forked from TrueCloudLab/lego
Add bare-bones acme usage example
This commit is contained in:
Matt Holt
parent
34910bd541
commit
d44f8a48a2
1 changed files with 66 additions and 0 deletions
66
README.md
66
README.md
|
|
@ -47,3 +47,69 @@ GLOBAL OPTIONS:
|
||||||
--help, -h show help
|
--help, -h show help
|
||||||
--version, -v print the version
|
--version, -v print the version
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
#### ACME Library Usage
|
||||||
|
|
||||||
|
A valid, but bare-bones example use of the acme package:
|
||||||
|
|
||||||
|
```go
|
||||||
|
// You'll need a user or account type that implements acme.User
|
||||||
|
type MyUser struct {
|
||||||
|
Email string
|
||||||
|
Registration *acme.RegistrationResource
|
||||||
|
key *rsa.PrivateKey
|
||||||
|
}
|
||||||
|
func (u MyUser) GetEmail() string {
|
||||||
|
return u.Email
|
||||||
|
}
|
||||||
|
func (u MyUser) GetRegistration() *acme.RegistrationResource {
|
||||||
|
return u.Registration
|
||||||
|
}
|
||||||
|
func (u MyUser) GetPrivateKey() *rsa.PrivateKey {
|
||||||
|
return u.key
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create a user. New accounts need an email and private key to start.
|
||||||
|
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
myUser := MyUser{
|
||||||
|
Email: "you@yours.com",
|
||||||
|
key: privateKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
// A client facilitates communication with the CA server. This CA URL is
|
||||||
|
// configured for a local dev instance of Boulder running in Docker in a VM.
|
||||||
|
// We specify an optPort of 5001 because we aren't running as root and can't
|
||||||
|
// bind a listener to port 443 (used later when we attempt to pass challenge).
|
||||||
|
client := acme.NewClient("http://192.168.99.100:4000", &myUser, 2048, "5001")
|
||||||
|
|
||||||
|
// New users will need to register; be sure to save it
|
||||||
|
reg, err := client.Register()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
myUser.Registration = reg
|
||||||
|
|
||||||
|
// The client has a URL to the current Let's Encrypt Subscriber
|
||||||
|
// Agreement. The user will need to agree to it.
|
||||||
|
err = client.AgreeToTos()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The acme library takes care of completing the challenges to obtain the certificate(s).
|
||||||
|
// Of course, the hostnames must resolve to this machine or it will fail.
|
||||||
|
certificates, err := client.ObtainCertificates([]string{"mydomain.com"})
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Each certificate comes back with the cert bytes, the bytes of the server's
|
||||||
|
// private key, and a certificate URL. This is where you should save them to files!
|
||||||
|
fmt.Printf("%#v\n", certificates)
|
||||||
|
|
||||||
|
// ... all done.
|
||||||
|
```
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue