aboutsummaryrefslogtreecommitdiff
path: root/cmd/acme/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/acme/main.go')
-rw-r--r--cmd/acme/main.go206
1 files changed, 109 insertions, 97 deletions
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index e994189..577afbf 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -9,117 +9,129 @@ import (
)
var (
- confName = flag.String("conf", "", "configuration file")
- forceRenew = flag.Bool("force", false, "force renew")
+ confName = flag.String("conf", "", "configuration file")
+ forceRenew = flag.Bool("force", false, "force renew")
+ httpSol, tlsSol acme.Solver
)
-func main() {
- flag.Parse()
-
- conf, err := LoadConfig(*confName)
+func dialProvider(p provider) error {
+ log.Println("Dial", p.Directory)
+ prov, err := acme.DialProvider(p.Directory)
if err != nil {
- log.Fatal(err)
+ return err
+ }
+ for _, a := range p.Account {
+ if err := loadAccount(prov, a); err != nil {
+ return err
+ }
}
+ return nil
+}
- var httpSol, tlsSol acme.Solver
- if conf.Listen != "" {
- httpSol, err = acme.NewHTTPSolver(conf.Listen)
+func loadAccount(prov *acme.Provider, a account) error {
+ var mustRegister bool
+ key, err := a.Load()
+ if err != nil {
+ key, err = acme.NewKey(a.KeySize)
if err != nil {
- log.Println(err)
+ return err
}
+ if err := a.Save(key); err != nil {
+ return err
+ }
+ mustRegister = true
}
- if conf.ListenTLS != "" {
- tlsSol, err = acme.NewTLSSolver(conf.ListenTLS)
+
+ acc, err := acme.NewAccount(key)
+ if err != nil {
+ return err
+ }
+
+ if mustRegister {
+ con, err := acme.NewContacts(a.Mail, a.Phone)
if err != nil {
- log.Println(err)
+ return err
+ }
+
+ log.Println("Register", con)
+ if err := prov.Register(acc, con); err != nil {
+ return err
}
}
- for _, v := range conf.Provider {
- log.Println("Dial", v.Directory)
- prov, err := acme.DialProvider(v.Directory)
- if err != nil {
- log.Fatal(err)
+ for _, d := range a.Domain {
+ if err := requestCert(prov, acc, d); err != nil {
+ return err
}
+ }
+ return nil
+}
+
+func requestCert(prov *acme.Provider, acc *acme.Account, d domain) error {
+ c, err := d.Load()
+ if err != nil {
+ return err
+ }
+ if c.Leaf != nil && !d.renew(c.Leaf) && !*forceRenew {
+ log.Println("valid until", c.Leaf.NotAfter, "skip")
+ return nil
+ }
+
+ key, err := acme.NewKey(d.KeySize)
+ if err != nil {
+ return err
+ }
- for _, v := range v.Account {
- var mustRegister bool
-
- log.Println("Load", v.KeyFile)
- key, err := v.Load()
- if err != nil {
- key, err = acme.NewKey(v.KeySize)
- if err != nil {
- log.Fatal(err)
- }
- if err := v.Save(key); err != nil {
- log.Fatal(err)
- }
- mustRegister = true
- }
-
- acc, err := acme.NewAccount(key)
- if err != nil {
- log.Fatal(err)
- }
-
- if mustRegister {
- con, err := acme.NewContacts(v.Mail, v.Phone)
- if err != nil {
- log.Fatal(err)
- }
-
- log.Println("Register", con)
- err = prov.Register(acc, con)
- if err != nil {
- log.Fatal(err)
- }
- }
-
- for _, v := range v.Domain {
- c, err := v.Load()
- if err != nil {
- log.Println(err)
- }
- if c.Leaf != nil && !conf.renew(c.Leaf) && !*forceRenew {
- log.Println("valid until", c.Leaf.NotAfter, "sipping")
- continue
- }
-
- key, err := acme.NewKey(v.KeySize)
- if err != nil {
- log.Fatal(err)
- }
- des := acme.NewDesire(key, v.Altnames)
- if v.Webroot != "" {
- sol := acme.NewWebrootSolver(v.Webroot)
- des.RegisterSolver(sol)
- } else if httpSol != nil {
- des.RegisterSolver(httpSol)
- }
- if tlsSol != nil {
- des.RegisterSolver(tlsSol)
- }
- if !des.HasSolver() {
- log.Fatal("no solver")
- }
-
- log.Println("Authorize", v.Altnames)
- if err := prov.Authorize(acc, des); err != nil {
- log.Fatal(err)
- }
-
- log.Println("Request bundle for", v.Altnames)
- cert, err := prov.Bundle(acc, des)
- if err != nil {
- log.Fatal(err)
- }
-
- log.Println("Save", v.CrtFile, v.KeyFile)
- if err := v.Save(cert); err != nil {
- log.Fatal(err)
- }
- }
+ des := acme.NewDesire(key, d.Altnames)
+ if d.Webroot != "" {
+ des.RegisterSolver(acme.NewWebrootSolver(d.Webroot))
+ } else if httpSol != nil {
+ des.RegisterSolver(httpSol)
+ }
+
+ if tlsSol != nil {
+ des.RegisterSolver(tlsSol)
+ }
+
+ log.Println("Authorize", d.Altnames)
+ if err := prov.Authorize(acc, des); err != nil {
+ return err
+ }
+
+ log.Println("Request bundle")
+ cert, err := prov.Bundle(acc, des)
+ if err != nil {
+ return err
+ }
+
+ log.Println("Save", d.CrtFile, d.KeyFile)
+ if err := d.Save(cert); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func main() {
+ flag.Parse()
+
+ conf, err := LoadConfig(*confName)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ httpSol, err = acme.NewHTTPSolver(conf.Listen)
+ if err != nil {
+ log.Println("HTTP Solver", err)
+ }
+ tlsSol, err = acme.NewTLSSolver(conf.ListenTLS)
+ if err != nil {
+ log.Println("TLS Solver", err)
+ }
+
+ for _, p := range conf.Provider {
+ if err := dialProvider(p); err != nil {
+ log.Fatal(err)
}
}
}