|
|
@@ -67,20 +67,23 @@ func NewACME(email string, acmeServer string, port string) *ACMEHandler {
|
|
|
func (a *ACMEHandler) ObtainCert(domains []string, certificateName string) (bool, error) {
|
|
|
log.Println("Obtaining certificate...")
|
|
|
|
|
|
+ // generate private key
|
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
if err != nil {
|
|
|
log.Println(err)
|
|
|
return false, err
|
|
|
}
|
|
|
|
|
|
- log.Println(a.acmeServer)
|
|
|
+ // create a admin user for our new generation
|
|
|
adminUser := ACMEUser{
|
|
|
Email: a.email,
|
|
|
key: privateKey,
|
|
|
}
|
|
|
|
|
|
+ // create config
|
|
|
config := lego.NewConfig(&adminUser)
|
|
|
|
|
|
+ // setup who is the issuer and the key type
|
|
|
config.CADirURL = a.acmeServer
|
|
|
config.Certificate.KeyType = certcrypto.RSA2048
|
|
|
|
|
|
@@ -90,6 +93,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string) (bool
|
|
|
return false, err
|
|
|
}
|
|
|
|
|
|
+ // setup how to receive challenge
|
|
|
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", a.port))
|
|
|
if err != nil {
|
|
|
log.Println(err)
|
|
|
@@ -104,6 +108,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string) (bool
|
|
|
}
|
|
|
adminUser.Registration = reg
|
|
|
|
|
|
+ // obtain the certificate
|
|
|
request := certificate.ObtainRequest{
|
|
|
Domains: domains,
|
|
|
Bundle: true,
|
|
|
@@ -115,7 +120,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string) (bool
|
|
|
}
|
|
|
|
|
|
// Each certificate comes back with the cert bytes, the bytes of the client's
|
|
|
- // private key, and a certificate URL. SAVE THESE TO DISK.
|
|
|
+ // private key, and a certificate URL.
|
|
|
err = ioutil.WriteFile("./certs/"+certificateName+".crt", certificates.Certificate, 0777)
|
|
|
if err != nil {
|
|
|
log.Println(err)
|
|
|
@@ -131,7 +136,11 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string) (bool
|
|
|
}
|
|
|
|
|
|
// CheckCertificate returns a list of domains that are in expired certificates.
|
|
|
+// It will return all domains that is in expired certificates
|
|
|
+// *** if there is a vaild certificate contains the domain and there is a expired certificate contains the same domain
|
|
|
+// it will said expired as well!
|
|
|
func (a *ACMEHandler) CheckCertificate() []string {
|
|
|
+ // read from dir
|
|
|
filenames, err := os.ReadDir("./certs/")
|
|
|
|
|
|
expiredCerts := []string{}
|
|
|
@@ -155,10 +164,9 @@ func (a *ACMEHandler) CheckCertificate() []string {
|
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
|
|
if err == nil {
|
|
|
elapsed := time.Since(cert.NotAfter)
|
|
|
- // approxMonths := -int(elapsed.Hours() / (24 * 30.44))
|
|
|
- // approxDays := -int(elapsed.Hours()/24) % 30
|
|
|
if elapsed > 0 {
|
|
|
- // log.Println("Certificate", certFilepath, " expired")
|
|
|
+ // if it is expired then add it in
|
|
|
+ // make sure it's uniqueless
|
|
|
for _, dnsName := range cert.DNSNames {
|
|
|
if !contains(expiredCerts, dnsName) {
|
|
|
expiredCerts = append(expiredCerts, dnsName)
|
|
|
@@ -167,8 +175,6 @@ func (a *ACMEHandler) CheckCertificate() []string {
|
|
|
if !contains(expiredCerts, cert.Subject.CommonName) {
|
|
|
expiredCerts = append(expiredCerts, cert.Subject.CommonName)
|
|
|
}
|
|
|
- } else {
|
|
|
- // log.Println("Certificate", certFilepath, " will still be valid for the next ", approxMonths, "m", approxDays, "d")
|
|
|
}
|
|
|
}
|
|
|
}
|
Alan Yeung