got the certificate request working
This commit is contained in:
parent
d6bc349e73
commit
bd5bd0e7a1
@ -1,8 +1,10 @@
|
|||||||
package certs
|
package certs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"encoding/json"
|
||||||
"log"
|
"log"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/go-acme/lego/v4/certificate"
|
"github.com/go-acme/lego/v4/certificate"
|
||||||
"github.com/go-acme/lego/v4/challenge/dns01"
|
"github.com/go-acme/lego/v4/challenge/dns01"
|
||||||
@ -12,9 +14,16 @@ import (
|
|||||||
|
|
||||||
type certsClient struct {
|
type certsClient struct {
|
||||||
legoClient *lego.Client
|
legoClient *lego.Client
|
||||||
|
lastCertificate *certificate.Resource
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *certsClient) RequestCertificate() {
|
func (c *certsClient) RequestCertificate() {
|
||||||
|
log.Println("requesting a certificate")
|
||||||
|
if c.lastCertificate != nil {
|
||||||
|
c.RenewCertificate()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
certificates, err := c.legoClient.Certificate.Obtain(certificate.ObtainRequest{
|
certificates, err := c.legoClient.Certificate.Obtain(certificate.ObtainRequest{
|
||||||
Domains: []string{"*.local-ip.sh"},
|
Domains: []string{"*.local-ip.sh"},
|
||||||
Bundle: true,
|
Bundle: true,
|
||||||
@ -23,7 +32,33 @@ func (c *certsClient) RequestCertificate() {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Printf("%#v\n", certificates)
|
c.lastCertificate = certificates
|
||||||
|
|
||||||
|
persistFiles(certificates)
|
||||||
|
log.Printf("%#v\n", certificates)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *certsClient) RenewCertificate() {
|
||||||
|
log.Println("renewing currently existing certificate")
|
||||||
|
certificates, err := c.legoClient.Certificate.Renew(*c.lastCertificate, true, false, "")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
c.lastCertificate = certificates
|
||||||
|
|
||||||
|
persistFiles(certificates)
|
||||||
|
log.Printf("%#v\n", certificates)
|
||||||
|
}
|
||||||
|
|
||||||
|
func persistFiles(certificates *certificate.Resource) {
|
||||||
|
os.WriteFile("/certs/server.pem", certificates.Certificate, 0o644)
|
||||||
|
os.WriteFile("/certs/server.key", certificates.PrivateKey, 0o644)
|
||||||
|
jsonBytes, err := json.MarshalIndent(certificates, "", "\t")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
os.WriteFile("/certs/output.json", jsonBytes, 0o644)
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewCertsClient(xip *xip.Xip, user *Account) *certsClient {
|
func NewCertsClient(xip *xip.Xip, user *Account) *certsClient {
|
||||||
@ -35,9 +70,41 @@ func NewCertsClient(xip *xip.Xip, user *Account) *certsClient {
|
|||||||
}
|
}
|
||||||
|
|
||||||
provider := newProviderLocalIp(xip)
|
provider := newProviderLocalIp(xip)
|
||||||
legoClient.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers([]string{"1.1.1.1:53", "8.8.8.8:53"}))
|
legoClient.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers([]string{"1.1.1.1:53", "8.8.8.8:53"}), dns01.DisableCompletePropagationRequirement())
|
||||||
|
|
||||||
|
lastCertificate := getLastCertificate(legoClient)
|
||||||
|
|
||||||
return &certsClient{
|
return &certsClient{
|
||||||
legoClient,
|
legoClient,
|
||||||
|
lastCertificate,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getLastCertificate(legoClient *lego.Client) *certificate.Resource {
|
||||||
|
jsonBytes, err := os.ReadFile("/certs/output.json")
|
||||||
|
if err != nil {
|
||||||
|
if strings.Contains(err.Error(), "no such file or directory") {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
log.Println(err)
|
||||||
|
log.Println("falling back to getting a brand new cert")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
var lastCertificate = &certificate.Resource{}
|
||||||
|
err = json.Unmarshal(jsonBytes, lastCertificate)
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
log.Println("falling back to getting a brand new cert")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
lastCertificate, err = legoClient.Certificate.Get(lastCertificate.CertURL, true)
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
log.Println("falling back to getting a brand new cert")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return lastCertificate
|
||||||
|
}
|
||||||
|
@ -9,7 +9,7 @@ import (
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
email = "admin@local-ip.sh"
|
email = "admin@local-ip.sh"
|
||||||
caDirUrl = lego.LEDirectoryStaging
|
caDirUrl = lego.LEDirectoryProduction
|
||||||
)
|
)
|
||||||
|
|
||||||
var parsedCaDirUrl, _ = url.Parse(caDirUrl)
|
var parsedCaDirUrl, _ = url.Parse(caDirUrl)
|
||||||
|
4
fly.toml
4
fly.toml
@ -16,3 +16,7 @@ processes = []
|
|||||||
|
|
||||||
[[services.ports]]
|
[[services.ports]]
|
||||||
port = "53"
|
port = "53"
|
||||||
|
|
||||||
|
[mounts]
|
||||||
|
source="certs"
|
||||||
|
destination="/certs"
|
19
main.go
19
main.go
@ -2,8 +2,11 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"flag"
|
"flag"
|
||||||
|
"log"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"local-ip.sh/certs"
|
||||||
"local-ip.sh/xip"
|
"local-ip.sh/xip"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -18,16 +21,20 @@ func main() {
|
|||||||
|
|
||||||
n := xip.NewXip(zone, strings.Split(nameservers, ","), *port)
|
n := xip.NewXip(zone, strings.Split(nameservers, ","), *port)
|
||||||
|
|
||||||
// not functional yet
|
go func() {
|
||||||
/* go func() {
|
|
||||||
account := certs.LoadAccount()
|
account := certs.LoadAccount()
|
||||||
log.Println(account.Registration.Body.Contact)
|
log.Println(account.Registration.Body.Contact)
|
||||||
ddd := certs.NewCertsClient(n, account)
|
certsClient := certs.NewCertsClient(n, account)
|
||||||
|
|
||||||
time.Sleep(5 * time.Second)
|
time.Sleep(5 * time.Second)
|
||||||
fmt.Println("requesting certs")
|
certsClient.RequestCertificate()
|
||||||
ddd.RequestCertificate()
|
|
||||||
}() */
|
for {
|
||||||
|
// renew certificate every month
|
||||||
|
time.Sleep(30 * 24 * time.Hour)
|
||||||
|
certsClient.RenewCertificate()
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
n.StartServer()
|
n.StartServer()
|
||||||
}
|
}
|
||||||
|
16
xip/xip.go
16
xip/xip.go
@ -92,9 +92,7 @@ var (
|
|||||||
{Target: "local-ip.sh.n2kl11.flydns.net."},
|
{Target: "local-ip.sh.n2kl11.flydns.net."},
|
||||||
}, */
|
}, */
|
||||||
// if manual
|
// if manual
|
||||||
TXT: &dns.TXT{
|
TXT: &dns.TXT{},
|
||||||
Txt: []string{"FRMKrfS9tGP5Gap6ruCG7qRprBlMrsBnQPtMD-dmOGk"},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ -334,13 +332,13 @@ func (xip *Xip) soaRecord(question dns.Question) *dns.SOA {
|
|||||||
|
|
||||||
func (xip *Xip) handleQuery(message *dns.Msg) {
|
func (xip *Xip) handleQuery(message *dns.Msg) {
|
||||||
for _, question := range message.Question {
|
for _, question := range message.Question {
|
||||||
log.Printf("name: %s\n", question.Name)
|
// log.Printf("name: %s\n", question.Name)
|
||||||
log.Printf("class: %d\n", question.Qclass)
|
// log.Printf("class: %d\n", question.Qclass)
|
||||||
log.Printf("type: %d\n", question.Qtype)
|
// log.Printf("type: %d\n", question.Qtype)
|
||||||
|
|
||||||
if strings.HasPrefix(strings.ToLower(question.Name), "_acme-challenge.") {
|
/* if strings.HasPrefix(strings.ToLower(question.Name), "_acme-challenge.") {
|
||||||
message.Authoritative = false
|
message.Authoritative = false
|
||||||
}
|
} */
|
||||||
|
|
||||||
switch question.Qtype {
|
switch question.Qtype {
|
||||||
case dns.TypeA:
|
case dns.TypeA:
|
||||||
@ -399,7 +397,7 @@ func NewXip(zone string, nameservers []string, port int) (xip *Xip) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
xip.server = dns.Server{
|
xip.server = dns.Server{
|
||||||
Addr: "0.0.0.0:" + strconv.Itoa(port),
|
Addr: ":" + strconv.Itoa(port),
|
||||||
Net: "udp",
|
Net: "udp",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user