forked from TrueCloudLab/lego
Adapt README and CHANGELOG to latest changes
This commit is contained in:
parent
3a3baf1597
commit
7c60c45e2c
2 changed files with 35 additions and 11 deletions
16
CHANGELOG.md
16
CHANGELOG.md
|
@ -2,8 +2,22 @@
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Added:
|
||||||
|
- CLI: The `--exclude` or `-x` switch. To exclude a challenge from being solved.
|
||||||
|
- CLI: The `--httpPort`. To set the listen port of HTTP based challenges.
|
||||||
|
- CLI: The `--tlsPort`. To set the listen port of TLS based challenges.
|
||||||
|
- lib: ExcludeChallenges function. Pass an array of challenge identifiers to exclude them from solving.
|
||||||
|
- lib: SetHTTPPort function. Pass a port to set the listen port for HTTP based challenges.
|
||||||
|
- lib: SetTLSPort function. Pass a port to set the listen port of TLS based challenges.
|
||||||
|
|
||||||
|
### Changed:
|
||||||
|
- lib: NewClient does no longer accept the optPort parameter
|
||||||
|
|
||||||
|
### Removed:
|
||||||
|
- CLI: The `--port` switch was removed.
|
||||||
|
|
||||||
### Fixed:
|
### Fixed:
|
||||||
- CLI: Fix logic using the --days parameter
|
- CLI: Fix logic using the `--days` parameter for renew
|
||||||
|
|
||||||
## [0.1.1] - 2015-12-18
|
## [0.1.1] - 2015-12-18
|
||||||
|
|
||||||
|
|
30
README.md
30
README.md
|
@ -45,15 +45,19 @@ The CLI does not require root permissions but needs to bind to port 80 and 443 f
|
||||||
To run the CLI without sudo, you have two options:
|
To run the CLI without sudo, you have two options:
|
||||||
|
|
||||||
- Use setcap 'cap_net_bind_service=+ep' /path/to/program
|
- Use setcap 'cap_net_bind_service=+ep' /path/to/program
|
||||||
- Pass the `--port` option and specify a custom port to bind to. In this case you have to forward port 443 to this custom port.
|
- Pass the `--httpPort` or/and the `--tlsPort` option and specify a custom port to bind to. In this case you have to forward port 80/443 to these custom ports (see [Port Usage](#port-usage)).
|
||||||
|
|
||||||
#### Port Usage
|
#### Port Usage
|
||||||
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
||||||
If this is not possible in your environment, you can use the `--port` option to instruct
|
If this is not possible in your environment, you can use the `--httpPort` and `--tlsPort` options to instruct
|
||||||
lego to listen on that port for any incoming challenges.
|
lego to listen on that port for any incoming challenges.
|
||||||
|
|
||||||
If you are using this option, make sure you proxy all of the following traffic to that port:
|
If you are using this option, make sure you proxy all of the following traffic to these ports.
|
||||||
|
|
||||||
|
HTTP Port:
|
||||||
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge.
|
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge.
|
||||||
|
|
||||||
|
TLS Port:
|
||||||
- All TLS handshakes on port 443 for TLS-SNI-01.
|
- All TLS handshakes on port 443 for TLS-SNI-01.
|
||||||
|
|
||||||
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
|
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
|
||||||
|
@ -68,7 +72,7 @@ USAGE:
|
||||||
./lego [global options] command [command options] [arguments...]
|
./lego [global options] command [command options] [arguments...]
|
||||||
|
|
||||||
VERSION:
|
VERSION:
|
||||||
0.1.0
|
0.2.0
|
||||||
|
|
||||||
COMMANDS:
|
COMMANDS:
|
||||||
run Register an account, then create and install a certificate
|
run Register an account, then create and install a certificate
|
||||||
|
@ -81,8 +85,10 @@ GLOBAL OPTIONS:
|
||||||
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
|
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
|
||||||
--email, -m Email used for registration and recovery contact.
|
--email, -m Email used for registration and recovery contact.
|
||||||
--rsa-key-size, -B "2048" Size of the RSA key.
|
--rsa-key-size, -B "2048" Size of the RSA key.
|
||||||
--path "${CWD}" Directory to use for storing the data
|
--path "${CWD}" Directory to use for storing the data
|
||||||
--port Challenges will use this port to listen on. Please make sure to forward port 443 to this port on your machine. Otherwise use setcap on the binary
|
--exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
|
||||||
|
--httpPort Set the port to use for HTTP based challenges to listen on.
|
||||||
|
--tlsPort Set the port to use for TLS based challenges to listen on.
|
||||||
--help, -h show help
|
--help, -h show help
|
||||||
--version, -v print the version
|
--version, -v print the version
|
||||||
|
|
||||||
|
@ -141,14 +147,18 @@ myUser := MyUser{
|
||||||
|
|
||||||
// A client facilitates communication with the CA server. This CA URL is
|
// A client facilitates communication with the CA server. This CA URL is
|
||||||
// configured for a local dev instance of Boulder running in Docker in a VM.
|
// configured for a local dev instance of Boulder running in Docker in a VM.
|
||||||
// We specify an optPort of 5001 because we aren't running as root and can't
|
client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize)
|
||||||
// bind a listener to port 80 or 443 (used later when we attempt to pass challenges).
|
|
||||||
// Keep in mind that we still need to proxy challenge traffic to port 5001.
|
|
||||||
client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize, "5001")
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We specify an httpPort of 5002 and an tlsPort of 5001 because we aren't running as
|
||||||
|
// root and can't bind a listener to port 80 and 443
|
||||||
|
// (used later when we attempt to pass challenges).
|
||||||
|
// Keep in mind that we still need to proxy challenge traffic to port 5002 and 5001.
|
||||||
|
client.SetHTTPPort("5002")
|
||||||
|
client.SetTLSPort("5001")
|
||||||
|
|
||||||
// New users will need to register; be sure to save it
|
// New users will need to register; be sure to save it
|
||||||
reg, err := client.Register()
|
reg, err := client.Register()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue