acme

Documentation

Index

• Constants
• Variables
• func CreateCertificate(rootdomain string, domains []string, lock bool) ([]byte, []byte, error)
• func GenerateCert(certificate []byte, privateKey []byte) (*tls.Certificate, error)
• func GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
• func GetChallenge(domain, token string) ([]byte, error)
• func Init(param *InitParameters) error
• func RetrieveCertificate(domain string) (certificate, privateKey []byte, err error)
• func ServeHTTP(h http.Handler, redirectToHTTPS bool, option ...*http.Server) error
• func ServeHTTPS(addr string, h http.Handler, logfilepath string) error
• func ToggleCertificate(domains []string) error
• type ACMEUser
  • func (u *ACMEUser) GetEmail() string
  • func (u *ACMEUser) GetPrivateKey() crypto.PrivateKey
  • func (u ACMEUser) GetRegistration() *registration.Resource
  • func (u *ACMEUser) Save() error
• type HTTPChallenger
  • func (c *HTTPChallenger) CleanUp(domain, token, keyAuth string) error
  • func (c *HTTPChallenger) Present(domain, token, keyAuth string) error
• type InitParameters
• type LogLevel
  • func (l LogLevel) String() string
• type WhiteListedGetCertificate
  • func NewWhiteListedGetCertificate(whiteList []string) WhiteListedGetCertificate
  • func (wlgc WhiteListedGetCertificate) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

Examples

• GetCertificate

Constants

const (
	ACME_CHALLENGE_URL_PREFIX = "/.well-known/acme-challenge/"
)

Variables

var ErrCertificateExpired = errors.New("certificate expired")

var ErrCertificateNotFound = errors.New("certificate not found")

Functions

func CreateCertificate

func CreateCertificate(rootdomain string, domains []string, lock bool) ([]byte, []byte, error)

func GenerateCert

func GenerateCert(certificate []byte, privateKey []byte) (*tls.Certificate, error)

func GetCertificate

func GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate is for integration into a golang HTTPS server Your HTTPS server then searches for existing certificates automatically

Example

conn, err := net.Listen("tcp", ":443")
if err != nil {
	log.Fatal(err)
}
tlsConfig := new(tls.Config)
tlsConfig.GetCertificate = GetCertificate
tlsListener := tls.NewListener(conn, tlsConfig)

f, err := os.OpenFile("https.log", os.O_CREATE|os.O_RDWR, 0700)
if err != nil {
	log.Fatal(err)
}
defer f.Close()

serv := &http.Server{
	Addr:     ":443",
	Handler:  http.NewServeMux(),
	ErrorLog: log.New(f, "https: ", log.Llongfile|log.Ltime|log.Ldate),

	ReadHeaderTimeout: 30 * time.Second,
	ReadTimeout:       1 * time.Minute,
	WriteTimeout:      1 * time.Minute,
	IdleTimeout:       5 * time.Minute,
}

fmt.Println("Starting HTTPS Server")
serv.Serve(tlsListener)

Output:

Starting HTTPS Server

func GetChallenge

func GetChallenge(domain, token string) ([]byte, error)

func Init

func Init(param *InitParameters) error

Call Init before calling any other function

func RetrieveCertificate

func RetrieveCertificate(domain string) (certificate, privateKey []byte, err error)

func ServeHTTP

func ServeHTTP(h http.Handler, redirectToHTTPS bool, option ...*http.Server) error

ServeHTTP starts listening on port 80, if the requested url starts with /.well-known/acme-challenge/ it will handle the http certificate challenge without calling your handler h, otherwise it hands control over to handler h. If handler h is nil, the http server will only handle challenges and send an error for all other requests. You may provide an option http server to set its parameters. In this case, only its Handler and Addr fields will be replaced.

func ServeHTTPS

func ServeHTTPS(addr string, h http.Handler, logfilepath string) error

Serve is blocking Example of addr is :443 logfilepath is optional and can be empty

func ToggleCertificate

func ToggleCertificate(domains []string) error

Types

type ACMEUser

type ACMEUser struct {
	Email        string                 `json:"email"`
	Registration *registration.Resource `json:"registration"`
	Key          string                 `json:"key"`
	// contains filtered or unexported fields
}

func (*ACMEUser) GetEmail

func (u *ACMEUser) GetEmail() string

func (*ACMEUser) GetPrivateKey

func (u *ACMEUser) GetPrivateKey() crypto.PrivateKey

func (ACMEUser) GetRegistration

func (u ACMEUser) GetRegistration() *registration.Resource

func (*ACMEUser) Save

func (u *ACMEUser) Save() error

type HTTPChallenger

type HTTPChallenger struct {
}

func (*HTTPChallenger) CleanUp

func (c *HTTPChallenger) CleanUp(domain, token, keyAuth string) error

func (*HTTPChallenger) Present

func (c *HTTPChallenger) Present(domain, token, keyAuth string) error

type InitParameters

type InitParameters struct {
	// if zero, then we do not initialize any cache
	// otherwise the size in bytes of the in memory certificates cache.
	// If InMemoryCacheSize is less than 32MB, then the minimum cache capacity is 32MB.
	InMemoryCacheSize int

	CertificateContactEmail string

	Store storage.Store

	// you may use one of the providers from github.com/go-acme/lego/v4/providers/dns
	// for example route53.NewDNSProviderConfig
	DNSProvider   challenge.Provider
	DNSChallenges bool

	// Map of authorized root domain names and zero or more of their subdomains.
	AuthorizedDomains map[string][]string

	LogLevel LogLevel
}

type LogLevel

type LogLevel int

const (
	DEBUG LogLevel = iota
	INFO
	WARNING
	ERROR
	NONE
)

func (LogLevel) String

func (l LogLevel) String() string

type WhiteListedGetCertificate

type WhiteListedGetCertificate = *whiteListedGetCertificate

func NewWhiteListedGetCertificate

func NewWhiteListedGetCertificate(whiteList []string) WhiteListedGetCertificate

func (WhiteListedGetCertificate) GetCertificate

func (wlgc WhiteListedGetCertificate) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)