Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
1818b1ea
Commit
1818b1ea
authored
Oct 28, 2015
by
Matthew Holt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
letsencrypt: Better error handling, prompt user for SA
parent
b67543f8
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
39 additions
and
6 deletions
+39
-6
caddy/letsencrypt/letsencrypt.go
caddy/letsencrypt/letsencrypt.go
+14
-5
caddy/letsencrypt/renew.go
caddy/letsencrypt/renew.go
+2
-1
caddy/letsencrypt/user.go
caddy/letsencrypt/user.go
+23
-0
No files found.
caddy/letsencrypt/letsencrypt.go
View file @
1818b1ea
...
@@ -62,19 +62,19 @@ func Activate(configs []server.Config) ([]server.Config, error) {
...
@@ -62,19 +62,19 @@ func Activate(configs []server.Config) ([]server.Config, error) {
// make client to service this email address with CA server
// make client to service this email address with CA server
client
,
err
:=
newClient
(
leEmail
)
client
,
err
:=
newClient
(
leEmail
)
if
err
!=
nil
{
if
err
!=
nil
{
return
configs
,
err
return
configs
,
err
ors
.
New
(
"error creating client: "
+
err
.
Error
())
}
}
// client is ready, so let's get free, trusted SSL certificates! yeah!
// client is ready, so let's get free, trusted SSL certificates! yeah!
certificates
,
err
:=
obtainCertificates
(
client
,
serverConfigs
)
certificates
,
err
:=
obtainCertificates
(
client
,
serverConfigs
)
if
err
!=
nil
{
if
err
!=
nil
{
return
configs
,
err
return
configs
,
err
ors
.
New
(
"error obtaining cert: "
+
err
.
Error
())
}
}
// ... that's it. save the certs, keys, and metadata files to disk
// ... that's it. save the certs, keys, and metadata files to disk
err
=
saveCertsAndKeys
(
certificates
)
err
=
saveCertsAndKeys
(
certificates
)
if
err
!=
nil
{
if
err
!=
nil
{
return
configs
,
err
return
configs
,
err
ors
.
New
(
"error saving assets: "
+
err
.
Error
())
}
}
// it all comes down to this: turning TLS on for all the configs
// it all comes down to this: turning TLS on for all the configs
...
@@ -158,7 +158,10 @@ func newClient(leEmail string) (*acme.Client, error) {
...
@@ -158,7 +158,10 @@ func newClient(leEmail string) (*acme.Client, error) {
}
}
// The client facilitates our communication with the CA server.
// The client facilitates our communication with the CA server.
client
:=
acme
.
NewClient
(
CAUrl
,
&
leUser
,
rsaKeySizeToUse
,
exposePort
)
client
,
err
:=
acme
.
NewClient
(
CAUrl
,
&
leUser
,
rsaKeySizeToUse
,
exposePort
)
if
err
!=
nil
{
return
nil
,
err
}
// If not registered, the user must register an account with the CA
// If not registered, the user must register an account with the CA
// and agree to terms
// and agree to terms
...
@@ -169,7 +172,13 @@ func newClient(leEmail string) (*acme.Client, error) {
...
@@ -169,7 +172,13 @@ func newClient(leEmail string) (*acme.Client, error) {
}
}
leUser
.
Registration
=
reg
leUser
.
Registration
=
reg
// TODO: we can just do the agreement once: when registering, right?
if
!
Agreed
&&
reg
.
TosURL
==
""
{
Agreed
=
promptUserAgreement
(
"<TODO>"
,
false
)
// TODO
}
if
!
Agreed
&&
reg
.
TosURL
==
""
{
return
nil
,
errors
.
New
(
"user must agree to terms"
)
}
err
=
client
.
AgreeToTOS
()
err
=
client
.
AgreeToTOS
()
if
err
!=
nil
{
if
err
!=
nil
{
saveUser
(
leUser
)
// TODO: Might as well try, right? Error check?
saveUser
(
leUser
)
// TODO: Might as well try, right? Error check?
...
...
caddy/letsencrypt/renew.go
View file @
1818b1ea
...
@@ -34,7 +34,8 @@ func keepCertificatesRenewed(configs []server.Config) {
...
@@ -34,7 +34,8 @@ func keepCertificatesRenewed(configs []server.Config) {
// checkCertificateRenewal loops through all configured
// checkCertificateRenewal loops through all configured
// sites and looks for certificates to renew. Nothing is mutated
// sites and looks for certificates to renew. Nothing is mutated
// through this function. The changes happen directly on disk.
// through this function. The changes happen directly on disk.
// It returns the number of certificates renewed and
// It returns the number of certificates renewed and any errors
// that occurred.
func
processCertificateRenewal
(
configs
[]
server
.
Config
)
(
int
,
[]
error
)
{
func
processCertificateRenewal
(
configs
[]
server
.
Config
)
(
int
,
[]
error
)
{
log
.
Print
(
"[INFO] Processing certificate renewals..."
)
log
.
Print
(
"[INFO] Processing certificate renewals..."
)
var
errs
[]
error
var
errs
[]
error
...
...
caddy/letsencrypt/user.go
View file @
1818b1ea
...
@@ -156,6 +156,29 @@ func getEmail(cfg server.Config) string {
...
@@ -156,6 +156,29 @@ func getEmail(cfg server.Config) string {
return
strings
.
TrimSpace
(
leEmail
)
return
strings
.
TrimSpace
(
leEmail
)
}
}
// promptUserAgreement prompts the user to agree to the agreement
// at agreementURL via stdin. If the agreement has changed, then pass
// true as the second argument. If this is the user's first time
// agreeing, pass false. It returns whether the user agreed or not.
func
promptUserAgreement
(
agreementURL
string
,
changed
bool
)
bool
{
if
changed
{
fmt
.
Printf
(
"The Let's Encrypt Subscriber Agreement has changed:
\n
%s
\n
"
,
agreementURL
)
fmt
.
Print
(
"Do you agree to the new terms? (y/n): "
)
}
else
{
fmt
.
Printf
(
"To continue, you must agree to the Let's Encrypt Subscriber Agreement:
\n
%s
\n
"
,
agreementURL
)
fmt
.
Print
(
"Do you agree to the terms? (y/n): "
)
}
reader
:=
bufio
.
NewReader
(
stdin
)
// TODO/BUG: This doesn't work when Caddyfile is piped into caddy
answer
,
err
:=
reader
.
ReadString
(
'\n'
)
if
err
!=
nil
{
return
false
}
answer
=
strings
.
ToLower
(
strings
.
TrimSpace
(
answer
))
return
answer
==
"y"
||
answer
==
"yes"
}
// stdin is used to read the user's input if prompted;
// stdin is used to read the user's input if prompted;
// this is changed by tests during tests.
// this is changed by tests during tests.
var
stdin
=
io
.
ReadWriter
(
os
.
Stdin
)
var
stdin
=
io
.
ReadWriter
(
os
.
Stdin
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment