forked from TrueCloudLab/lego
Merge pull request #166 from xenolf/readme-updates
Update README and version
This commit is contained in:
commit
735d41fbc8
2 changed files with 29 additions and 28 deletions
53
README.md
53
README.md
|
@ -19,22 +19,21 @@ To install from source, just run
|
||||||
go get -u github.com/xenolf/lego
|
go get -u github.com/xenolf/lego
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Current Status
|
#### Features
|
||||||
The code in this repository is under development.
|
|
||||||
|
|
||||||
Current features:
|
- Register with CA
|
||||||
- [x] Registering with a CA
|
- Obtain certificates
|
||||||
- [x] Requesting Certificates
|
- Renew certificates
|
||||||
- [x] Renewing Certificates
|
- Revoke certificates
|
||||||
- [x] Revoking Certificates
|
- Robust implementation of all ACME challenges
|
||||||
- [ ] Initiating account recovery
|
- HTTP (http-01)
|
||||||
- Identifier validation challenges
|
- TLS with Server Name Indication (tls-sni-01)
|
||||||
- [x] HTTP (http-01)
|
- DNS (dns-01)
|
||||||
- [x] TLS with Server Name Indication (tls-sni-01)
|
- SAN certificate support
|
||||||
- [ ] Proof of Possession of a Prior Key (proofOfPossession-01)
|
- Comes with multiple optional [DNS providers](https://github.com/xenolf/lego/tree/master/providers/dns)
|
||||||
- [x] DNS (dns-01)
|
- [Custom challenge solvers](https://github.com/xenolf/lego/wiki/Writing-a-Challenge-Solver)
|
||||||
- [x] Certificate bundling
|
- Certificate bundling
|
||||||
- [x] Library support for OCSP
|
- OCSP helper function
|
||||||
|
|
||||||
Please keep in mind that CLI switches and APIs are still subject to change.
|
Please keep in mind that CLI switches and APIs are still subject to change.
|
||||||
|
|
||||||
|
@ -56,10 +55,10 @@ lego to listen on that interface:port for any incoming challenges.
|
||||||
If you are using this option, make sure you proxy all of the following traffic to these ports.
|
If you are using this option, make sure you proxy all of the following traffic to these ports.
|
||||||
|
|
||||||
HTTP Port:
|
HTTP Port:
|
||||||
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge.
|
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge.
|
||||||
|
|
||||||
TLS Port:
|
TLS Port:
|
||||||
- All TLS handshakes on port 443 for TLS-SNI-01.
|
- All TLS handshakes on port 443 for the TLS-SNI challenge.
|
||||||
|
|
||||||
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
|
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
|
||||||
|
|
||||||
|
@ -67,13 +66,13 @@ This traffic redirection is only needed as long as lego solves challenges. As so
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME:
|
NAME:
|
||||||
lego - Let's encrypt client to go!
|
lego - Let's Encrypt client written in Go
|
||||||
|
|
||||||
USAGE:
|
USAGE:
|
||||||
./lego [global options] command [command options] [arguments...]
|
./lego [global options] command [command options] [arguments...]
|
||||||
|
|
||||||
VERSION:
|
VERSION:
|
||||||
0.2.0
|
0.3.0
|
||||||
|
|
||||||
COMMANDS:
|
COMMANDS:
|
||||||
run Register an account, then create and install a certificate
|
run Register an account, then create and install a certificate
|
||||||
|
@ -209,20 +208,22 @@ if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// We specify an http port of 5002 and an tls port of 5001 on all interfaces because we aren't running as
|
// We specify an http port of 5002 and an tls port of 5001 on all interfaces
|
||||||
// root and can't bind a listener to port 80 and 443
|
// because we aren't running as root and can't bind a listener to port 80 and 443
|
||||||
// (used later when we attempt to pass challenges).
|
// (used later when we attempt to pass challenges). Keep in mind that we still
|
||||||
// Keep in mind that we still need to proxy challenge traffic to port 5002 and 5001.
|
// need to proxy challenge traffic to port 5002 and 5001.
|
||||||
client.SetHTTPAddress(":5002")
|
client.SetHTTPAddress(":5002")
|
||||||
client.SetTLSAddress(":5001")
|
client.SetTLSAddress(":5001")
|
||||||
|
|
||||||
// New users will need to register; be sure to save it
|
// New users will need to register
|
||||||
reg, err := client.Register()
|
reg, err := client.Register()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
myUser.Registration = reg
|
myUser.Registration = reg
|
||||||
|
|
||||||
|
// SAVE THE USER.
|
||||||
|
|
||||||
// The client has a URL to the current Let's Encrypt Subscriber
|
// The client has a URL to the current Let's Encrypt Subscriber
|
||||||
// Agreement. The user will need to agree to it.
|
// Agreement. The user will need to agree to it.
|
||||||
err = client.AgreeToTOS()
|
err = client.AgreeToTOS()
|
||||||
|
@ -231,7 +232,7 @@ if err != nil {
|
||||||
}
|
}
|
||||||
|
|
||||||
// The acme library takes care of completing the challenges to obtain the certificate(s).
|
// The acme library takes care of completing the challenges to obtain the certificate(s).
|
||||||
// Of course, the hostnames must resolve to this machine or it will fail.
|
// The domains must resolve to this machine or you have to use the DNS challenge.
|
||||||
bundle := false
|
bundle := false
|
||||||
certificates, failures := client.ObtainCertificate([]string{"mydomain.com"}, bundle, nil)
|
certificates, failures := client.ObtainCertificate([]string{"mydomain.com"}, bundle, nil)
|
||||||
if len(failures) > 0 {
|
if len(failures) > 0 {
|
||||||
|
@ -239,7 +240,7 @@ if len(failures) > 0 {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Each certificate comes back with the cert bytes, the bytes of the client's
|
// Each certificate comes back with the cert bytes, the bytes of the client's
|
||||||
// private key, and a certificate URL. This is where you should save them to files!
|
// private key, and a certificate URL. SAVE THESE TO DISK.
|
||||||
fmt.Printf("%#v\n", certificates)
|
fmt.Printf("%#v\n", certificates)
|
||||||
|
|
||||||
// ... all done.
|
// ... all done.
|
||||||
|
|
4
cli.go
4
cli.go
|
@ -30,9 +30,9 @@ var gittag string
|
||||||
func main() {
|
func main() {
|
||||||
app := cli.NewApp()
|
app := cli.NewApp()
|
||||||
app.Name = "lego"
|
app.Name = "lego"
|
||||||
app.Usage = "Let's encrypt client to go!"
|
app.Usage = "Let's Encrypt client written in Go"
|
||||||
|
|
||||||
version := "0.2.0"
|
version := "0.3.0"
|
||||||
if strings.HasPrefix(gittag, "v") {
|
if strings.HasPrefix(gittag, "v") {
|
||||||
version = gittag
|
version = gittag
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue