aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--cmd/acme/main.go10
-rw-r--r--solve_tls.go17
3 files changed, 16 insertions, 13 deletions
diff --git a/README.md b/README.md
index 84c385e..e098756 100644
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ worker:
renew certifivicate
## test tunnel
-slogin -R \*:80:localhost:8080 -N root@docker.moccu.com
+slogin -R 0.0.0.0:80:localhost:8080 -R 0.0.0.0:443:localhost:8443 root@docker.moccu.com
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index be7c0da..a9d41af 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -87,19 +87,17 @@ func main() {
}
httpSol := acme.NewHTTPSolver(conf.Defaults.Listen)
- /*
- tlsSol := acme.NewTLSSolver(conf.Defaults.ListenTLS)
- tlsSol.Solve("a", "B")
- return
- */
+ tlsSol := acme.NewTLSSolver(conf.Defaults.ListenTLS)
for k, des := range conf.Desire {
if des.Webroot != "" {
wrSol := acme.NewWebrootSolver(des.Webroot)
des.RegisterSolver(acme.ChallengeHTTP, wrSol)
} else {
- des.RegisterSolver(acme.ChallengeHTTP, httpSol)
+ //des.RegisterSolver(acme.ChallengeHTTP, httpSol)
+ _ = httpSol
}
+ des.RegisterSolver(acme.ChallengeTLS, tlsSol)
log.Println("satisfice", k)
if err := satisfice(des); err != nil {
diff --git a/solve_tls.go b/solve_tls.go
index 6062948..6b8869e 100644
--- a/solve_tls.go
+++ b/solve_tls.go
@@ -25,7 +25,7 @@ func NewTLSSolver(addr string) Solver {
Addr: addr,
TLSConfig: &tls.Config{},
}
- go s.ListenAndServe()
+ go ListenAndServeSNI(&s.Server)
return s
}
@@ -77,15 +77,17 @@ func (s *tlsSolver) Solve(_, keyAuth string) error {
if err != nil {
return err
}
- log.Println(crt)
- return errNotImplemented
+ s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, crt)
+ s.TLSConfig.BuildNameToCertificate()
+ log.Printf(">>> %+v\n", s.TLSConfig.NameToCertificate)
+ return nil
}
func (s *tlsSolver) Solved() error {
return nil
}
-func ListenAndServeSNI(srv *http.Server, certs []tls.Certificate) error {
+func ListenAndServeSNI(srv *http.Server) error {
addr := srv.Addr
if addr == "" {
addr = ":https"
@@ -97,9 +99,12 @@ func ListenAndServeSNI(srv *http.Server, certs []tls.Certificate) error {
if config.NextProtos == nil {
config.NextProtos = []string{"http/1.1"}
}
- if config.Certificates == nil {
- config.Certificates = certs
+ // we need at least one cert
+ dummy, err := newCert(sniName(""))
+ if err != nil {
+ return err
}
+ config.Certificates = []tls.Certificate{dummy}
config.BuildNameToCertificate()
conn, err := net.Listen("tcp", addr)
if err != nil {