	Finalize       string
	Certificate    string
}

type Renew 

type Renew struct {
	Continue Continue

	ChaRetry int
	ChaLevel int
	FinRetry int
	DNSProbe int
	DNSRetry int
	DNSLevel int
	Wait     int
	DNSExtra int

	Certificate string
	// contains filtered or unexported fields
}

func NewRenew 

func NewRenew(cli *Client) *Renew

func (*Renew) DNSSetup 

func (p *Renew) DNSSetup(ctx context.Context, domain, text string) bool

func (*Renew) GetCertificate 

func (p *Renew) GetCertificate(ctx context.Context) ([]byte, error)

func (*Renew) Order 

func (p *Renew) Order(ctx context.Context, req *x509.CertificateRequest) error

Source Files

View all Source files

Directories

Path Synopsis
cmd
dns
dns-lego
wild-le

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.