mirror of
https://github.com/1f349/orchid.git
synced 2024-12-22 08:04:10 +00:00
I have no idea why this doesn't work
This commit is contained in:
parent
572325f7bf
commit
cfb2fd6fcb
@ -69,11 +69,12 @@ type Service struct {
|
|||||||
certDir string
|
certDir string
|
||||||
keyDir string
|
keyDir string
|
||||||
insecure bool
|
insecure bool
|
||||||
|
client *lego.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewService creates a new certificate renewal service.
|
// NewService creates a new certificate renewal service.
|
||||||
func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leConfig LetsEncryptConfig, certDir, keyDir string) (*Service, error) {
|
func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leConfig LetsEncryptConfig, certDir, keyDir string) (*Service, error) {
|
||||||
r := &Service{
|
s := &Service{
|
||||||
db: db,
|
db: db,
|
||||||
httpAcme: httpAcme,
|
httpAcme: httpAcme,
|
||||||
certTicker: time.NewTicker(time.Minute * 10),
|
certTicker: time.NewTicker(time.Minute * 10),
|
||||||
@ -98,28 +99,35 @@ func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leC
|
|||||||
}
|
}
|
||||||
|
|
||||||
// load lets encrypt private key
|
// load lets encrypt private key
|
||||||
err = r.resolveLEPrivKey(leConfig.Account.PrivateKey)
|
err = s.resolveLEPrivKey(leConfig.Account.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to resolve LetsEncrypt account private key: %w", err)
|
return nil, fmt.Errorf("failed to resolve LetsEncrypt account private key: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// init domains table
|
// init domains table
|
||||||
_, err = r.db.Exec(createTableCertificates)
|
_, err = s.db.Exec(createTableCertificates)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to create certificates table: %w", err)
|
return nil, fmt.Errorf("failed to create certificates table: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// resolve CA information
|
// resolve CA information
|
||||||
r.resolveCADirectory(leConfig.Directory)
|
s.resolveCADirectory(leConfig.Directory)
|
||||||
err = r.resolveCACertificate(leConfig.Certificate)
|
err = s.resolveCACertificate(leConfig.Certificate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to resolve CA certificate: %w", err)
|
return nil, fmt.Errorf("failed to resolve CA certificate: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setup client for requesting a new certificate
|
||||||
|
client, err := s.setupLegoClient()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to generate a client: %w", err)
|
||||||
|
}
|
||||||
|
s.client = client
|
||||||
|
|
||||||
// start the background routine
|
// start the background routine
|
||||||
wg.Add(1)
|
wg.Add(1)
|
||||||
go r.renewalRoutine(wg)
|
go s.renewalRoutine(wg)
|
||||||
return r, nil
|
return s, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Shutdown the renewal service.
|
// Shutdown the renewal service.
|
||||||
@ -328,7 +336,7 @@ func (s *Service) fetchDomains(localData *localCertData) ([]string, error) {
|
|||||||
return domains, nil
|
return domains, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) setupLegoClient(localData *localCertData) (*lego.Client, error) {
|
func (s *Service) setupLegoClient() (*lego.Client, error) {
|
||||||
// create lego config and change the certificate authority directory URL and the
|
// create lego config and change the certificate authority directory URL and the
|
||||||
// http.Client transport if an alternative is provided
|
// http.Client transport if an alternative is provided
|
||||||
config := lego.NewConfig(s.leAccount)
|
config := lego.NewConfig(s.leAccount)
|
||||||
@ -346,25 +354,8 @@ func (s *Service) setupLegoClient(localData *localCertData) (*lego.Client, error
|
|||||||
// set http challenge provider
|
// set http challenge provider
|
||||||
_ = client.Challenge.SetHTTP01Provider(s.httpAcme)
|
_ = client.Challenge.SetHTTP01Provider(s.httpAcme)
|
||||||
|
|
||||||
// if testDnsOptions is defined then set up the test provider
|
|
||||||
if testDnsOptions != nil {
|
|
||||||
// set up the dns provider used during tests and disable propagation as no dns
|
|
||||||
// will validate these tests
|
|
||||||
dnsAddr := testDnsOptions.GetDnsAddrs()
|
|
||||||
log.Printf("Using testDnsOptions with DNS server: %v\n", dnsAddr)
|
|
||||||
_ = client.Challenge.SetDNS01Provider(testDnsOptions, dns01.AddRecursiveNameservers(dnsAddr), dns01.DisableCompletePropagationRequirement())
|
|
||||||
} else if localData.dns.name.Valid && localData.dns.token.Valid {
|
|
||||||
// if the dns name and token are "valid" meaning non-null in this case
|
|
||||||
// set up the specific dns provider requested
|
|
||||||
dnsProv, err := s.getDnsProvider(localData.dns.name.String, localData.dns.token.String)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to resolve dns provider: %w", err)
|
|
||||||
}
|
|
||||||
_ = client.Challenge.SetDNS01Provider(dnsProv)
|
|
||||||
}
|
|
||||||
|
|
||||||
// make sure the LetsEncrypt account is registered
|
// make sure the LetsEncrypt account is registered
|
||||||
register, err := client.Registration.UpdateRegistration(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
register, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to update account registration: %w", err)
|
return nil, fmt.Errorf("failed to update account registration: %w", err)
|
||||||
}
|
}
|
||||||
@ -476,14 +467,28 @@ func (s *Service) renewCertInternal(localData *localCertData) (*x509.Certificate
|
|||||||
return nil, nil, fmt.Errorf("failed to update cert: %w", err)
|
return nil, nil, fmt.Errorf("failed to update cert: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// setup client for requesting a new certificate
|
// remove old dns challenge
|
||||||
client, err := s.setupLegoClient(localData)
|
s.client.Challenge.Remove(challenge.DNS01)
|
||||||
|
|
||||||
|
// if testDnsOptions is defined then set up the test provider
|
||||||
|
if testDnsOptions != nil {
|
||||||
|
// set up the dns provider used during tests and disable propagation as no dns
|
||||||
|
// will validate these tests
|
||||||
|
dnsAddr := testDnsOptions.GetDnsAddrs()
|
||||||
|
log.Printf("Using testDnsOptions with DNS server: %v\n", dnsAddr)
|
||||||
|
_ = s.client.Challenge.SetDNS01Provider(testDnsOptions, dns01.AddRecursiveNameservers(dnsAddr), dns01.DisableCompletePropagationRequirement())
|
||||||
|
} else if localData.dns.name.Valid && localData.dns.token.Valid {
|
||||||
|
// if the dns name and token are "valid" meaning non-null in this case
|
||||||
|
// set up the specific dns provider requested
|
||||||
|
dnsProv, err := s.getDnsProvider(localData.dns.name.String, localData.dns.token.String)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("failed to generate a client: %w", err)
|
return nil, nil, fmt.Errorf("failed to resolve dns provider: %w", err)
|
||||||
|
}
|
||||||
|
_ = s.client.Challenge.SetDNS01Provider(dnsProv)
|
||||||
}
|
}
|
||||||
|
|
||||||
// obtain new certificate - this call will hang until a certificate is ready
|
// obtain new certificate - this call will hang until a certificate is ready
|
||||||
obtain, err := client.Certificate.Obtain(certificate.ObtainRequest{
|
obtain, err := s.client.Certificate.Obtain(certificate.ObtainRequest{
|
||||||
Domains: domains,
|
Domains: domains,
|
||||||
PrivateKey: privKey,
|
PrivateKey: privKey,
|
||||||
Bundle: true,
|
Bundle: true,
|
||||||
@ -509,7 +514,7 @@ func (s *Service) renewCertInternal(localData *localCertData) (*x509.Certificate
|
|||||||
}
|
}
|
||||||
|
|
||||||
// setRenewing sets the renewing and failed states in the database for a
|
// setRenewing sets the renewing and failed states in the database for a
|
||||||
// specified certifcate id.
|
// specified certificate id.
|
||||||
func (s *Service) setRenewing(id uint64, renewing, failed bool) {
|
func (s *Service) setRenewing(id uint64, renewing, failed bool) {
|
||||||
_, err := s.db.Exec("UPDATE certificates SET renewing = ?, renew_failed = ? WHERE id = ?", renewing, failed, id)
|
_, err := s.db.Exec("UPDATE certificates SET renewing = ?, renew_failed = ? WHERE id = ?", renewing, failed, id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user