mbiryukova/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Update README and version

Browse source
This commit is contained in:
Matthew Holt 2016-03-23 12:12:47 -06:00
parent 636fb51fb0
commit 41cfcd79df
2 changed files with 29 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
README.md
View file

@ -19,22 +19,21 @@ To install from source, just run
go get -u github.com/xenolf/lego go get -u github.com/xenolf/lego
``` ```
#### Current Status #### Features
The code in this repository is under development.
Current features: - Register with CA
- [x] Registering with a CA - Obtain certificates
- [x] Requesting Certificates - Renew certificates
- [x] Renewing Certificates - Revoke certificates
- [x] Revoking Certificates - Robust implementation of all ACME challenges
- [ ] Initiating account recovery - HTTP (http-01)
- Identifier validation challenges - TLS with Server Name Indication (tls-sni-01)
- [x] HTTP (http-01) - DNS (dns-01)
- [x] TLS with Server Name Indication (tls-sni-01) - SAN certificate support
- [ ] Proof of Possession of a Prior Key (proofOfPossession-01) - Comes with multiple optional [DNS providers](https://github.com/xenolf/lego/tree/master/providers/dns)
- [x] DNS (dns-01) - [Custom challenge solvers](https://github.com/xenolf/lego/wiki/Writing-a-Challenge-Solver)
- [x] Certificate bundling - Certificate bundling
- [x] Library support for OCSP - OCSP helper function
Please keep in mind that CLI switches and APIs are still subject to change. Please keep in mind that CLI switches and APIs are still subject to change.
@ -56,10 +55,10 @@ lego to listen on that interface:port for any incoming challenges.
If you are using this option, make sure you proxy all of the following traffic to these ports. If you are using this option, make sure you proxy all of the following traffic to these ports.
HTTP Port: HTTP Port:
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge. - All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge.
TLS Port: TLS Port:
- All TLS handshakes on port 443 for TLS-SNI-01. - All TLS handshakes on port 443 for the TLS-SNI challenge.
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding. This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
@ -67,13 +66,13 @@ This traffic redirection is only needed as long as lego solves challenges. As so
``` ```
NAME: NAME:
lego - Let's encrypt client to go! lego - Let's Encrypt client written in Go
USAGE: USAGE:
./lego [global options] command [command options] [arguments...] ./lego [global options] command [command options] [arguments...]
VERSION: VERSION:
0.2.0 0.3.0
COMMANDS: COMMANDS:
run Register an account, then create and install a certificate run Register an account, then create and install a certificate
@ -209,20 +208,22 @@ if err != nil {
log.Fatal(err) log.Fatal(err)
} }
// We specify an http port of 5002 and an tls port of 5001 on all interfaces because we aren't running as // We specify an http port of 5002 and an tls port of 5001 on all interfaces
// root and can't bind a listener to port 80 and 443 // because we aren't running as root and can't bind a listener to port 80 and 443
// (used later when we attempt to pass challenges). // (used later when we attempt to pass challenges). Keep in mind that we still
// Keep in mind that we still need to proxy challenge traffic to port 5002 and 5001. // need to proxy challenge traffic to port 5002 and 5001.
client.SetHTTPAddress(":5002") client.SetHTTPAddress(":5002")
client.SetTLSAddress(":5001") client.SetTLSAddress(":5001")
// New users will need to register; be sure to save it // New users will need to register
reg, err := client.Register() reg, err := client.Register()
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
myUser.Registration = reg myUser.Registration = reg
// SAVE THE USER.
// The client has a URL to the current Let's Encrypt Subscriber // The client has a URL to the current Let's Encrypt Subscriber
// Agreement. The user will need to agree to it. // Agreement. The user will need to agree to it.
err = client.AgreeToTOS() err = client.AgreeToTOS()
@ -231,7 +232,7 @@ if err != nil {
} }
// The acme library takes care of completing the challenges to obtain the certificate(s). // The acme library takes care of completing the challenges to obtain the certificate(s).
// Of course, the hostnames must resolve to this machine or it will fail. // The domains must resolve to this machine or you have to use the DNS challenge.
bundle := false bundle := false
certificates, failures := client.ObtainCertificate([]string{"mydomain.com"}, bundle, nil) certificates, failures := client.ObtainCertificate([]string{"mydomain.com"}, bundle, nil)
if len(failures) > 0 { if len(failures) > 0 {
@ -239,7 +240,7 @@ if len(failures) > 0 {
} }
// Each certificate comes back with the cert bytes, the bytes of the client's // Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. This is where you should save them to files! // private key, and a certificate URL. SAVE THESE TO DISK.
fmt.Printf("%#v\n", certificates) fmt.Printf("%#v\n", certificates)
// ... all done. // ... all done.

4
cli.go
View file

@ -30,9 +30,9 @@ var gittag string
func main() { func main() {
app := cli.NewApp() app := cli.NewApp()
app.Name = "lego" app.Name = "lego"
app.Usage = "Let's encrypt client to go!" app.Usage = "Let's Encrypt client written in Go"
version := "0.2.0" version := "0.3.0"
if strings.HasPrefix(gittag, "v") { if strings.HasPrefix(gittag, "v") {
version = gittag version = gittag
} }