2015-06-08 21:54:15 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
2016-06-19 05:55:15 +00:00
|
|
|
"bytes"
|
2016-06-08 02:50:52 +00:00
|
|
|
"crypto/x509"
|
2015-10-18 22:40:59 +00:00
|
|
|
"encoding/json"
|
2016-02-12 01:02:00 +00:00
|
|
|
"encoding/pem"
|
2015-06-13 01:56:34 +00:00
|
|
|
"io/ioutil"
|
2016-07-21 01:24:11 +00:00
|
|
|
"net/http"
|
2015-06-08 21:54:15 +00:00
|
|
|
"os"
|
2015-06-13 01:56:34 +00:00
|
|
|
"path"
|
2015-06-08 21:54:15 +00:00
|
|
|
"strings"
|
2015-12-06 21:35:52 +00:00
|
|
|
"time"
|
2015-06-08 21:54:15 +00:00
|
|
|
|
2016-07-13 19:03:47 +00:00
|
|
|
"github.com/urfave/cli"
|
2015-06-08 21:54:15 +00:00
|
|
|
"github.com/xenolf/lego/acme"
|
2016-10-12 00:42:20 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/auroradns"
|
2016-11-14 10:41:37 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/azure"
|
2016-02-29 02:48:41 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/cloudflare"
|
|
|
|
"github.com/xenolf/lego/providers/dns/digitalocean"
|
|
|
|
"github.com/xenolf/lego/providers/dns/dnsimple"
|
2016-06-28 21:00:05 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/dnsmadeeasy"
|
2016-11-14 10:41:37 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/dnspod"
|
2016-03-17 20:59:15 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/dyn"
|
2016-11-07 07:37:57 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/exoscale"
|
2016-03-12 16:13:24 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/gandi"
|
2016-03-18 15:22:33 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/googlecloud"
|
2016-08-29 19:37:19 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/linode"
|
2016-03-14 21:28:40 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/namecheap"
|
2016-10-18 08:20:15 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/ns1"
|
2016-06-24 18:23:28 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/ovh"
|
2016-08-19 07:07:18 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/pdns"
|
2016-11-04 09:29:14 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/rackspace"
|
2016-02-29 02:48:41 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/rfc2136"
|
|
|
|
"github.com/xenolf/lego/providers/dns/route53"
|
2016-03-20 23:23:37 +00:00
|
|
|
"github.com/xenolf/lego/providers/dns/vultr"
|
2016-10-24 09:03:18 +00:00
|
|
|
"github.com/xenolf/lego/providers/http/memcached"
|
2016-03-14 10:52:45 +00:00
|
|
|
"github.com/xenolf/lego/providers/http/webroot"
|
2015-06-08 21:54:15 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func checkFolder(path string) error {
|
|
|
|
if _, err := os.Stat(path); os.IsNotExist(err) {
|
|
|
|
return os.MkdirAll(path, 0700)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-10-18 22:40:59 +00:00
|
|
|
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
|
2016-05-19 16:52:44 +00:00
|
|
|
|
|
|
|
if c.GlobalIsSet("http-timeout") {
|
2016-07-21 01:24:11 +00:00
|
|
|
acme.HTTPClient = http.Client{Timeout: time.Duration(c.GlobalInt("http-timeout")) * time.Second}
|
2016-05-19 16:52:44 +00:00
|
|
|
}
|
|
|
|
|
2016-05-25 03:22:09 +00:00
|
|
|
if c.GlobalIsSet("dns-timeout") {
|
|
|
|
acme.DNSTimeout = time.Duration(c.GlobalInt("dns-timeout")) * time.Second
|
|
|
|
}
|
|
|
|
|
2016-08-19 09:27:26 +00:00
|
|
|
if len(c.GlobalStringSlice("dns-resolvers")) > 0 {
|
|
|
|
resolvers := []string{}
|
|
|
|
for _, resolver := range c.GlobalStringSlice("dns-resolvers") {
|
|
|
|
if !strings.Contains(resolver, ":") {
|
|
|
|
resolver += ":53"
|
|
|
|
}
|
|
|
|
resolvers = append(resolvers, resolver)
|
|
|
|
}
|
|
|
|
acme.RecursiveNameservers = resolvers
|
|
|
|
}
|
|
|
|
|
2015-06-12 21:34:49 +00:00
|
|
|
err := checkFolder(c.GlobalString("path"))
|
2015-06-08 21:54:15 +00:00
|
|
|
if err != nil {
|
2016-02-15 14:18:31 +00:00
|
|
|
logger().Fatalf("Could not check/create path: %s", err.Error())
|
2015-06-08 21:54:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
conf := NewConfiguration(c)
|
2015-12-15 18:21:46 +00:00
|
|
|
if len(c.GlobalString("email")) == 0 {
|
2015-06-08 21:54:15 +00:00
|
|
|
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
|
|
|
|
}
|
|
|
|
|
2015-10-18 22:40:59 +00:00
|
|
|
//TODO: move to account struct? Currently MUST pass email.
|
2015-06-08 21:54:15 +00:00
|
|
|
acc := NewAccount(c.GlobalString("email"), conf)
|
2015-10-27 23:05:40 +00:00
|
|
|
|
2016-01-27 01:01:39 +00:00
|
|
|
keyType, err := conf.KeyType()
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatal(err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
client, err := acme.NewClient(c.GlobalString("server"), acc, keyType)
|
2015-10-27 23:05:40 +00:00
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Could not create client: %s", err.Error())
|
2015-10-27 23:05:40 +00:00
|
|
|
}
|
|
|
|
|
2015-12-27 17:30:04 +00:00
|
|
|
if len(c.GlobalStringSlice("exclude")) > 0 {
|
|
|
|
client.ExcludeChallenges(conf.ExcludedSolvers())
|
|
|
|
}
|
|
|
|
|
2016-02-10 11:19:29 +00:00
|
|
|
if c.GlobalIsSet("webroot") {
|
2016-03-16 10:32:09 +00:00
|
|
|
provider, err := webroot.NewHTTPProvider(c.GlobalString("webroot"))
|
2016-02-10 15:55:10 +00:00
|
|
|
if err != nil {
|
|
|
|
logger().Fatal(err)
|
|
|
|
}
|
|
|
|
|
2016-02-10 16:00:20 +00:00
|
|
|
client.SetChallengeProvider(acme.HTTP01, provider)
|
2016-03-14 21:28:40 +00:00
|
|
|
|
2016-03-15 10:38:23 +00:00
|
|
|
// --webroot=foo indicates that the user specifically want to do a HTTP challenge
|
|
|
|
// infer that the user also wants to exclude all other challenges
|
|
|
|
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
|
2016-10-24 09:03:18 +00:00
|
|
|
}
|
|
|
|
if c.GlobalIsSet("memcached-host") {
|
|
|
|
provider, err := memcached.NewMemcachedProvider(c.GlobalStringSlice("memcached-host"))
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
client.SetChallengeProvider(acme.HTTP01, provider)
|
|
|
|
|
|
|
|
// --memcached-host=foo:11211 indicates that the user specifically want to do a HTTP challenge
|
|
|
|
// infer that the user also wants to exclude all other challenges
|
|
|
|
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
|
2016-02-10 11:19:29 +00:00
|
|
|
}
|
2016-01-08 07:05:07 +00:00
|
|
|
if c.GlobalIsSet("http") {
|
2016-02-19 21:11:41 +00:00
|
|
|
if strings.Index(c.GlobalString("http"), ":") == -1 {
|
|
|
|
logger().Fatalf("The --http switch only accepts interface:port or :port for its argument.")
|
|
|
|
}
|
2016-01-08 07:05:07 +00:00
|
|
|
client.SetHTTPAddress(c.GlobalString("http"))
|
2015-12-27 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
2016-01-08 07:05:07 +00:00
|
|
|
if c.GlobalIsSet("tls") {
|
2016-02-19 21:11:41 +00:00
|
|
|
if strings.Index(c.GlobalString("tls"), ":") == -1 {
|
|
|
|
logger().Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
|
|
|
|
}
|
2016-01-08 07:05:07 +00:00
|
|
|
client.SetTLSAddress(c.GlobalString("tls"))
|
2015-12-27 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
2016-01-30 01:40:57 +00:00
|
|
|
if c.GlobalIsSet("dns") {
|
|
|
|
var err error
|
|
|
|
var provider acme.ChallengeProvider
|
|
|
|
switch c.GlobalString("dns") {
|
2016-11-02 14:33:57 +00:00
|
|
|
case "azure":
|
|
|
|
provider, err = azure.NewDNSProvider()
|
2016-10-12 00:42:20 +00:00
|
|
|
case "auroradns":
|
|
|
|
provider, err = auroradns.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
case "cloudflare":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = cloudflare.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
case "digitalocean":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = digitalocean.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
case "dnsimple":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = dnsimple.NewDNSProvider()
|
2016-06-28 21:00:05 +00:00
|
|
|
case "dnsmadeeasy":
|
|
|
|
provider, err = dnsmadeeasy.NewDNSProvider()
|
2016-11-07 07:37:57 +00:00
|
|
|
case "exoscale":
|
|
|
|
provider, err = exoscale.NewDNSProvider()
|
2016-03-17 20:59:15 +00:00
|
|
|
case "dyn":
|
|
|
|
provider, err = dyn.NewDNSProvider()
|
2016-03-12 16:13:24 +00:00
|
|
|
case "gandi":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = gandi.NewDNSProvider()
|
2016-03-18 15:22:33 +00:00
|
|
|
case "gcloud":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = googlecloud.NewDNSProvider()
|
2016-08-29 19:37:19 +00:00
|
|
|
case "linode":
|
|
|
|
provider, err = linode.NewDNSProvider()
|
2016-03-17 20:59:15 +00:00
|
|
|
case "manual":
|
|
|
|
provider, err = acme.NewDNSProviderManual()
|
2016-03-14 21:28:40 +00:00
|
|
|
case "namecheap":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = namecheap.NewDNSProvider()
|
2016-11-04 09:29:14 +00:00
|
|
|
case "rackspace":
|
|
|
|
provider, err = rackspace.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
case "route53":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = route53.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
case "rfc2136":
|
2016-03-17 20:59:15 +00:00
|
|
|
provider, err = rfc2136.NewDNSProvider()
|
2016-03-20 23:23:37 +00:00
|
|
|
case "vultr":
|
|
|
|
provider, err = vultr.NewDNSProvider()
|
2016-06-16 19:11:19 +00:00
|
|
|
case "ovh":
|
|
|
|
provider, err = ovh.NewDNSProvider()
|
2016-08-19 07:07:18 +00:00
|
|
|
case "pdns":
|
|
|
|
provider, err = pdns.NewDNSProvider()
|
2016-10-18 08:20:15 +00:00
|
|
|
case "ns1":
|
|
|
|
provider, err = ns1.NewDNSProvider()
|
2016-11-14 10:41:37 +00:00
|
|
|
case "dnspod":
|
|
|
|
provider, err = dnspod.NewDNSProvider()
|
2016-01-30 01:40:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
client.SetChallengeProvider(acme.DNS01, provider)
|
2016-02-12 01:47:47 +00:00
|
|
|
|
|
|
|
// --dns=foo indicates that the user specifically want to do a DNS challenge
|
|
|
|
// infer that the user also wants to exclude all other challenges
|
|
|
|
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
|
2016-01-30 01:40:57 +00:00
|
|
|
}
|
|
|
|
|
2015-10-27 23:05:40 +00:00
|
|
|
return conf, acc, client
|
2015-10-18 22:40:59 +00:00
|
|
|
}
|
|
|
|
|
2015-10-19 01:18:06 +00:00
|
|
|
func saveCertRes(certRes acme.CertificateResource, conf *Configuration) {
|
2015-10-18 22:40:59 +00:00
|
|
|
// We store the certificate, private key and metadata in different files
|
|
|
|
// as web servers would not be able to work with a combined file.
|
|
|
|
certOut := path.Join(conf.CertPath(), certRes.Domain+".crt")
|
|
|
|
privOut := path.Join(conf.CertPath(), certRes.Domain+".key")
|
2016-06-19 05:55:15 +00:00
|
|
|
pemOut := path.Join(conf.CertPath(), certRes.Domain+".pem")
|
2015-10-18 22:40:59 +00:00
|
|
|
metaOut := path.Join(conf.CertPath(), certRes.Domain+".json")
|
|
|
|
|
|
|
|
err := ioutil.WriteFile(certOut, certRes.Certificate, 0600)
|
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Unable to save Certificate for domain %s\n\t%s", certRes.Domain, err.Error())
|
2015-10-18 22:40:59 +00:00
|
|
|
}
|
|
|
|
|
2016-02-12 01:02:00 +00:00
|
|
|
if certRes.PrivateKey != nil {
|
|
|
|
// if we were given a CSR, we don't know the private key
|
|
|
|
err = ioutil.WriteFile(privOut, certRes.PrivateKey, 0600)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Unable to save PrivateKey for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
|
|
}
|
2016-06-19 05:55:15 +00:00
|
|
|
|
|
|
|
if conf.context.GlobalBool("pem") {
|
|
|
|
err = ioutil.WriteFile(pemOut, bytes.Join([][]byte{certRes.Certificate, certRes.PrivateKey}, nil), 0600)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Unable to save Certificate and PrivateKey in .pem for domain %s\n\t%s", certRes.Domain, err.Error())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} else if conf.context.GlobalBool("pem") {
|
|
|
|
// we don't have the private key; can't write the .pem file
|
|
|
|
logger().Fatalf("Unable to save pem without private key for domain %s\n\t%s; are you using a CSR?", certRes.Domain, err.Error())
|
2015-10-18 22:40:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
jsonBytes, err := json.MarshalIndent(certRes, "", "\t")
|
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Unable to marshal CertResource for domain %s\n\t%s", certRes.Domain, err.Error())
|
2015-10-18 22:40:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = ioutil.WriteFile(metaOut, jsonBytes, 0600)
|
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Unable to save CertResource for domain %s\n\t%s", certRes.Domain, err.Error())
|
2015-10-18 22:40:59 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-15 02:51:59 +00:00
|
|
|
func handleTOS(c *cli.Context, client *acme.Client, acc *Account) {
|
|
|
|
// Check for a global accept override
|
|
|
|
if c.GlobalBool("accept-tos") {
|
|
|
|
err := client.AgreeToTOS()
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Could not agree to TOS: %s", err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
acc.Save()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
reader := bufio.NewReader(os.Stdin)
|
|
|
|
logger().Printf("Please review the TOS at %s", acc.Registration.TosURL)
|
|
|
|
|
|
|
|
for {
|
|
|
|
logger().Println("Do you accept the TOS? Y/n")
|
|
|
|
text, err := reader.ReadString('\n')
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Could not read from console: %s", err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
text = strings.Trim(text, "\r\n")
|
|
|
|
|
|
|
|
if text == "n" {
|
|
|
|
logger().Fatal("You did not accept the TOS. Unable to proceed.")
|
|
|
|
}
|
|
|
|
|
|
|
|
if text == "Y" || text == "y" || text == "" {
|
|
|
|
err = client.AgreeToTOS()
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Could not agree to TOS: %s", err.Error())
|
|
|
|
}
|
|
|
|
acc.Save()
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
logger().Println("Your input was invalid. Please answer with one of Y/y, n or by pressing enter.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-08 02:50:52 +00:00
|
|
|
func readCSRFile(filename string) (*x509.CertificateRequest, error) {
|
2016-02-12 01:02:00 +00:00
|
|
|
bytes, err := ioutil.ReadFile(filename)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2016-06-08 02:50:52 +00:00
|
|
|
raw := bytes
|
2016-02-12 01:02:00 +00:00
|
|
|
|
|
|
|
// see if we can find a PEM-encoded CSR
|
|
|
|
var p *pem.Block
|
|
|
|
rest := bytes
|
|
|
|
for {
|
|
|
|
// decode a PEM block
|
|
|
|
p, rest = pem.Decode(rest)
|
|
|
|
|
|
|
|
// did we fail?
|
|
|
|
if p == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
// did we get a CSR?
|
|
|
|
if p.Type == "CERTIFICATE REQUEST" {
|
2016-06-08 02:50:52 +00:00
|
|
|
raw = p.Bytes
|
2016-02-12 01:02:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// no PEM-encoded CSR
|
|
|
|
// assume we were given a DER-encoded ASN.1 CSR
|
|
|
|
// (if this assumption is wrong, parsing these bytes will fail)
|
2016-06-08 02:50:52 +00:00
|
|
|
return x509.ParseCertificateRequest(raw)
|
2016-02-12 01:02:00 +00:00
|
|
|
}
|
|
|
|
|
2016-05-12 17:52:59 +00:00
|
|
|
func run(c *cli.Context) error {
|
2015-10-18 22:40:59 +00:00
|
|
|
conf, acc, client := setup(c)
|
2015-06-08 21:54:15 +00:00
|
|
|
if acc.Registration == nil {
|
|
|
|
reg, err := client.Register()
|
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Could not complete registration\n\t%s", err.Error())
|
2015-06-08 21:54:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
acc.Registration = reg
|
|
|
|
acc.Save()
|
|
|
|
|
|
|
|
logger().Print("!!!! HEADS UP !!!!")
|
|
|
|
logger().Printf(`
|
2015-09-26 18:00:19 +00:00
|
|
|
Your account credentials have been saved in your Let's Encrypt
|
|
|
|
configuration directory at "%s".
|
|
|
|
You should make a secure backup of this folder now. This
|
|
|
|
configuration directory will also contain certificates and
|
|
|
|
private keys obtained from Let's Encrypt so making regular
|
|
|
|
backups of this folder is ideal.`, conf.AccountPath(c.GlobalString("email")))
|
2015-06-08 21:54:15 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2016-02-15 02:51:59 +00:00
|
|
|
// If the agreement URL is empty, the account still needs to accept the LE TOS.
|
2015-06-08 21:54:15 +00:00
|
|
|
if acc.Registration.Body.Agreement == "" {
|
2016-02-15 02:51:59 +00:00
|
|
|
handleTOS(c, client, acc)
|
2015-06-08 21:54:15 +00:00
|
|
|
}
|
|
|
|
|
2016-02-12 01:02:00 +00:00
|
|
|
// we require either domains or csr, but not both
|
|
|
|
hasDomains := len(c.GlobalStringSlice("domains")) > 0
|
|
|
|
hasCsr := len(c.GlobalString("csr")) > 0
|
|
|
|
if hasDomains && hasCsr {
|
|
|
|
logger().Fatal("Please specify either --domains/-d or --csr/-c, but not both")
|
|
|
|
}
|
|
|
|
if !hasDomains && !hasCsr {
|
|
|
|
logger().Fatal("Please specify --domains/-d (or --csr/-c if you already have a CSR)")
|
|
|
|
}
|
|
|
|
|
|
|
|
var cert acme.CertificateResource
|
|
|
|
var failures map[string]error
|
|
|
|
|
|
|
|
if hasDomains {
|
|
|
|
// obtain a certificate, generating a new private key
|
2016-10-27 09:22:10 +00:00
|
|
|
cert, failures = client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil, c.Bool("must-staple"))
|
2016-02-12 01:02:00 +00:00
|
|
|
} else {
|
|
|
|
// read the CSR
|
|
|
|
csr, err := readCSRFile(c.GlobalString("csr"))
|
|
|
|
if err != nil {
|
|
|
|
// we couldn't read the CSR
|
|
|
|
failures = map[string]error{"csr": err}
|
|
|
|
} else {
|
|
|
|
// obtain a certificate for this CSR
|
2016-06-08 02:50:52 +00:00
|
|
|
cert, failures = client.ObtainCertificateForCSR(*csr, !c.Bool("no-bundle"))
|
2016-02-12 01:02:00 +00:00
|
|
|
}
|
2015-06-08 21:54:15 +00:00
|
|
|
}
|
|
|
|
|
2015-11-02 00:01:00 +00:00
|
|
|
if len(failures) > 0 {
|
|
|
|
for k, v := range failures {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Printf("[%s] Could not obtain certificates\n\t%s", k, v.Error())
|
2015-11-02 00:01:00 +00:00
|
|
|
}
|
2015-12-15 18:18:51 +00:00
|
|
|
|
2015-12-07 15:52:59 +00:00
|
|
|
// Make sure to return a non-zero exit code if ObtainSANCertificate
|
|
|
|
// returned at least one error. Due to us not returning partial
|
|
|
|
// certificate we can just exit here instead of at the end.
|
|
|
|
os.Exit(1)
|
2015-06-13 01:56:34 +00:00
|
|
|
}
|
|
|
|
|
2015-11-02 00:01:00 +00:00
|
|
|
err := checkFolder(conf.CertPath())
|
2015-06-13 01:56:34 +00:00
|
|
|
if err != nil {
|
2016-02-15 14:18:31 +00:00
|
|
|
logger().Fatalf("Could not check/create path: %s", err.Error())
|
2015-06-13 01:56:34 +00:00
|
|
|
}
|
|
|
|
|
2015-11-11 17:05:09 +00:00
|
|
|
saveCertRes(cert, conf)
|
2016-05-12 17:52:59 +00:00
|
|
|
|
|
|
|
return nil
|
2015-06-08 21:54:15 +00:00
|
|
|
}
|
2015-09-27 12:51:44 +00:00
|
|
|
|
2016-05-12 17:52:59 +00:00
|
|
|
func revoke(c *cli.Context) error {
|
2015-09-27 12:51:44 +00:00
|
|
|
|
2015-10-18 22:40:59 +00:00
|
|
|
conf, _, client := setup(c)
|
2015-09-27 12:51:44 +00:00
|
|
|
|
2015-10-18 22:40:59 +00:00
|
|
|
err := checkFolder(conf.CertPath())
|
2015-09-27 12:51:44 +00:00
|
|
|
if err != nil {
|
2016-02-15 14:18:31 +00:00
|
|
|
logger().Fatalf("Could not check/create path: %s", err.Error())
|
2015-09-27 12:51:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, domain := range c.GlobalStringSlice("domains") {
|
|
|
|
logger().Printf("Trying to revoke certificate for domain %s", domain)
|
|
|
|
|
|
|
|
certPath := path.Join(conf.CertPath(), domain+".crt")
|
|
|
|
certBytes, err := ioutil.ReadFile(certPath)
|
|
|
|
|
|
|
|
err = client.RevokeCertificate(certBytes)
|
|
|
|
if err != nil {
|
2015-12-07 15:52:59 +00:00
|
|
|
logger().Fatalf("Error while revoking the certificate for domain %s\n\t%s", domain, err.Error())
|
2015-09-27 12:51:44 +00:00
|
|
|
} else {
|
|
|
|
logger().Print("Certificate was revoked.")
|
|
|
|
}
|
|
|
|
}
|
2016-05-12 17:52:59 +00:00
|
|
|
|
|
|
|
return nil
|
2015-09-27 12:51:44 +00:00
|
|
|
}
|
2015-10-18 22:42:04 +00:00
|
|
|
|
2016-05-12 17:52:59 +00:00
|
|
|
func renew(c *cli.Context) error {
|
2015-10-18 22:42:04 +00:00
|
|
|
conf, _, client := setup(c)
|
2015-12-24 08:57:09 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
if len(c.GlobalStringSlice("domains")) <= 0 {
|
|
|
|
logger().Fatal("Please specify at least one domain.")
|
|
|
|
}
|
2015-12-24 08:57:09 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
domain := c.GlobalStringSlice("domains")[0]
|
2015-10-18 22:42:04 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
// load the cert resource from files.
|
|
|
|
// We store the certificate, private key and metadata in different files
|
|
|
|
// as web servers would not be able to work with a combined file.
|
|
|
|
certPath := path.Join(conf.CertPath(), domain+".crt")
|
|
|
|
privPath := path.Join(conf.CertPath(), domain+".key")
|
|
|
|
metaPath := path.Join(conf.CertPath(), domain+".json")
|
2015-12-06 21:35:52 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
certBytes, err := ioutil.ReadFile(certPath)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
|
|
|
|
}
|
2015-12-06 21:35:52 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
if c.IsSet("days") {
|
|
|
|
expTime, err := acme.GetPEMCertExpiration(certBytes)
|
2015-10-18 22:42:04 +00:00
|
|
|
if err != nil {
|
2015-12-15 20:10:47 +00:00
|
|
|
logger().Printf("Could not get Certification expiration for domain %s", domain)
|
2015-10-18 22:42:04 +00:00
|
|
|
}
|
|
|
|
|
2015-12-24 08:57:09 +00:00
|
|
|
if int(expTime.Sub(time.Now()).Hours()/24.0) > c.Int("days") {
|
2016-05-12 17:52:59 +00:00
|
|
|
return nil
|
2015-10-18 22:42:04 +00:00
|
|
|
}
|
2015-12-15 20:10:47 +00:00
|
|
|
}
|
2015-10-18 22:42:04 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
metaBytes, err := ioutil.ReadFile(metaPath)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
|
|
|
|
}
|
2015-10-18 22:42:04 +00:00
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
var certRes acme.CertificateResource
|
|
|
|
err = json.Unmarshal(metaBytes, &certRes)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
|
|
|
|
}
|
2015-10-18 22:42:04 +00:00
|
|
|
|
2016-01-08 09:14:41 +00:00
|
|
|
if c.Bool("reuse-key") {
|
|
|
|
keyBytes, err := ioutil.ReadFile(privPath)
|
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
|
|
|
|
}
|
|
|
|
certRes.PrivateKey = keyBytes
|
|
|
|
}
|
|
|
|
|
2015-12-15 20:10:47 +00:00
|
|
|
certRes.Certificate = certBytes
|
|
|
|
|
2016-10-27 09:22:10 +00:00
|
|
|
newCert, err := client.RenewCertificate(certRes, !c.Bool("no-bundle"), c.Bool("must-staple"))
|
2015-12-15 20:10:47 +00:00
|
|
|
if err != nil {
|
|
|
|
logger().Fatalf("%s", err.Error())
|
2015-10-18 22:42:04 +00:00
|
|
|
}
|
2015-12-15 20:10:47 +00:00
|
|
|
|
|
|
|
saveCertRes(newCert, conf)
|
2016-05-12 17:52:59 +00:00
|
|
|
|
|
|
|
return nil
|
2015-10-18 22:42:04 +00:00
|
|
|
}
|