本文整理汇总了Golang中github.com/xenolf/lego/acme.NewClient函数的典型用法代码示例。如果您正苦于以下问题:Golang NewClient函数的具体用法?Golang NewClient怎么用?Golang NewClient使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewClient函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: setup
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Cound not check/create path: %s", err.Error())
}
conf := NewConfiguration(c)
if len(c.GlobalString("email")) == 0 {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
//TODO: move to account struct? Currently MUST pass email.
acc := NewAccount(c.GlobalString("email"), conf)
client, err := acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits())
if err != nil {
logger().Fatalf("Could not create client: %s", err.Error())
}
if len(c.GlobalStringSlice("exclude")) > 0 {
client.ExcludeChallenges(conf.ExcludedSolvers())
}
if c.GlobalIsSet("http") {
client.SetHTTPAddress(c.GlobalString("http"))
}
if c.GlobalIsSet("tls") {
client.SetTLSAddress(c.GlobalString("tls"))
}
return conf, acc, client
}示例2: revoke
func revoke(c *cli.Context) {
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Cound not check/create path: %v", err)
}
conf := NewConfiguration(c)
if !c.GlobalIsSet("email") {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
acc := NewAccount(c.GlobalString("email"), conf)
client := acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort())
err = checkFolder(conf.CertPath())
if err != nil {
logger().Fatalf("Cound not check/create path: %v", err)
}
for _, domain := range c.GlobalStringSlice("domains") {
logger().Printf("Trying to revoke certificate for domain %s", domain)
certPath := path.Join(conf.CertPath(), domain+".crt")
certBytes, err := ioutil.ReadFile(certPath)
err = client.RevokeCertificate(certBytes)
if err != nil {
logger().Printf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
} else {
logger().Print("Certificate was revoked.")
}
}
}示例3: main
func main() {
readConf()
// Create a user. New accounts need an email and private key to start.
log.Printf("Generating private RSA key for user '%v'", conf.Email)
const rsaKeySize = 2048
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
if err != nil {
log.Fatal(err)
}
myUser := MyUser{
Email: conf.Email,
key: privateKey,
}
// A client facilitates communication with the CA server. Bind to PORT to
// facilitate challenge requests.
log.Printf("Calling ACME server: %v", conf.AcmeURI)
// It's a little unfortunate that the client initializer requires a port
// right now even though we won't be using one (we'll be using the DNS
// challenge). Hopefully this interface will change in the near future.
client, err := acme.NewClient(conf.AcmeURI, &myUser, rsaKeySize, "98234")
if err != nil {
log.Fatal(err)
}
// New users will need to register; be sure to save it
reg, err := client.Register()
if err != nil {
log.Fatal(err)
}
myUser.Registration = reg
// The client has a URL to the current Let's Encrypt Subscriber
// Agreement. The user will need to agree to it.
err = client.AgreeToTOS()
if err != nil {
log.Fatal(err)
}
// The acme library takes care of completing the challenges to obtain the certificate(s).
// Of course, the hostnames must resolve to this machine or it will fail.
bundle := false
certificates, errs := client.ObtainCertificates([]string{conf.Domain}, bundle)
for _, err := range errs {
if err != nil {
log.Fatal(err)
}
}
// Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. This is where you should save them to files!
fmt.Printf("%#v\n", certificates)
}示例4: buildACMEClient
func (a *ACME) buildACMEClient(Account *Account) (*acme.Client, error) {
caServer := "https://acme-v01.api.letsencrypt.org/directory"
if len(a.CAServer) > 0 {
caServer = a.CAServer
}
client, err := acme.NewClient(caServer, Account, acme.RSA4096)
if err != nil {
return nil, err
}
return client, nil
}示例5: newClientPort
// newClientPort does the same thing as newClient, except it creates a
// new client with a custom port used for ACME transactions instead of
// the default port. This is important if the default port is already in
// use or is not exposed to the public, etc.
func newClientPort(leEmail, port string) (*acme.Client, error) {
// Look up or create the LE user account
leUser, err := getUser(leEmail)
if err != nil {
return nil, err
}
// The client facilitates our communication with the CA server.
client, err := acme.NewClient(CAUrl, &leUser, rsaKeySizeToUse)
if err != nil {
return nil, err
}
if port != "" {
client.SetHTTPAddress(":" + port)
client.SetTLSAddress(":" + port)
}
client.ExcludeChallenges([]acme.Challenge{acme.TLSSNI01, acme.DNS01}) // We can only guarantee http-01 at this time, but tls-01 should work if port is not custom!
// If not registered, the user must register an account with the CA
// and agree to terms
if leUser.Registration == nil {
reg, err := client.Register()
if err != nil {
return nil, errors.New("registration error: " + err.Error())
}
leUser.Registration = reg
if port == "" { // can't prompt a user who isn't there
if !Agreed && reg.TosURL == "" {
Agreed = promptUserAgreement(saURL, false) // TODO - latest URL
}
if !Agreed && reg.TosURL == "" {
return nil, errors.New("user must agree to terms")
}
}
err = client.AgreeToTOS()
if err != nil {
saveUser(leUser) // TODO: Might as well try, right? Error check?
return nil, errors.New("error agreeing to terms: " + err.Error())
}
// save user to the file system
err = saveUser(leUser)
if err != nil {
return nil, errors.New("could not save user: " + err.Error())
}
}
return client, nil
}示例6: setup
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Cound not check/create path: %v", err)
}
conf := NewConfiguration(c)
if !c.GlobalIsSet("email") {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
//TODO: move to account struct? Currently MUST pass email.
acc := NewAccount(c.GlobalString("email"), conf)
return conf, acc, acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort(), c.GlobalBool("devMode"))
}示例7: TestDNSProviderLive
// TestDNSProviderLive performs a live test to obtain a certificate
// using the Let's Encrypt staging server. It runs provided that both
// the environment variables GANDI_API_KEY and GANDI_TEST_DOMAIN are
// set. Otherwise the test is skipped.
//
// To complete this test, go test must be run with the -timeout=40m
// flag, since the default timeout of 10m is insufficient.
func TestDNSProviderLive(t *testing.T) {
apiKey := os.Getenv("GANDI_API_KEY")
domain := os.Getenv("GANDI_TEST_DOMAIN")
if apiKey == "" || domain == "" {
t.Skip("skipping live test")
}
// create a user.
const rsaKeySize = 2048
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
if err != nil {
t.Fatal(err)
}
myUser := user{
Email: "[email protected]",
key: privateKey,
}
// create a client using staging server
client, err := acme.NewClient(stagingServer, &myUser, acme.RSA2048)
if err != nil {
t.Fatal(err)
}
provider, err := NewDNSProviderCredentials(apiKey)
if err != nil {
t.Fatal(err)
}
err = client.SetChallengeProvider(acme.DNS01, provider)
if err != nil {
t.Fatal(err)
}
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
// register and agree tos
reg, err := client.Register()
if err != nil {
t.Fatal(err)
}
myUser.Registration = reg
err = client.AgreeToTOS()
if err != nil {
t.Fatal(err)
}
// complete the challenge
bundle := false
_, failures := client.ObtainCertificate([]string{domain}, bundle, nil)
if len(failures) > 0 {
t.Fatal(failures)
}
}示例8: newClientPort
// newClientPort does the same thing as newClient, except it creates a
// new client with a custom port used for ACME transactions instead of
// the default port. This is important if the default port is already in
// use or is not exposed to the public, etc.
func newClientPort(leEmail, port string) (*acme.Client, error) {
// Look up or create the LE user account
leUser, err := getUser(leEmail)
if err != nil {
return nil, err
}
// The client facilitates our communication with the CA server.
client, err := acme.NewClient(CAUrl, &leUser, rsaKeySizeToUse, port)
if err != nil {
return nil, err
}
// If not registered, the user must register an account with the CA
// and agree to terms
if leUser.Registration == nil {
reg, err := client.Register()
if err != nil {
return nil, errors.New("registration error: " + err.Error())
}
leUser.Registration = reg
if !Agreed && reg.TosURL == "" {
Agreed = promptUserAgreement(saURL, false) // TODO - latest URL
}
if !Agreed && reg.TosURL == "" {
return nil, errors.New("user must agree to terms")
}
err = client.AgreeToTOS()
if err != nil {
saveUser(leUser) // TODO: Might as well try, right? Error check?
return nil, errors.New("error agreeing to terms: " + err.Error())
}
// save user to the file system
err = saveUser(leUser)
if err != nil {
return nil, errors.New("could not save user: " + err.Error())
}
}
return client, nil
}示例9: verify
func (m *Manager) verify(host string) (cert *tls.Certificate, refreshTime time.Time, err error) {
c, err := acme.NewClient(letsEncryptURL, &m.state, acme.EC256)
if err != nil {
return
}
if err = c.SetChallengeProvider(acme.TLSSNI01, tlsProvider{m}); err != nil {
return
}
c.SetChallengeProvider(acme.TLSSNI01, tlsProvider{m})
c.ExcludeChallenges([]acme.Challenge{acme.HTTP01})
acmeCert, errmap := c.ObtainCertificate([]string{host}, true, nil)
if len(errmap) > 0 {
if debug {
log.Printf("ObtainCertificate %v => %v", host, errmap)
}
err = fmt.Errorf("%v", errmap)
return
}
entryCert := stateCert{
Cert: string(acmeCert.Certificate),
Key: string(acmeCert.PrivateKey),
}
cert, err = entryCert.toTLS()
if err != nil {
if debug {
log.Printf("ObtainCertificate %v toTLS failure: %v", host, err)
}
err = err
return
}
if refreshTime, err = certRefreshTime(cert); err != nil {
return
}
m.mu.Lock()
if m.state.Certs == nil {
m.state.Certs = make(map[string]stateCert)
}
m.state.Certs[host] = entryCert
m.mu.Unlock()
m.updated()
return cert, refreshTime, nil
}示例10: register
func (m *Manager) register(email string, prompt func(string) bool) error {
if m.registered() {
return fmt.Errorf("already registered")
}
m.state.Email = email
if m.state.key == nil {
key, err := newKey()
if err != nil {
return fmt.Errorf("generating key: %v", err)
}
Key, err := marshalKey(key)
if err != nil {
return fmt.Errorf("generating key: %v", err)
}
m.state.key = key
m.state.Key = string(Key)
}
c, err := acme.NewClient(letsEncryptURL, &m.state, acme.EC256)
if err != nil {
return fmt.Errorf("create client: %v", err)
}
reg, err := c.Register()
if err != nil {
return fmt.Errorf("register: %v", err)
}
m.state.Reg = reg
if reg.Body.Agreement == "" {
if prompt != nil && !prompt(reg.TosURL) {
return fmt.Errorf("did not agree to TOS")
}
if err := c.AgreeToTOS(); err != nil {
return fmt.Errorf("agreeing to TOS: %v", err)
}
}
m.updated()
return nil
}示例11: buildACMEClient
func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
log.Debugf("Building ACME client...")
caServer := "https://acme-v01.api.letsencrypt.org/directory"
if len(a.CAServer) > 0 {
caServer = a.CAServer
}
client, err := acme.NewClient(caServer, account, acme.RSA4096)
if err != nil {
return nil, err
}
if len(a.DNSProvider) > 0 {
log.Debugf("Using DNS Challenge provider: %s", a.DNSProvider)
err = dnsOverrideDelay(a.DelayDontCheckDNS)
if err != nil {
return nil, err
}
var provider acme.ChallengeProvider
provider, err = dns.NewDNSChallengeProviderByName(a.DNSProvider)
if err != nil {
return nil, err
}
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
err = client.SetChallengeProvider(acme.DNS01, provider)
} else {
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
err = client.SetChallengeProvider(acme.TLSSNI01, a.challengeProvider)
}
if err != nil {
return nil, err
}
return client, nil
}示例12: main
func main() {
if flag.NArg() != 1 {
flag.Usage()
os.Exit(2)
}
if email == "" {
fmt.Println("--email is required")
os.Exit(2)
}
now := time.Now().Unix()
domains := strings.Split(flag.Args()[0], ",")
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
if err != nil {
log.Fatal(err)
}
if r, _ := regexp.Compile("%v"); r.MatchString(email) {
email = fmt.Sprintf(email, now)
}
user := User{
Email: email,
key: privateKey,
}
usersPath := fmt.Sprintf("%v/users/%v", dataPath, user.GetEmail())
log.Println(usersPath)
fileWrite(usersPath, "privkey.pem", pemEncode(privateKey))
fileWrite(usersPath, "pubkey.pem", pemEncode(privateKey.Public()))
// log: user
log.Println(user)
// A client facilitates communication with the CA server.
client, err := acme.NewClient(strings.Join([]string{acmeUrl, "directory"}, "/"), &user, acme.RSA2048)
if err != nil {
log.Fatal(err)
}
// Force to use DNSimple
provider, err := dnsimple.NewDNSProviderCredentials(dnsimpleEmail, dnsimpleApiKey)
if err != nil {
log.Fatal(err)
}
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
client.SetChallengeProvider(acme.DNS01, provider)
if err != nil {
log.Fatal(err)
}
// New users will need to register; be sure to save it
reg, err := client.Register()
if err != nil {
log.Fatal(err)
}
user.Registration = reg
// log: registration
log.Println(reg)
// The client has a URL to the current Let's Encrypt Subscriber Agreement.
// The user will need to agree to it.
err = client.AgreeToTOS()
if err != nil {
log.Fatal(err)
}
// The acme library takes care of completing the challenges to obtain the certificate(s).
bundle := true
certificates, failures := client.ObtainCertificate(domains, bundle, nil, false)
if len(failures) > 0 {
log.Fatal(failures)
}
// log: certificate
log.Println(fmt.Printf("[INFO][%s] Certificate %s", certificates.CertURL, strings.Join(domains, ", ")))
// Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. This is where you should save them to files!
//fmt.Printf("%#v\n", certificates)
certsPath := fmt.Sprintf("%v/certs/%v", dataPath, now)
log.Println(certsPath)
fileWrite(certsPath, "privkey.pem", certificates.PrivateKey)
fileWrite(certsPath, "fullchain.pem", certificates.Certificate)
log.Println("completed!")
}示例13:
AllowPrompts bool // if false, we assume AlternatePort must be used
}
// NewACMEClient creates a new ACMEClient given an email and whether
// prompting the user is allowed. Clients should not be kept and
// re-used over long periods of time, but immediate re-use is more
// efficient than re-creating on every iteration.
var NewACMEClient = func(email string, allowPrompts bool) (*ACMEClient, error) {
// Look up or create the LE user account
leUser, err := getUser(email)
if err != nil {
return nil, err
}
// The client facilitates our communication with the CA server.
client, err := acme.NewClient(CAUrl, &leUser, KeyType)
if err != nil {
return nil, err
}
// If not registered, the user must register an account with the CA
// and agree to terms
if leUser.Registration == nil {
reg, err := client.Register()
if err != nil {
return nil, errors.New("registration error: " + err.Error())
}
leUser.Registration = reg
if allowPrompts { // can't prompt a user who isn't there
if !Agreed && reg.TosURL == "" {示例14: setup
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
if c.GlobalIsSet("http-timeout") {
acme.HTTPClient = http.Client{Timeout: time.Duration(c.GlobalInt("http-timeout")) * time.Second}
}
if c.GlobalIsSet("dns-timeout") {
acme.DNSTimeout = time.Duration(c.GlobalInt("dns-timeout")) * time.Second
}
if len(c.GlobalStringSlice("dns-resolvers")) > 0 {
resolvers := []string{}
for _, resolver := range c.GlobalStringSlice("dns-resolvers") {
if !strings.Contains(resolver, ":") {
resolver += ":53"
}
resolvers = append(resolvers, resolver)
}
acme.RecursiveNameservers = resolvers
}
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Could not check/create path: %s", err.Error())
}
conf := NewConfiguration(c)
if len(c.GlobalString("email")) == 0 {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
//TODO: move to account struct? Currently MUST pass email.
acc := NewAccount(c.GlobalString("email"), conf)
keyType, err := conf.KeyType()
if err != nil {
logger().Fatal(err.Error())
}
client, err := acme.NewClient(c.GlobalString("server"), acc, keyType)
if err != nil {
logger().Fatalf("Could not create client: %s", err.Error())
}
if len(c.GlobalStringSlice("exclude")) > 0 {
client.ExcludeChallenges(conf.ExcludedSolvers())
}
if c.GlobalIsSet("webroot") {
provider, err := webroot.NewHTTPProvider(c.GlobalString("webroot"))
if err != nil {
logger().Fatal(err)
}
client.SetChallengeProvider(acme.HTTP01, provider)
// --webroot=foo indicates that the user specifically want to do a HTTP challenge
// infer that the user also wants to exclude all other challenges
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
}
if c.GlobalIsSet("memcached-host") {
provider, err := memcached.NewMemcachedProvider(c.GlobalStringSlice("memcached-host"))
if err != nil {
logger().Fatal(err)
}
client.SetChallengeProvider(acme.HTTP01, provider)
// --memcached-host=foo:11211 indicates that the user specifically want to do a HTTP challenge
// infer that the user also wants to exclude all other challenges
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
}
if c.GlobalIsSet("http") {
if strings.Index(c.GlobalString("http"), ":") == -1 {
logger().Fatalf("The --http switch only accepts interface:port or :port for its argument.")
}
client.SetHTTPAddress(c.GlobalString("http"))
}
if c.GlobalIsSet("tls") {
if strings.Index(c.GlobalString("tls"), ":") == -1 {
logger().Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
}
client.SetTLSAddress(c.GlobalString("tls"))
}
if c.GlobalIsSet("dns") {
var err error
var provider acme.ChallengeProvider
switch c.GlobalString("dns") {
case "azure":
provider, err = azure.NewDNSProvider()
case "auroradns":
provider, err = auroradns.NewDNSProvider()
case "cloudflare":
provider, err = cloudflare.NewDNSProvider()
case "digitalocean":
provider, err = digitalocean.NewDNSProvider()
case "dnsimple":
provider, err = dnsimple.NewDNSProvider()
//.........这里部分代码省略.........
示例15: setup
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Could not check/create path: %s", err.Error())
}
conf := NewConfiguration(c)
if len(c.GlobalString("email")) == 0 {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
//TODO: move to account struct? Currently MUST pass email.
acc := NewAccount(c.GlobalString("email"), conf)
keyType, err := conf.KeyType()
if err != nil {
logger().Fatal(err.Error())
}
client, err := acme.NewClient(c.GlobalString("server"), acc, keyType)
if err != nil {
logger().Fatalf("Could not create client: %s", err.Error())
}
if len(c.GlobalStringSlice("exclude")) > 0 {
client.ExcludeChallenges(conf.ExcludedSolvers())
}
if c.GlobalIsSet("webroot") {
provider, err := webroot.NewHTTPProviderWebroot(c.GlobalString("webroot"))
if err != nil {
logger().Fatal(err)
}
client.SetChallengeProvider(acme.HTTP01, provider)
// --webroot=foo indicates that the user specifically want to do a HTTP challenge
// infer that the user also wants to exclude all other challenges
client.ExcludeChallenges([]acme.Challenge{acme.DNS01, acme.TLSSNI01})
}
if c.GlobalIsSet("http") {
if strings.Index(c.GlobalString("http"), ":") == -1 {
logger().Fatalf("The --http switch only accepts interface:port or :port for its argument.")
}
client.SetHTTPAddress(c.GlobalString("http"))
}
if c.GlobalIsSet("tls") {
if strings.Index(c.GlobalString("tls"), ":") == -1 {
logger().Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
}
client.SetTLSAddress(c.GlobalString("tls"))
}
if c.GlobalIsSet("dns") {
var err error
var provider acme.ChallengeProvider
switch c.GlobalString("dns") {
case "cloudflare":
provider, err = cloudflare.NewDNSProvider("", "")
case "digitalocean":
authToken := os.Getenv("DO_AUTH_TOKEN")
provider, err = digitalocean.NewDNSProvider(authToken)
case "dnsimple":
provider, err = dnsimple.NewDNSProvider("", "")
case "route53":
awsRegion := os.Getenv("AWS_REGION")
provider, err = route53.NewDNSProvider("", "", awsRegion)
case "rfc2136":
nameserver := os.Getenv("RFC2136_NAMESERVER")
tsigAlgorithm := os.Getenv("RFC2136_TSIG_ALGORITHM")
tsigKey := os.Getenv("RFC2136_TSIG_KEY")
tsigSecret := os.Getenv("RFC2136_TSIG_SECRET")
provider, err = rfc2136.NewDNSProvider(nameserver, tsigAlgorithm, tsigKey, tsigSecret)
case "manual":
provider, err = acme.NewDNSProviderManual()
}
if err != nil {
logger().Fatal(err)
}
client.SetChallengeProvider(acme.DNS01, provider)
// --dns=foo indicates that the user specifically want to do a DNS challenge
// infer that the user also wants to exclude all other challenges
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
}
return conf, acc, client
}