lego/cli.go

// Let's Encrypt client to go!
// CLI application for generating Let's Encrypt certificates using the ACME package.
package main

import (
	"log"
	"os"
	"path"
	"strings"

	"github.com/codegangsta/cli"
	"github.com/xenolf/lego/acme"
)

// Logger is used to log errors; if nil, the default log.Logger is used.
var Logger *log.Logger

// logger is an helper function to retrieve the available logger
func logger() *log.Logger {
	if Logger == nil {
		Logger = log.New(os.Stderr, "", log.LstdFlags)
	}
	return Logger
}

var gittag string

func main() {
	app := cli.NewApp()
	app.Name = "lego"
	app.Usage = "Let's encrypt client to go!"

	version := "0.2.0"
	if strings.HasPrefix(gittag, "v") {
		version = gittag
	}

	app.Version = version

	acme.UserAgent = "lego/" + app.Version

	cwd, err := os.Getwd()
	if err != nil {
		logger().Fatal("Could not determine current working directory. Please pass --path.")
	}
	defaultPath := path.Join(cwd, ".lego")

	app.Commands = []cli.Command{
		{
			Name:   "run",
			Usage:  "Register an account, then create and install a certificate",
			Action: run,
			Flags: []cli.Flag{
				cli.BoolFlag{
					Name:  "no-bundle",
					Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",
				},
			},
		},
		{
			Name:   "revoke",
			Usage:  "Revoke a certificate",
			Action: revoke,
		},
		{
			Name:   "renew",
			Usage:  "Renew a certificate",
			Action: renew,
			Flags: []cli.Flag{
				cli.IntFlag{
					Name:  "days",
					Value: 0,
					Usage: "The number of days left on a certificate to renew it.",
				},
				cli.BoolFlag{
					Name:  "reuse-key",
					Usage: "Used to indicate you want to reuse your current private key for the new certificate.",
				},
				cli.BoolFlag{
					Name:  "no-bundle",
					Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",
				},
			},
		},
	}

	app.Flags = []cli.Flag{
		cli.StringSliceFlag{
			Name:  "domains, d",
			Usage: "Add domains to the process",
		},
		cli.StringFlag{
			Name:  "server, s",
			Value: "https://acme-v01.api.letsencrypt.org/directory",
			Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
		},
		cli.StringFlag{
			Name:  "email, m",
			Usage: "Email used for registration and recovery contact.",
		},
		cli.BoolFlag{
			Name:  "accept-tos, a",
			Usage: "By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.",
		},
		cli.StringFlag{
			Name:  "key-type, k",
			Value: "rsa2048",
			Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384",
		},
		cli.StringFlag{
			Name:  "path",
			Usage: "Directory to use for storing the data",
			Value: defaultPath,
		},
		cli.StringSliceFlag{
			Name:  "exclude, x",
			Usage: "Explicitly disallow solvers by name from being used. Solvers: \"http-01\", \"tls-sni-01\".",
		},
		cli.StringFlag{
			Name:  "webroot",
			Usage: "Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge",
		},
		cli.StringFlag{
			Name:  "http",
			Usage: "Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port",
		},
		cli.StringFlag{
			Name:  "tls",
			Usage: "Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port",
		},
		cli.StringFlag{
			Name: "dns",
			Usage: "Solve a DNS challenge using the specified provider. Disables all other challenges." +
				"\n\tCredentials for providers have to be passed through environment variables." +
				"\n\tFor a more detailed explanation of the parameters, please see the online docs." +
				"\n\tValid providers:" +
				"\n\tcloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY" +
				"\n\tdigitalocean: DO_AUTH_TOKEN" +
				"\n\tdnsimple: DNSIMPLE_EMAIL, DNSIMPLE_API_KEY" +
				"\n\troute53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION" +
				"\n\trfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER" +
				"\n\tmanual: none",
		},
	}

	app.Run(os.Args)
}
Add package comments to make the library and CLI more discoverable on godoc.org Fixes #106 2016-02-08 00:59:03 +00:00			`// Let's Encrypt client to go!`
			`// CLI application for generating Let's Encrypt certificates using the ACME package.`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`package main`

			`import (`
			`"log"`
			`"os"`
Remove global paths and default to CWD/.lego for storage. Overridable through --path. 2015-06-12 21:34:49 +00:00			`"path"`
Allow for build time version override 2016-01-09 01:13:13 +00:00			`"strings"`
Base implementation with registration support 2015-06-08 00:36:07 +00:00
			`"github.com/codegangsta/cli"`
Implement custom User-Agent string Also a couple miscellaneous vet fixes 2015-12-30 22:01:21 +00:00			`"github.com/xenolf/lego/acme"`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`)`

			`// Logger is used to log errors; if nil, the default log.Logger is used.`
			`var Logger *log.Logger`

			`// logger is an helper function to retrieve the available logger`
			`func logger() *log.Logger {`
			`if Logger == nil {`
			`Logger = log.New(os.Stderr, "", log.LstdFlags)`
			`}`
			`return Logger`
			`}`

Allow for build time version override 2016-01-09 01:13:13 +00:00			`var gittag string`

Base implementation with registration support 2015-06-08 00:36:07 +00:00			`func main() {`
			`app := cli.NewApp()`
			`app.Name = "lego"`
			`app.Usage = "Let's encrypt client to go!"`
Allow for build time version override 2016-01-09 01:13:13 +00:00
			`version := "0.2.0"`
			`if strings.HasPrefix(gittag, "v") {`
			`version = gittag`
			`}`

			`app.Version = version`
Base implementation with registration support 2015-06-08 00:36:07 +00:00
Implement custom User-Agent string Also a couple miscellaneous vet fixes 2015-12-30 22:01:21 +00:00			`acme.UserAgent = "lego/" + app.Version`

Remove global paths and default to CWD/.lego for storage. Overridable through --path. 2015-06-12 21:34:49 +00:00			`cwd, err := os.Getwd()`
			`if err != nil {`
			`logger().Fatal("Could not determine current working directory. Please pass --path.")`
			`}`
			`defaultPath := path.Join(cwd, ".lego")`

Base implementation with registration support 2015-06-08 00:36:07 +00:00			`app.Commands = []cli.Command{`
			`{`
			`Name: "run",`
Clean up CLI args 2015-09-27 12:50:45 +00:00			`Usage: "Register an account, then create and install a certificate",`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`Action: run,`
Add --nobundle flag to supress the default creation of certificate bundle. 2016-02-26 01:57:16 +00:00			`Flags: []cli.Flag{`
			`cli.BoolFlag{`
As per request, renamed nobundle to no-bundle to be more in line with the other multi word switches. 2016-02-27 09:46:13 +00:00			`Name: "no-bundle",`
Add --nobundle flag to supress the default creation of certificate bundle. 2016-02-26 01:57:16 +00:00			`Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",`
			`},`
			`},`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`},`
			`{`
Clean up CLI args 2015-09-27 12:50:45 +00:00			`Name: "revoke",`
			`Usage: "Revoke a certificate",`
			`Action: revoke,`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`},`
Implement renewal. Fixes #7 2015-10-18 22:42:04 +00:00			`{`
			`Name: "renew",`
			`Usage: "Renew a certificate",`
			`Action: renew,`
Add a way for cronjobs to automatically renew certificates. 2015-12-06 21:35:52 +00:00			`Flags: []cli.Flag{`
			`cli.IntFlag{`
Fix gofmt errors 2015-12-24 08:57:09 +00:00			`Name: "days",`
Add a way for cronjobs to automatically renew certificates. 2015-12-06 21:35:52 +00:00			`Value: 0,`
			`Usage: "The number of days left on a certificate to renew it.",`
			`},`
Add the ability to reuse a private key 2016-01-08 09:14:41 +00:00			`cli.BoolFlag{`
			`Name: "reuse-key",`
			`Usage: "Used to indicate you want to reuse your current private key for the new certificate.",`
			`},`
Add --nobundle flag to supress the default creation of certificate bundle. 2016-02-26 01:57:16 +00:00			`cli.BoolFlag{`
As per request, renamed nobundle to no-bundle to be more in line with the other multi word switches. 2016-02-27 09:46:13 +00:00			`Name: "no-bundle",`
Add --nobundle flag to supress the default creation of certificate bundle. 2016-02-26 01:57:16 +00:00			`Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",`
			`},`
Add a way for cronjobs to automatically renew certificates. 2015-12-06 21:35:52 +00:00			`},`
Implement renewal. Fixes #7 2015-10-18 22:42:04 +00:00			`},`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`}`

			`app.Flags = []cli.Flag{`
			`cli.StringSliceFlag{`
			`Name: "domains, d",`
			`Usage: "Add domains to the process",`
			`},`
			`cli.StringFlag{`
			`Name: "server, s",`
Update CLI to default to the live LE endpoint. 2015-12-03 18:37:54 +00:00			`Value: "https://acme-v01.api.letsencrypt.org/directory",`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",`
			`},`
			`cli.StringFlag{`
			`Name: "email, m",`
			`Usage: "Email used for registration and recovery contact.",`
			`},`
Introduce --agree-tos switch. Fixes #128 2016-02-15 02:51:59 +00:00			`cli.BoolFlag{`
			`Name: "accept-tos, a",`
			`Usage: "By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.",`
			`},`
Add support for EC certificates / account keys 2016-01-27 01:01:39 +00:00			`cli.StringFlag{`
			`Name: "key-type, k",`
			`Value: "rsa2048",`
			`Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384",`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`},`
			`cli.StringFlag{`
Remove global paths and default to CWD/.lego for storage. Overridable through --path. 2015-06-12 21:34:49 +00:00			`Name: "path",`
			`Usage: "Directory to use for storing the data",`
			`Value: defaultPath,`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`},`
Make solvers configurable. Allows selecting which solvers are available, and specifying options for them. 2015-12-05 21:01:08 +00:00			`cli.StringSliceFlag{`
Adapt CLI to changes in lib - Change explicit include of challenges to explicit exclude - Add CLI switches for HTTP and TLS ports 2015-12-27 17:30:04 +00:00			`Name: "exclude, x",`
			`Usage: "Explicitly disallow solvers by name from being used. Solvers: \"http-01\", \"tls-sni-01\".",`
			`},`
Added a --webroot option for HTTP challenge When using this option, the challenge will be written in a file in ".well-known/acme-challenge/" inside the given webroot folder. This allows lego to work without binding any port at all. 2016-02-10 11:19:29 +00:00			`cli.StringFlag{`
			`Name: "webroot",`
			`Usage: "Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge",`
			`},`
Adapt CLI to changes in lib - Change explicit include of challenges to explicit exclude - Add CLI switches for HTTP and TLS ports 2015-12-27 17:30:04 +00:00			`cli.StringFlag{`
Add interface:port override to CLI 2016-01-08 07:05:07 +00:00			`Name: "http",`
			`Usage: "Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port",`
Adapt CLI to changes in lib - Change explicit include of challenges to explicit exclude - Add CLI switches for HTTP and TLS ports 2015-12-27 17:30:04 +00:00			`},`
			`cli.StringFlag{`
Add interface:port override to CLI 2016-01-08 07:05:07 +00:00			`Name: "tls",`
			`Usage: "Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port",`
Allow the user to override the challenge port. Enables running as non-root. 2015-06-12 22:16:49 +00:00			`},`
Add DNS01 support to the CLI 2016-01-30 01:40:57 +00:00			`cli.StringFlag{`
			`Name: "dns",`
Make the --dns help message more explicit about disabling challenges 2016-02-14 00:42:47 +00:00			`Usage: "Solve a DNS challenge using the specified provider. Disables all other challenges." +`
Add DNS01 support to the CLI 2016-01-30 01:40:57 +00:00			`"\n\tCredentials for providers have to be passed through environment variables." +`
			`"\n\tFor a more detailed explanation of the parameters, please see the online docs." +`
			`"\n\tValid providers:" +`
			`"\n\tcloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY" +`
			`"\n\tdigitalocean: DO_AUTH_TOKEN" +`
			`"\n\tdnsimple: DNSIMPLE_EMAIL, DNSIMPLE_API_KEY" +`
Corrected AWS_REGION env variable name 2016-01-30 23:10:46 +00:00			`"\n\troute53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION" +`
Merge remote-tracking branch 'upstream/master' into issue-140-multi-zone-certs Conflicts solved: README.md cli.go 2016-02-28 14:42:09 +00:00			`"\n\trfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER" +`
Add DNS01 support to the CLI 2016-01-30 01:40:57 +00:00			`"\n\tmanual: none",`
			`},`
Base implementation with registration support 2015-06-08 00:36:07 +00:00			`}`

			`app.Run(os.Args)`
			`}`