forked from TrueCloudLab/lego
changed imports to xenolf
This commit is contained in:
parent
0d6f04c434
commit
ab2362bff4
7 changed files with 4 additions and 529 deletions
178
cli.go
178
cli.go
|
@ -1,178 +0,0 @@
|
||||||
// Let's Encrypt client to go!
|
|
||||||
// CLI application for generating Let's Encrypt certificates using the ACME package.
|
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"log"
|
|
||||||
"os"
|
|
||||||
"path"
|
|
||||||
"strings"
|
|
||||||
"text/tabwriter"
|
|
||||||
|
|
||||||
"github.com/codegangsta/cli"
|
|
||||||
"github.com/xenolf/lego/acme"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Logger is used to log errors; if nil, the default log.Logger is used.
|
|
||||||
var Logger *log.Logger
|
|
||||||
|
|
||||||
// logger is an helper function to retrieve the available logger
|
|
||||||
func logger() *log.Logger {
|
|
||||||
if Logger == nil {
|
|
||||||
Logger = log.New(os.Stderr, "", log.LstdFlags)
|
|
||||||
}
|
|
||||||
return Logger
|
|
||||||
}
|
|
||||||
|
|
||||||
var gittag string
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
app := cli.NewApp()
|
|
||||||
app.Name = "lego"
|
|
||||||
app.Usage = "Let's Encrypt client written in Go"
|
|
||||||
|
|
||||||
version := "0.3.0"
|
|
||||||
if strings.HasPrefix(gittag, "v") {
|
|
||||||
version = gittag
|
|
||||||
}
|
|
||||||
|
|
||||||
app.Version = version
|
|
||||||
|
|
||||||
acme.UserAgent = "lego/" + app.Version
|
|
||||||
|
|
||||||
cwd, err := os.Getwd()
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatal("Could not determine current working directory. Please pass --path.")
|
|
||||||
}
|
|
||||||
defaultPath := path.Join(cwd, ".lego")
|
|
||||||
|
|
||||||
app.Commands = []cli.Command{
|
|
||||||
{
|
|
||||||
Name: "run",
|
|
||||||
Usage: "Register an account, then create and install a certificate",
|
|
||||||
Action: run,
|
|
||||||
Flags: []cli.Flag{
|
|
||||||
cli.BoolFlag{
|
|
||||||
Name: "no-bundle",
|
|
||||||
Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "revoke",
|
|
||||||
Usage: "Revoke a certificate",
|
|
||||||
Action: revoke,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "renew",
|
|
||||||
Usage: "Renew a certificate",
|
|
||||||
Action: renew,
|
|
||||||
Flags: []cli.Flag{
|
|
||||||
cli.IntFlag{
|
|
||||||
Name: "days",
|
|
||||||
Value: 0,
|
|
||||||
Usage: "The number of days left on a certificate to renew it.",
|
|
||||||
},
|
|
||||||
cli.BoolFlag{
|
|
||||||
Name: "reuse-key",
|
|
||||||
Usage: "Used to indicate you want to reuse your current private key for the new certificate.",
|
|
||||||
},
|
|
||||||
cli.BoolFlag{
|
|
||||||
Name: "no-bundle",
|
|
||||||
Usage: "Do not create a certificate bundle by adding the issuers certificate to the new certificate.",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "dnshelp",
|
|
||||||
Usage: "Shows additional help for the --dns global option",
|
|
||||||
Action: dnshelp,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
app.Flags = []cli.Flag{
|
|
||||||
cli.StringSliceFlag{
|
|
||||||
Name: "domains, d",
|
|
||||||
Usage: "Add domains to the process",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "server, s",
|
|
||||||
Value: "https://acme-v01.api.letsencrypt.org/directory",
|
|
||||||
Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "email, m",
|
|
||||||
Usage: "Email used for registration and recovery contact.",
|
|
||||||
},
|
|
||||||
cli.BoolFlag{
|
|
||||||
Name: "accept-tos, a",
|
|
||||||
Usage: "By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "key-type, k",
|
|
||||||
Value: "rsa2048",
|
|
||||||
Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "path",
|
|
||||||
Usage: "Directory to use for storing the data",
|
|
||||||
Value: defaultPath,
|
|
||||||
},
|
|
||||||
cli.StringSliceFlag{
|
|
||||||
Name: "exclude, x",
|
|
||||||
Usage: "Explicitly disallow solvers by name from being used. Solvers: \"http-01\", \"tls-sni-01\".",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "webroot",
|
|
||||||
Usage: "Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "http",
|
|
||||||
Usage: "Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "tls",
|
|
||||||
Usage: "Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "dns",
|
|
||||||
Usage: "Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
app.Run(os.Args)
|
|
||||||
}
|
|
||||||
|
|
||||||
func dnshelp(c *cli.Context) {
|
|
||||||
fmt.Printf(
|
|
||||||
`Credentials for DNS providers must be passed through environment variables.
|
|
||||||
|
|
||||||
Here is an example bash command using the CloudFlare DNS provider:
|
|
||||||
|
|
||||||
$ CLOUDFLARE_EMAIL=foo@bar.com \
|
|
||||||
CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
|
|
||||||
lego --dns cloudflare --domains www.example.com --email me@bar.com run
|
|
||||||
|
|
||||||
`)
|
|
||||||
|
|
||||||
w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
|
|
||||||
fmt.Fprintln(w, "Valid providers and their associated credential environment variables:")
|
|
||||||
fmt.Fprintln(w)
|
|
||||||
fmt.Fprintln(w, "\tcloudflare:\tCLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY")
|
|
||||||
fmt.Fprintln(w, "\tdigitalocean:\tDO_AUTH_TOKEN")
|
|
||||||
fmt.Fprintln(w, "\tdnsimple:\tDNSIMPLE_EMAIL, DNSIMPLE_API_KEY")
|
|
||||||
fmt.Fprintln(w, "\tgandi:\tGANDI_API_KEY")
|
|
||||||
fmt.Fprintln(w, "\tgcloud:\tGCE_PROJECT")
|
|
||||||
fmt.Fprintln(w, "\tmanual:\tnone")
|
|
||||||
fmt.Fprintln(w, "\tnamecheap:\tNAMECHEAP_API_USER, NAMECHEAP_API_KEY")
|
|
||||||
fmt.Fprintln(w, "\trfc2136:\tRFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,\n\t\tRFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER")
|
|
||||||
fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION")
|
|
||||||
fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD")
|
|
||||||
fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY")
|
|
||||||
w.Flush()
|
|
||||||
|
|
||||||
fmt.Println(`
|
|
||||||
For a more detailed explanation of a DNS provider's credential variables,
|
|
||||||
please consult their online documentation.`)
|
|
||||||
}
|
|
333
cli_handlers.go
333
cli_handlers.go
|
@ -1,333 +0,0 @@
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bufio"
|
|
||||||
"encoding/json"
|
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
|
||||||
"path"
|
|
||||||
"strings"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/codegangsta/cli"
|
|
||||||
"github.com/xenolf/lego/acme"
|
|
||||||
"github.com/xenolf/lego/providers/dns/cloudflare"
|
|
||||||
"github.com/xenolf/lego/providers/dns/digitalocean"
|
|
||||||
"github.com/xenolf/lego/providers/dns/dnsimple"
|
|
||||||
"github.com/xenolf/lego/providers/dns/dyn"
|
|
||||||
"github.com/xenolf/lego/providers/dns/gandi"
|
|
||||||
"github.com/xenolf/lego/providers/dns/googlecloud"
|
|
||||||
"github.com/xenolf/lego/providers/dns/namecheap"
|
|
||||||
"github.com/xenolf/lego/providers/dns/rfc2136"
|
|
||||||
"github.com/xenolf/lego/providers/dns/route53"
|
|
||||||
"github.com/xenolf/lego/providers/dns/vultr"
|
|
||||||
"github.com/xenolf/lego/providers/http/webroot"
|
|
||||||
)
|
|
||||||
|
|
||||||
func checkFolder(path string) error {
|
|
||||||
if _, err := os.Stat(path); os.IsNotExist(err) {
|
|
||||||
return os.MkdirAll(path, 0700)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
|
|
||||||
err := checkFolder(c.GlobalString("path"))
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not check/create path: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
conf := NewConfiguration(c)
|
|
||||||
if len(c.GlobalString("email")) == 0 {
|
|
||||||
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
|
|
||||||
}
|
|
||||||
|
|
||||||
//TODO: move to account struct? Currently MUST pass email.
|
|
||||||
acc := NewAccount(c.GlobalString("email"), conf)
|
|
||||||
|
|
||||||
keyType, err := conf.KeyType()
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatal(err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
client, err := acme.NewClient(c.GlobalString("server"), acc, keyType)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not create client: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(c.GlobalStringSlice("exclude")) > 0 {
|
|
||||||
client.ExcludeChallenges(conf.ExcludedSolvers())
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.GlobalIsSet("webroot") {
|
|
||||||
provider, err := webroot.NewHTTPProvider(c.GlobalString("webroot"))
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
client.SetChallengeProvider(acme.HTTP01, provider)
|
|
||||||
|
|
||||||
// --webroot=foo indicates that the user specifically want to do a HTTP challenge
|
|
||||||
// infer that the user also wants to exclude all other challenges
|
|
||||||
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
|
|
||||||
}
|
|
||||||
if c.GlobalIsSet("http") {
|
|
||||||
if strings.Index(c.GlobalString("http"), ":") == -1 {
|
|
||||||
logger().Fatalf("The --http switch only accepts interface:port or :port for its argument.")
|
|
||||||
}
|
|
||||||
client.SetHTTPAddress(c.GlobalString("http"))
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.GlobalIsSet("tls") {
|
|
||||||
if strings.Index(c.GlobalString("tls"), ":") == -1 {
|
|
||||||
logger().Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
|
|
||||||
}
|
|
||||||
client.SetTLSAddress(c.GlobalString("tls"))
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.GlobalIsSet("dns") {
|
|
||||||
var err error
|
|
||||||
var provider acme.ChallengeProvider
|
|
||||||
switch c.GlobalString("dns") {
|
|
||||||
case "cloudflare":
|
|
||||||
provider, err = cloudflare.NewDNSProvider()
|
|
||||||
case "digitalocean":
|
|
||||||
provider, err = digitalocean.NewDNSProvider()
|
|
||||||
case "dnsimple":
|
|
||||||
provider, err = dnsimple.NewDNSProvider()
|
|
||||||
case "dyn":
|
|
||||||
provider, err = dyn.NewDNSProvider()
|
|
||||||
case "gandi":
|
|
||||||
provider, err = gandi.NewDNSProvider()
|
|
||||||
case "gcloud":
|
|
||||||
provider, err = googlecloud.NewDNSProvider()
|
|
||||||
case "manual":
|
|
||||||
provider, err = acme.NewDNSProviderManual()
|
|
||||||
case "namecheap":
|
|
||||||
provider, err = namecheap.NewDNSProvider()
|
|
||||||
case "route53":
|
|
||||||
provider, err = route53.NewDNSProvider()
|
|
||||||
case "rfc2136":
|
|
||||||
provider, err = rfc2136.NewDNSProvider()
|
|
||||||
case "vultr":
|
|
||||||
provider, err = vultr.NewDNSProvider()
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
client.SetChallengeProvider(acme.DNS01, provider)
|
|
||||||
|
|
||||||
// --dns=foo indicates that the user specifically want to do a DNS challenge
|
|
||||||
// infer that the user also wants to exclude all other challenges
|
|
||||||
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
|
|
||||||
}
|
|
||||||
|
|
||||||
return conf, acc, client
|
|
||||||
}
|
|
||||||
|
|
||||||
func saveCertRes(certRes acme.CertificateResource, conf *Configuration) {
|
|
||||||
// We store the certificate, private key and metadata in different files
|
|
||||||
// as web servers would not be able to work with a combined file.
|
|
||||||
certOut := path.Join(conf.CertPath(), certRes.Domain+".crt")
|
|
||||||
privOut := path.Join(conf.CertPath(), certRes.Domain+".key")
|
|
||||||
metaOut := path.Join(conf.CertPath(), certRes.Domain+".json")
|
|
||||||
|
|
||||||
err := ioutil.WriteFile(certOut, certRes.Certificate, 0600)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Unable to save Certificate for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
err = ioutil.WriteFile(privOut, certRes.PrivateKey, 0600)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Unable to save PrivateKey for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
jsonBytes, err := json.MarshalIndent(certRes, "", "\t")
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Unable to marshal CertResource for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
err = ioutil.WriteFile(metaOut, jsonBytes, 0600)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Unable to save CertResource for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleTOS(c *cli.Context, client *acme.Client, acc *Account) {
|
|
||||||
// Check for a global accept override
|
|
||||||
if c.GlobalBool("accept-tos") {
|
|
||||||
err := client.AgreeToTOS()
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not agree to TOS: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
acc.Save()
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
reader := bufio.NewReader(os.Stdin)
|
|
||||||
logger().Printf("Please review the TOS at %s", acc.Registration.TosURL)
|
|
||||||
|
|
||||||
for {
|
|
||||||
logger().Println("Do you accept the TOS? Y/n")
|
|
||||||
text, err := reader.ReadString('\n')
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not read from console: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
text = strings.Trim(text, "\r\n")
|
|
||||||
|
|
||||||
if text == "n" {
|
|
||||||
logger().Fatal("You did not accept the TOS. Unable to proceed.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if text == "Y" || text == "y" || text == "" {
|
|
||||||
err = client.AgreeToTOS()
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not agree to TOS: %s", err.Error())
|
|
||||||
}
|
|
||||||
acc.Save()
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
logger().Println("Your input was invalid. Please answer with one of Y/y, n or by pressing enter.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func run(c *cli.Context) {
|
|
||||||
conf, acc, client := setup(c)
|
|
||||||
if acc.Registration == nil {
|
|
||||||
reg, err := client.Register()
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not complete registration\n\t%s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
acc.Registration = reg
|
|
||||||
acc.Save()
|
|
||||||
|
|
||||||
logger().Print("!!!! HEADS UP !!!!")
|
|
||||||
logger().Printf(`
|
|
||||||
Your account credentials have been saved in your Let's Encrypt
|
|
||||||
configuration directory at "%s".
|
|
||||||
You should make a secure backup of this folder now. This
|
|
||||||
configuration directory will also contain certificates and
|
|
||||||
private keys obtained from Let's Encrypt so making regular
|
|
||||||
backups of this folder is ideal.`, conf.AccountPath(c.GlobalString("email")))
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the agreement URL is empty, the account still needs to accept the LE TOS.
|
|
||||||
if acc.Registration.Body.Agreement == "" {
|
|
||||||
handleTOS(c, client, acc)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(c.GlobalStringSlice("domains")) == 0 {
|
|
||||||
logger().Fatal("Please specify --domains or -d")
|
|
||||||
}
|
|
||||||
|
|
||||||
cert, failures := client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil)
|
|
||||||
if len(failures) > 0 {
|
|
||||||
for k, v := range failures {
|
|
||||||
logger().Printf("[%s] Could not obtain certificates\n\t%s", k, v.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Make sure to return a non-zero exit code if ObtainSANCertificate
|
|
||||||
// returned at least one error. Due to us not returning partial
|
|
||||||
// certificate we can just exit here instead of at the end.
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
err := checkFolder(conf.CertPath())
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not check/create path: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
saveCertRes(cert, conf)
|
|
||||||
}
|
|
||||||
|
|
||||||
func revoke(c *cli.Context) {
|
|
||||||
|
|
||||||
conf, _, client := setup(c)
|
|
||||||
|
|
||||||
err := checkFolder(conf.CertPath())
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Could not check/create path: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, domain := range c.GlobalStringSlice("domains") {
|
|
||||||
logger().Printf("Trying to revoke certificate for domain %s", domain)
|
|
||||||
|
|
||||||
certPath := path.Join(conf.CertPath(), domain+".crt")
|
|
||||||
certBytes, err := ioutil.ReadFile(certPath)
|
|
||||||
|
|
||||||
err = client.RevokeCertificate(certBytes)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while revoking the certificate for domain %s\n\t%s", domain, err.Error())
|
|
||||||
} else {
|
|
||||||
logger().Print("Certificate was revoked.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func renew(c *cli.Context) {
|
|
||||||
conf, _, client := setup(c)
|
|
||||||
|
|
||||||
if len(c.GlobalStringSlice("domains")) <= 0 {
|
|
||||||
logger().Fatal("Please specify at least one domain.")
|
|
||||||
}
|
|
||||||
|
|
||||||
domain := c.GlobalStringSlice("domains")[0]
|
|
||||||
|
|
||||||
// load the cert resource from files.
|
|
||||||
// We store the certificate, private key and metadata in different files
|
|
||||||
// as web servers would not be able to work with a combined file.
|
|
||||||
certPath := path.Join(conf.CertPath(), domain+".crt")
|
|
||||||
privPath := path.Join(conf.CertPath(), domain+".key")
|
|
||||||
metaPath := path.Join(conf.CertPath(), domain+".json")
|
|
||||||
|
|
||||||
certBytes, err := ioutil.ReadFile(certPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.IsSet("days") {
|
|
||||||
expTime, err := acme.GetPEMCertExpiration(certBytes)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Could not get Certification expiration for domain %s", domain)
|
|
||||||
}
|
|
||||||
|
|
||||||
if int(expTime.Sub(time.Now()).Hours()/24.0) > c.Int("days") {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
metaBytes, err := ioutil.ReadFile(metaPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
var certRes acme.CertificateResource
|
|
||||||
err = json.Unmarshal(metaBytes, &certRes)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.Bool("reuse-key") {
|
|
||||||
keyBytes, err := ioutil.ReadFile(privPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
certRes.PrivateKey = keyBytes
|
|
||||||
}
|
|
||||||
|
|
||||||
certRes.Certificate = certBytes
|
|
||||||
|
|
||||||
newCert, err := client.RenewCertificate(certRes, !c.Bool("no-bundle"))
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("%s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
saveCertRes(newCert, conf)
|
|
||||||
}
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"path"
|
"path"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gianluca311/lego/cmd/utils"
|
"github.com/xenolf/lego/cmd/utils"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/xenolf/lego/acme"
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
|
@ -4,7 +4,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"path"
|
"path"
|
||||||
|
|
||||||
"github.com/gianluca311/lego/cmd/utils"
|
"github.com/xenolf/lego/cmd/utils"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ package cmd
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/gianluca311/lego/cmd/utils"
|
"github.com/xenolf/lego/cmd/utils"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,3 @@
|
||||||
// Copyright © 2016 NAME HERE <EMAIL ADDRESS>
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|
2
main.go
2
main.go
|
@ -1,6 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import "github.com/gianluca311/lego/cmd"
|
import "github.com/xenolf/lego/cmd"
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
cmd.Execute()
|
cmd.Execute()
|
||||||
|
|
Loading…
Reference in a new issue