auto update script executed

mod/acme/acme.go

@@ -5,6 +5,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
@@ -30,6 +31,7 @@ import (
 type CertificateInfoJSON struct {
 	AcmeName string `json:"acme_name"`
 	AcmeUrl  string `json:"acme_url"`
+	SkipTLS  bool   `json:"skip_tls"`
 }
 
 // ACMEUser represents a user in the ACME system.
@@ -69,7 +71,7 @@ func NewACME(acmeServer string, port string) *ACMEHandler {
 }
 
 // ObtainCert obtains a certificate for the specified domains.
-func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string) (bool, error) {
+func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool) (bool, error) {
 	log.Println("[ACME] Obtaining certificate...")
 
 	// generate private key
@@ -88,6 +90,24 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	// create config
 	config := lego.NewConfig(&adminUser)
 
+	// skip TLS verify if need
+	// Ref: https://github.com/go-acme/lego/blob/6af2c756ac73a9cb401621afca722d0f4112b1b8/lego/client_config.go#L74
+	if skipTLS {
+		log.Println("[INFO] Ignore TLS/SSL Verification Error for ACME Server")
+		config.HTTPClient.Transport = &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			TLSHandshakeTimeout:   30 * time.Second,
+			ResponseHeaderTimeout: 30 * time.Second,
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		}
+	}
+
 	// setup the custom ACME url endpoint.
 	if caUrl != "" {
 		config.CADirURL = caUrl
@@ -159,6 +179,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	certInfo := &CertificateInfoJSON{
 		AcmeName: caName,
 		AcmeUrl:  caUrl,
+		SkipTLS:  skipTLS,
 	}
 
 	certInfoBytes, err := json.Marshal(certInfo)
@@ -287,15 +308,25 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
 	}
 
 	if ca == "custom" {
-		caUrl, err = utils.PostPara(r, "ca_url")
+		caUrl, err = utils.PostPara(r, "caURL")
 		if err != nil {
 			log.Println("Custom CA set but no URL provide, Using default")
 			ca, caUrl = "", ""
 		}
 	}
 
+	var skipTLS bool
+
+	if skipTLSString, err := utils.PostPara(r, "skipTLS"); err != nil {
+		skipTLS = false
+	} else if skipTLSString != "true" {
+		skipTLS = false
+	} else {
+		skipTLS = true
+	}
+
 	domains := strings.Split(domainPara, ",")
-	result, err := a.ObtainCert(domains, filename, email, ca, caUrl)
+	result, err := a.ObtainCert(domains, filename, email, ca, caUrl, skipTLS)
 	if err != nil {
 		utils.SendErrorResponse(w, jsonEscape(err.Error()))
 		return

mod/acme/autorenew.go

@@ -365,7 +365,7 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
 			certInfo = &CertificateInfoJSON{}
 		}
 
-		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl)
+		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS)
 		if err != nil {
 			log.Println("Renew " + fileName + "(" + strings.Join(expiredCert.Domains, ",") + ") failed: " + err.Error())
 		} else {

mod/dynamicproxy/typedef.go

@@ -100,7 +100,6 @@ type RootRoutingOptions struct {
 	//Root only configs
 	EnableRedirectForUnsetRules bool   //Force unset rules to redirect to custom domain
 	UnsetRuleRedirectTarget     string //Custom domain to redirect to for unset rules
-	DisableHTTPSOnProxyRoot     bool   //Bypass HTTPS for serving proxy root if UseTls is enabled in Router option
 }
 
 type VdirOptions struct {

reverseproxy.go

@@ -831,16 +831,9 @@ func HandleRootRouteOptionsUpdate(w http.ResponseWriter, r *http.Request) {
 
 	unsetRedirectTarget, _ := utils.PostPara(r, "unsetRedirectTarget")
 
-	disableRootHttps, err := utils.PostBool(r, "disableRootHttps")
-	if err != nil {
-		utils.SendErrorResponse(w, err.Error())
-		return
-	}
-
 	newRootOption := dynamicproxy.RootRoutingOptions{
 		EnableRedirectForUnsetRules: enableUnsetSubdomainRedirect,
 		UnsetRuleRedirectTarget:     unsetRedirectTarget,
-		DisableHTTPSOnProxyRoot:     disableRootHttps,
 	}
 
 	dynamicProxyRouter.RootRoutingOptions = &newRootOption

web/components/rproot.html

@@ -48,12 +48,6 @@
                     Leave empty for redirecting to upper level domain (e.g. notfound.example.com <i class="right arrow icon"></i> example.com)</small>
                 </div>
             </div>
-            <div class="field">
-                <div class="ui checkbox">
-                    <input type="checkbox" id="disableRootTLS">
-                    <label>Disable https on proxy root <br><small>Check this if you want your proxy root to bypass global TLS setting (Not Recommend)</small></label>
-                </div>
-            </div>
             <br>
             <button class="ui basic button" onclick="updateRootOptions()"><i class="blue save icon" ></i> Save Root Options</button>
         </div>
@@ -105,7 +99,6 @@
     function checkCustomRedirectForUnsetSubd(){
         $.get("/api/proxy/root/listOptions", function(data){
             $("#unsetRedirect")[0].checked = data.EnableRedirectForUnsetRules || false;
-            $("#disableRootTLS")[0].checked = data.DisableHTTPSOnProxyRoot || false;
             $("#unsetRedirectDomain").val(data.UnsetRuleRedirectTarget);
             updateRedirectionDomainSettingInputBox(data.EnableRedirectForUnsetRules);
 
@@ -181,7 +174,6 @@
             data: {
                 unsetRedirect: $("#unsetRedirect")[0].checked,
                 unsetRedirectTarget: $("#unsetRedirectDomain").val().trim(),
-                disableRootHttps: $("#disableRootTLS")[0].checked,
             },
             success: function(data) {
                if (data.error != undefined){

web/snippet/acme.html

@@ -114,9 +114,15 @@
         </div>
       </div>
     </div>
-    <div class="field" id="customca" style="display:none;">
+    <div class="field" id="caInput" style="display:none;">
       <label>ACME Server URL</label>
-      <input id="caurl" type="text" placeholder="https://example.com/acme/dictionary">
+      <input id="caURL" type="text" placeholder="https://example.com/acme/dictionary">
+    </div>
+    <div class="field" id="skipTLS" style="display:none;">
+      <div class="ui checkbox">
+        <input type="checkbox" id="skipTLSCheckbox">
+        <label>Ignore TLS/SSL Verification Error<br><small>E.g. self-signed, expired certificate (Not Recommended)</small></label>
+      </div>
     </div>
     <button id="obtainButton" class="ui basic button" type="submit"><i class="yellow refresh icon"></i> Renew Certificate</button>
   </div>
@@ -131,6 +137,7 @@
     let enableTrigerOnChangeEvent = true;
     $(".accordion").accordion();
     $(".dropdown").dropdown();
+    $(".checkbox").checkbox();
 
     function setAutoRenewIfCASupportMode(useAutoMode = true){
       if (useAutoMode){
@@ -302,9 +309,11 @@
 
     $("input[name=ca]").on('change', function() {
       if(this.value == "Custom ACME Server") {
-        $("#customca").show();
+        $("#caInput").show();
+        $("#skipTLS").show();
       } else {
-        $("#customca").hide();
+        $("#caInput").hide();
+        $("#skipTLS").hide();
       }
     })
 
@@ -331,12 +340,14 @@
       }
       
       var ca = $("#ca").dropdown("get value");
-      var ca_url = "";
+      var caURL = "";
       if (ca == "Custom ACME Server") {
         ca = "custom";
-        ca_url = $("#caurl").val();
+        caURL = $("#caURL").val();
       }
 
+      var skipTLSValue = $("#skipTLSCheckbox")[0].checked;
+
       $.ajax({
         url: "/api/acme/obtainCert",
         method: "GET",
@@ -345,7 +356,8 @@
           filename: filename,
           email: email,
           ca: ca,
-          ca_url: ca_url,
+          caURL: caURL,
+          skipTLS: skipTLSValue,
         },
         success: function(response) {
           $("#obtainButton").removeClass("loading").removeClass("disabled");