Allow the user to override the challenge port. Enables running as non-root.
This commit is contained in:
parent
805cef4dd6
commit
8f992218b9
4 changed files with 10 additions and 6 deletions
|
@ -46,7 +46,7 @@ type Client struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewClient creates a new client for the set user.
|
// NewClient creates a new client for the set user.
|
||||||
func NewClient(caURL string, usr User) *Client {
|
func NewClient(caURL string, usr User, optPort string) *Client {
|
||||||
if err := usr.GetPrivateKey().Validate(); err != nil {
|
if err := usr.GetPrivateKey().Validate(); err != nil {
|
||||||
logger().Fatalf("Could not validate the private account key of %s -> %v", usr.GetEmail(), err)
|
logger().Fatalf("Could not validate the private account key of %s -> %v", usr.GetEmail(), err)
|
||||||
}
|
}
|
||||||
|
|
8
cli.go
8
cli.go
|
@ -94,10 +94,6 @@ func main() {
|
||||||
Value: "https://www.letsencrypt-demo.org/acme/new-reg",
|
Value: "https://www.letsencrypt-demo.org/acme/new-reg",
|
||||||
Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
|
Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
|
||||||
Name: "authkey, k",
|
|
||||||
Usage: "Path to the authorized key file",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "email, m",
|
Name: "email, m",
|
||||||
Usage: "Email used for registration and recovery contact.",
|
Usage: "Email used for registration and recovery contact.",
|
||||||
|
@ -120,6 +116,10 @@ func main() {
|
||||||
Usage: "Directory to use for storing the data",
|
Usage: "Directory to use for storing the data",
|
||||||
Value: defaultPath,
|
Value: defaultPath,
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "port",
|
||||||
|
Usage: "Challenges will use this port to listen on. Please make sure to forward port 443 to this port on your machine. Otherwise use setcap on the binary",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
app.Run(os.Args)
|
app.Run(os.Args)
|
||||||
|
|
|
@ -30,7 +30,7 @@ func run(c *cli.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
acc := NewAccount(c.GlobalString("email"), conf)
|
acc := NewAccount(c.GlobalString("email"), conf)
|
||||||
client := acme.NewClient(c.GlobalString("server"), acc)
|
client := acme.NewClient(c.GlobalString("server"), acc, conf.OptPort())
|
||||||
if acc.Registration == nil {
|
if acc.Registration == nil {
|
||||||
reg, err := client.Register()
|
reg, err := client.Register()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -24,6 +24,10 @@ func (c *Configuration) RsaBits() int {
|
||||||
return c.context.GlobalInt("rsa-key-size")
|
return c.context.GlobalInt("rsa-key-size")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Configuration) OptPort() string {
|
||||||
|
return c.context.GlobalString("port")
|
||||||
|
}
|
||||||
|
|
||||||
// ServerPath returns the OS dependent path to the data for a specific CA
|
// ServerPath returns the OS dependent path to the data for a specific CA
|
||||||
func (c *Configuration) ServerPath() string {
|
func (c *Configuration) ServerPath() string {
|
||||||
srv, _ := url.Parse(c.context.GlobalString("server"))
|
srv, _ := url.Parse(c.context.GlobalString("server"))
|
||||||
|
|
Loading…
Reference in a new issue