package main import ( "crypto/rsa" "crypto/x509" "flag" "io" "log" "os" "path" "dim13.org/acme" ) var confName = flag.String("conf", "acme.toml", "configuration file") func mkdirCreate(fname string, dmode, fmode os.FileMode) (io.WriteCloser, error) { if err := os.MkdirAll(path.Dir(fname), dmode); err != nil { return nil, err } flags := os.O_WRONLY | os.O_CREATE | os.O_TRUNC return os.OpenFile(fname, flags, fmode) } func chkKey(k PrivKey) (*rsa.PrivateKey, error) { key := k.KeyPath() if k.HasKey() { fd, err := os.Open(key) if err != nil { return nil, err } defer fd.Close() return acme.LoadKey(fd) } else { fd, err := mkdirCreate(key, 0700, 0600) if err != nil { return nil, err } defer fd.Close() return acme.NewKey(fd, k.KeySize()) } } func saveCert(k Cert, crt *x509.Certificate) error { cert := k.CertPath() fd, err := mkdirCreate(cert, 0755, 0644) if err != nil { return err } defer fd.Close() return acme.SaveCert(fd, crt) } func main() { flag.Parse() conf, err := LoadConfig(*confName) if err != nil { log.Fatal(err) } for k, acc := range conf.Account { acc.key, err = chkKey(acc) if err != nil { log.Fatal(err) } conf.Account[k] = acc } for k, des := range conf.Desire { des.key, err = chkKey(des) if err != nil { log.Fatal(err) } conf.Desire[k] = des } for k, des := range conf.Desire { a, _ := acme.NewAccount(des.account.key) c := acme.Contacts{} c.AddMail(des.account.Mail) c.AddPhone(des.account.Phone) log.Println(k, a) p, err := acme.NewProvider(des.provider.Directory) if err != nil { log.Fatal(err) } log.Println(k, p) err = p.Register(a, c) if err != nil { log.Fatal("register", err) } err = p.Authorize(a, des.Altnames[0]) if err != nil { log.Fatal("authz", err) } crt, err := p.Cert(a, des.Altnames, des.key) if err != nil { log.Fatal("cert", err) } log.Println(crt.NotBefore, crt.NotAfter) err = saveCert(des, crt) if err != nil { log.Fatal("save cert", err) } } }