regru: client certificate support (#2050)
Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
parent
d51b5e408b
commit
cab8e1f556
4 changed files with 34 additions and 0 deletions
|
@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error {
|
|||
ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`)
|
||||
ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`)
|
||||
ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
|
||||
ew.writeln(` - "REGRU_TLS_CERT": authentication certificate`)
|
||||
ew.writeln(` - "REGRU_TLS_KEY": authentication private key`)
|
||||
ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`)
|
||||
|
||||
ew.writeln()
|
||||
|
|
|
@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||
| `REGRU_HTTP_TIMEOUT` | API request timeout |
|
||||
| `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
|
||||
| `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
|
||||
| `REGRU_TLS_CERT` | authentication certificate |
|
||||
| `REGRU_TLS_KEY` | authentication private key |
|
||||
| `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |
|
||||
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
|
|
|
@ -3,6 +3,7 @@ package regru
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
@ -19,6 +20,8 @@ const (
|
|||
|
||||
EnvUsername = envNamespace + "USERNAME"
|
||||
EnvPassword = envNamespace + "PASSWORD"
|
||||
EnvTLSCert = envNamespace + "TLS_CERT"
|
||||
EnvTLSKey = envNamespace + "TLS_KEY"
|
||||
|
||||
EnvTTL = envNamespace + "TTL"
|
||||
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
|
||||
|
@ -30,6 +33,8 @@ const (
|
|||
type Config struct {
|
||||
Username string
|
||||
Password string
|
||||
TLSCert string
|
||||
TLSKey string
|
||||
|
||||
PropagationTimeout time.Duration
|
||||
PollingInterval time.Duration
|
||||
|
@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) {
|
|||
config := NewDefaultConfig()
|
||||
config.Username = values[EnvUsername]
|
||||
config.Password = values[EnvPassword]
|
||||
config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "")
|
||||
config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "")
|
||||
|
||||
return NewDNSProviderConfig(config)
|
||||
}
|
||||
|
@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
|||
client.HTTPClient = config.HTTPClient
|
||||
}
|
||||
|
||||
if config.TLSCert != "" || config.TLSKey != "" {
|
||||
if config.TLSCert == "" {
|
||||
return nil, errors.New("regru: TLS certificate is missing")
|
||||
}
|
||||
|
||||
if config.TLSKey == "" {
|
||||
return nil, errors.New("regru: TLS key is missing")
|
||||
}
|
||||
|
||||
tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("regru: %w", err)
|
||||
}
|
||||
|
||||
client.HTTPClient.Transport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
Certificates: []tls.Certificate{tlsCert},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
return &DNSProvider{config: config, client: client}, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
|
|||
REGRU_USERNAME = "API username"
|
||||
REGRU_PASSWORD = "API password"
|
||||
[Configuration.Additional]
|
||||
REGRU_TLS_CERT = "authentication certificate"
|
||||
REGRU_TLS_KEY = "authentication private key"
|
||||
REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||
REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
|
||||
REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"
|
||||
|
|
Loading…
Reference in a new issue