aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/acme/docker.toml6
-rw-r--r--cmd/acme/main.go10
-rw-r--r--desire.go7
-rw-r--r--provider.go54
4 files changed, 39 insertions, 38 deletions
diff --git a/cmd/acme/docker.toml b/cmd/acme/docker.toml
index 7a2abae..e0aef36 100644
--- a/cmd/acme/docker.toml
+++ b/cmd/acme/docker.toml
@@ -13,6 +13,10 @@ directory = "https://acme-staging.api.letsencrypt.org/directory"
mail = "webmaster@docker.moccu.com"
key = "private/webmaster.key"
+[account.webmaster2]
+mail = "webmaster@docker.moccu.com"
+key = "private/webmaster2.key"
+
[desire.docker]
provider = "les"
account = "webmaster"
@@ -24,7 +28,7 @@ cert = "certs/docker_moccu_com.pem"
[desire.www]
provider = "les"
-account = "webmaster"
+account = "webmaster2"
altnames = [ "www.docker.moccu.com" ]
key = "private/www_docker_moccu_com.key"
cert = "certs/www_docker_moccu_com.pem"
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 28041f4..0dc9fa2 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -25,13 +25,14 @@ func prepare(conf *Config) error {
log.Println("LoadAccount", k)
acc.Account, err = acme.LoadAccount(acc.Key)
if err != nil {
- log.Println(err)
log.Println("NewAccount", k)
acc.Account, err = acme.NewAccount(acc.KeySize)
if err != nil {
return err
}
- acc.Account.SaveKey(acc.Key)
+ if err := acc.Account.SaveKey(acc.Key); err != nil {
+ return err
+ }
acc.pending = true
}
acc.Contacts.AddMail(acc.Mail)
@@ -55,6 +56,7 @@ func satisfice(des *desire) error {
var err error
if des.account.pending {
+ log.Println("register pending account")
err = des.provider.Register(des.account, des.account.Contacts)
if err != nil {
return err
@@ -74,7 +76,9 @@ func satisfice(des *desire) error {
return err
}
- des.Save(des.Cert, des.Key)
+ if err := des.Save(des.Cert, des.Key); err != nil {
+ return err
+ }
return nil
}
diff --git a/desire.go b/desire.go
index 415a778..e9eeb6c 100644
--- a/desire.go
+++ b/desire.go
@@ -7,6 +7,7 @@ import (
"crypto/x509/pkix"
"encoding/base64"
"os"
+ "syscall"
)
type Desire struct {
@@ -35,7 +36,11 @@ func (d *Desire) RegisterSolver(c ChallengeType, s Solver) {
}
func backup(fname string) error {
- return os.Rename(fname, fname+".bak")
+ err := os.Rename(fname, fname+".bak")
+ if err != nil && err.(*os.LinkError).Err == syscall.ENOENT {
+ return nil
+ }
+ return err
}
func (d *Desire) Save(cert, key string) error {
diff --git a/provider.go b/provider.go
index 5268842..5eaeefc 100644
--- a/provider.go
+++ b/provider.go
@@ -138,37 +138,29 @@ func problem(r io.Reader) error {
return p
}
-func (p *Provider) newReg(uri string, s Signer, c Contacts) (nextStep, error) {
+func (p *Provider) Register(s Signer, c Contacts) error {
+ // first step: new-reg
r := &Registration{
Resource: ResNewReg,
Contact: c,
}
- resp, err := p.post(uri, s, r)
- if err != nil {
- return nextStep{}, err
+ resp, err := p.post(p.NewReg, s, r)
+ if err != nil && err.(Problem).Err != ErrMalformed {
+ return err
}
- return parseHeader(resp), parseJson(resp, r)
-}
+ ns := parseHeader(resp)
-func (p *Provider) agree(uri string, s Signer, tos string) (nextStep, error) {
- r := &Registration{
+ // second step: reg, agree to tos
+ r = &Registration{
Resource: ResReg,
- Agreement: tos,
+ Agreement: ns.Link["terms-of-service"],
}
- resp, err := p.post(uri, s, r)
+ resp, err = p.post(ns.Location, s, r)
if err != nil {
- return nextStep{}, err
- }
- return parseHeader(resp), parseJson(resp, r)
-}
-
-func (p *Provider) Register(s Signer, c Contacts) error {
- ns, err := p.newReg(p.NewReg, s, c)
- if err != nil && err.(Problem).Err != ErrMalformed {
return err
}
- _, err = p.agree(ns.Location, s, ns.Link["terms-of-service"])
- return err
+ resp.Body.Close()
+ return nil
}
func (p *Provider) solve(s Signer, ch Challenge) error {
@@ -244,33 +236,29 @@ func (p *Provider) queryStatus(uri string) (bool, error) {
return r.Status == StatusValid, nil
}
-func (p *Provider) newCert(uri string, s Signer, d *Desire) (nextStep, *x509.Certificate, error) {
+func (p *Provider) Cert(s Signer, d *Desire) error {
+ // first step: post csr
csr, err := d.newCSR()
if err != nil {
- return nextStep{}, nil, err
+ return err
}
r := &CSR{
Resource: ResNewCert,
CSR: csr,
}
- resp, err := p.post(uri, s, r)
+ resp, err := p.post(p.NewCert, s, r)
if err != nil {
- return nextStep{}, nil, err
+ return err
}
- ns := parseHeader(resp)
- cert, err := parseCert(resp)
- return ns, cert, err
-}
-
-func (p *Provider) Cert(s Signer, d *Desire) error {
- ns, crt, err := p.newCert(p.NewCert, s, d)
+ crt, err := parseCert(resp)
if err != nil {
return err
}
d.cert = append(d.cert, crt)
- // TODO Get cert on empty response
+ ns := parseHeader(resp)
- resp, err := p.get(ns.Link["up"])
+ // second step: cet CA
+ resp, err = p.get(ns.Link["up"])
if err != nil {
return err
}