got the certificate request working

This commit is contained in:
m5r 2023-02-26 14:06:15 +01:00
parent d6bc349e73
commit bd5bd0e7a1
No known key found for this signature in database
GPG Key ID: 5BC847276DD5DDEA
5 changed files with 96 additions and 20 deletions

View File

@ -1,8 +1,10 @@
package certs package certs
import ( import (
"fmt" "encoding/json"
"log" "log"
"os"
"strings"
"github.com/go-acme/lego/v4/certificate" "github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/challenge/dns01"
@ -12,9 +14,16 @@ import (
type certsClient struct { type certsClient struct {
legoClient *lego.Client legoClient *lego.Client
lastCertificate *certificate.Resource
} }
func (c *certsClient) RequestCertificate() { func (c *certsClient) RequestCertificate() {
log.Println("requesting a certificate")
if c.lastCertificate != nil {
c.RenewCertificate()
return
}
certificates, err := c.legoClient.Certificate.Obtain(certificate.ObtainRequest{ certificates, err := c.legoClient.Certificate.Obtain(certificate.ObtainRequest{
Domains: []string{"*.local-ip.sh"}, Domains: []string{"*.local-ip.sh"},
Bundle: true, Bundle: true,
@ -23,7 +32,33 @@ func (c *certsClient) RequestCertificate() {
log.Fatal(err) log.Fatal(err)
} }
fmt.Printf("%#v\n", certificates) c.lastCertificate = certificates
persistFiles(certificates)
log.Printf("%#v\n", certificates)
}
func (c *certsClient) RenewCertificate() {
log.Println("renewing currently existing certificate")
certificates, err := c.legoClient.Certificate.Renew(*c.lastCertificate, true, false, "")
if err != nil {
log.Fatal(err)
}
c.lastCertificate = certificates
persistFiles(certificates)
log.Printf("%#v\n", certificates)
}
func persistFiles(certificates *certificate.Resource) {
os.WriteFile("/certs/server.pem", certificates.Certificate, 0o644)
os.WriteFile("/certs/server.key", certificates.PrivateKey, 0o644)
jsonBytes, err := json.MarshalIndent(certificates, "", "\t")
if err != nil {
log.Fatal(err)
}
os.WriteFile("/certs/output.json", jsonBytes, 0o644)
} }
func NewCertsClient(xip *xip.Xip, user *Account) *certsClient { func NewCertsClient(xip *xip.Xip, user *Account) *certsClient {
@ -35,9 +70,41 @@ func NewCertsClient(xip *xip.Xip, user *Account) *certsClient {
} }
provider := newProviderLocalIp(xip) provider := newProviderLocalIp(xip)
legoClient.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers([]string{"1.1.1.1:53", "8.8.8.8:53"})) legoClient.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers([]string{"1.1.1.1:53", "8.8.8.8:53"}), dns01.DisableCompletePropagationRequirement())
lastCertificate := getLastCertificate(legoClient)
return &certsClient{ return &certsClient{
legoClient, legoClient,
lastCertificate,
} }
} }
func getLastCertificate(legoClient *lego.Client) *certificate.Resource {
jsonBytes, err := os.ReadFile("/certs/output.json")
if err != nil {
if strings.Contains(err.Error(), "no such file or directory") {
return nil
}
log.Println(err)
log.Println("falling back to getting a brand new cert")
return nil
}
var lastCertificate = &certificate.Resource{}
err = json.Unmarshal(jsonBytes, lastCertificate)
if err != nil {
log.Println(err)
log.Println("falling back to getting a brand new cert")
return nil
}
lastCertificate, err = legoClient.Certificate.Get(lastCertificate.CertURL, true)
if err != nil {
log.Println(err)
log.Println("falling back to getting a brand new cert")
return nil
}
return lastCertificate
}

View File

@ -9,7 +9,7 @@ import (
const ( const (
email = "admin@local-ip.sh" email = "admin@local-ip.sh"
caDirUrl = lego.LEDirectoryStaging caDirUrl = lego.LEDirectoryProduction
) )
var parsedCaDirUrl, _ = url.Parse(caDirUrl) var parsedCaDirUrl, _ = url.Parse(caDirUrl)

View File

@ -16,3 +16,7 @@ processes = []
[[services.ports]] [[services.ports]]
port = "53" port = "53"
[mounts]
source="certs"
destination="/certs"

19
main.go
View File

@ -2,8 +2,11 @@ package main
import ( import (
"flag" "flag"
"log"
"strings" "strings"
"time"
"local-ip.sh/certs"
"local-ip.sh/xip" "local-ip.sh/xip"
) )
@ -18,16 +21,20 @@ func main() {
n := xip.NewXip(zone, strings.Split(nameservers, ","), *port) n := xip.NewXip(zone, strings.Split(nameservers, ","), *port)
// not functional yet go func() {
/* go func() {
account := certs.LoadAccount() account := certs.LoadAccount()
log.Println(account.Registration.Body.Contact) log.Println(account.Registration.Body.Contact)
ddd := certs.NewCertsClient(n, account) certsClient := certs.NewCertsClient(n, account)
time.Sleep(5 * time.Second) time.Sleep(5 * time.Second)
fmt.Println("requesting certs") certsClient.RequestCertificate()
ddd.RequestCertificate()
}() */ for {
// renew certificate every month
time.Sleep(30 * 24 * time.Hour)
certsClient.RenewCertificate()
}
}()
n.StartServer() n.StartServer()
} }

View File

@ -92,9 +92,7 @@ var (
{Target: "local-ip.sh.n2kl11.flydns.net."}, {Target: "local-ip.sh.n2kl11.flydns.net."},
}, */ }, */
// if manual // if manual
TXT: &dns.TXT{ TXT: &dns.TXT{},
Txt: []string{"FRMKrfS9tGP5Gap6ruCG7qRprBlMrsBnQPtMD-dmOGk"},
},
}, },
} }
) )
@ -334,13 +332,13 @@ func (xip *Xip) soaRecord(question dns.Question) *dns.SOA {
func (xip *Xip) handleQuery(message *dns.Msg) { func (xip *Xip) handleQuery(message *dns.Msg) {
for _, question := range message.Question { for _, question := range message.Question {
log.Printf("name: %s\n", question.Name) // log.Printf("name: %s\n", question.Name)
log.Printf("class: %d\n", question.Qclass) // log.Printf("class: %d\n", question.Qclass)
log.Printf("type: %d\n", question.Qtype) // log.Printf("type: %d\n", question.Qtype)
if strings.HasPrefix(strings.ToLower(question.Name), "_acme-challenge.") { /* if strings.HasPrefix(strings.ToLower(question.Name), "_acme-challenge.") {
message.Authoritative = false message.Authoritative = false
} } */
switch question.Qtype { switch question.Qtype {
case dns.TypeA: case dns.TypeA:
@ -399,7 +397,7 @@ func NewXip(zone string, nameservers []string, port int) (xip *Xip) {
} }
xip.server = dns.Server{ xip.server = dns.Server{
Addr: "0.0.0.0:" + strconv.Itoa(port), Addr: ":" + strconv.Itoa(port),
Net: "udp", Net: "udp",
} }