mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2025-07-30 14:39:15 +07:00
Code Issues Packages Projects Releases Wiki Activity

Make autocert use HTTP-01 challenge instead of TLS-SNI (#36)

Browse Source
This commit is contained in:
Joona Hoikkala
2018-02-01 10:53:34 +02:00
committed by GitHub
parent 5470ba7a41
commit 562d7cbad4
4 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -186,6 +186,8 @@ connection = "acme-dns.db"
[api] [api]
# domain name to listen requests for, mandatory if using tls = "letsencrypt" # domain name to listen requests for, mandatory if using tls = "letsencrypt"
api_domain = "" api_domain = ""
# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
autocert_port = "80"
# listen port, eg. 443 for default HTTPS # listen port, eg. 443 for default HTTPS
port = "8080" port = "8080"
# possible values: "letsencrypt", "cert", "none" # possible values: "letsencrypt", "cert", "none"
@ -214,6 +216,7 @@ header_name = "X-Forwarded-For"
``` ```
## Changelog ## Changelog
- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
- v0.2 Now powered by httprouter, support wildcard certificates, Docker images - v0.2 Now powered by httprouter, support wildcard certificates, Docker images
- v0.1 Initial release - v0.1 Initial release

2
config.cfg
View File

@ -36,6 +36,8 @@ connection = "/var/lib/acme-dns/acme-dns.db"
api_domain = "" api_domain = ""
# listen ip eg. 127.0.0.1 # listen ip eg. 127.0.0.1
ip = "0.0.0.0" ip = "0.0.0.0"
# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
autocert_port = "80"
# listen port, eg. 443 for default HTTPS # listen port, eg. 443 for default HTTPS
port = "80" port = "80"
# possible values: "letsencrypt", "cert", "none" # possible values: "letsencrypt", "cert", "none"

5
main.go
View File

@ -83,6 +83,9 @@ func startHTTPAPI() {
Prompt: autocert.AcceptTOS, Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(Config.API.Domain), HostPolicy: autocert.HostWhitelist(Config.API.Domain),
} }
autocerthost := Config.API.IP + ":" + Config.API.AutocertPort
log.WithFields(log.Fields{"autocerthost": autocerthost, "domain": Config.API.Domain}).Debug("Opening HTTP port for autocert")
go http.ListenAndServe(autocerthost, m.HTTPHandler(nil))
cfg.GetCertificate = m.GetCertificate cfg.GetCertificate = m.GetCertificate
srv := &http.Server{ srv := &http.Server{
Addr: host, Addr: host,
@ -90,7 +93,7 @@ func startHTTPAPI() {
TLSConfig: cfg, TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0), ErrorLog: stdlog.New(logwriter, "", 0),
} }
log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS autocert") log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS, using certificate from autocert")
log.Fatal(srv.ListenAndServeTLS("", "")) log.Fatal(srv.ListenAndServeTLS("", ""))
case "cert": case "cert":
srv := &http.Server{ srv := &http.Server{

1
types.go
View File

@ -52,6 +52,7 @@ type dbsettings struct {
type httpapi struct { type httpapi struct {
Domain string `toml:"api_domain"` Domain string `toml:"api_domain"`
IP string IP string
AutocertPort string `toml:"autocert_port"`
Port string `toml:"port"` Port string `toml:"port"`
TLS string TLS string
TLSCertPrivkey string `toml:"tls_cert_privkey"` TLSCertPrivkey string `toml:"tls_cert_privkey"`