From d44f8a48a2f6bb6ee6c40e9d540b50b1eec69cad Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 17 Oct 2015 15:02:52 -0600 Subject: [PATCH 1/2] Add bare-bones acme usage example --- README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/README.md b/README.md index 9ced1461..a5dc00af 100644 --- a/README.md +++ b/README.md @@ -47,3 +47,69 @@ GLOBAL OPTIONS: --help, -h show help --version, -v print the version ``` + + +#### ACME Library Usage + +A valid, but bare-bones example use of the acme package: + +```go +// You'll need a user or account type that implements acme.User +type MyUser struct { + Email string + Registration *acme.RegistrationResource + key *rsa.PrivateKey +} +func (u MyUser) GetEmail() string { + return u.Email +} +func (u MyUser) GetRegistration() *acme.RegistrationResource { + return u.Registration +} +func (u MyUser) GetPrivateKey() *rsa.PrivateKey { + return u.key +} + +// Create a user. New accounts need an email and private key to start. +privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize) +if err != nil { + log.Fatal(err) +} +myUser := MyUser{ + Email: "you@yours.com", + key: privateKey, +} + +// A client facilitates communication with the CA server. This CA URL is +// configured for a local dev instance of Boulder running in Docker in a VM. +// We specify an optPort of 5001 because we aren't running as root and can't +// bind a listener to port 443 (used later when we attempt to pass challenge). +client := acme.NewClient("http://192.168.99.100:4000", &myUser, 2048, "5001") + +// New users will need to register; be sure to save it +reg, err := client.Register() +if err != nil { + log.Fatal(err) +} +myUser.Registration = reg + +// The client has a URL to the current Let's Encrypt Subscriber +// Agreement. The user will need to agree to it. +err = client.AgreeToTos() +if err != nil { + log.Fatal(err) +} + +// The acme library takes care of completing the challenges to obtain the certificate(s). +// Of course, the hostnames must resolve to this machine or it will fail. +certificates, err := client.ObtainCertificates([]string{"mydomain.com"}) +if err != nil { + log.Fatal(err) +} + +// Each certificate comes back with the cert bytes, the bytes of the server's +// private key, and a certificate URL. This is where you should save them to files! +fmt.Printf("%#v\n", certificates) + +// ... all done. +``` From 6c06e1cd65b9b118c53eb0bb4e6c9c6378963e8b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 17 Oct 2015 15:07:14 -0600 Subject: [PATCH 2/2] Minor correction --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a5dc00af..8dedd8c9 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ func (u MyUser) GetPrivateKey() *rsa.PrivateKey { } // Create a user. New accounts need an email and private key to start. +const rsaKeySize = 2048 privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize) if err != nil { log.Fatal(err) @@ -84,7 +85,7 @@ myUser := MyUser{ // configured for a local dev instance of Boulder running in Docker in a VM. // We specify an optPort of 5001 because we aren't running as root and can't // bind a listener to port 443 (used later when we attempt to pass challenge). -client := acme.NewClient("http://192.168.99.100:4000", &myUser, 2048, "5001") +client := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize, "5001") // New users will need to register; be sure to save it reg, err := client.Register()