simplecert: Index | Files

package simplecert

import ""


Package Files

cert.go client.go config.go cr.go local.go reloader.go renew.go simplecert.go user.go utils.go


var Default = &Config{

    RenewBefore: 30 * 24,

    CheckInterval: 7 * 24 * time.Hour,
    SSLEmail:      "",
    DirectoryURL:  "",
    HTTPAddress:   ":80",
    TLSAddress:    ":443",
    CacheDirPerm:  0700,
    Domains:       []string{},
    CacheDir:      "",
    DNSProvider:   "",
    Local:         false,
    UpdateHosts:   true,

Default contains a default configuration

func CheckConfig Uses

func CheckConfig(c *Config) error

CheckConfig checks if config can be used to obtain a cert

func ListenAndServeTLS Uses

func ListenAndServeTLS(addr string, handler http.Handler, mail string, domains ...string) error

ListenAndServeTLS is a util to use simplecert in production

func ListenAndServeTLSCustom Uses

func ListenAndServeTLSCustom(addr string, handler http.Handler, cfg *Config, tlsconf *tls.Config, domains ...string) error

ListenAndServeTLSCustom allows to specify the simplecert and TLS configuration and does not redirect the traffic arriving at port 80

func ListenAndServeTLSLocal Uses

func ListenAndServeTLSLocal(addr string, handler http.Handler, domains ...string) error

ListenAndServeTLSLocal is a util to use simplecert for local development

func Redirect Uses

func Redirect(w http.ResponseWriter, req *http.Request)

Redirect a request to HTTPS and strips the www. subdomain

type CR Uses

type CR struct {
    Domain            string `json:"domain"`
    CertURL           string `json:"certUrl"`
    CertStableURL     string `json:"certStableUrl"`
    PrivateKey        []byte `json:"privateKey"`
    Certificate       []byte `json:"certificate"`
    IssuerCertificate []byte `json:"issuerCertificate"`
    CSR               []byte `json:"csr"`

CR represents an ACME Certificate Resource It can be persisted on the FileSystem with all fields which cannot be done with acme.CertificateResource

type CertReloader Uses

type CertReloader struct {
    // contains filtered or unexported fields

CertReloader manages a hot reload of a new cert

func Init Uses

func Init(cfg *Config) (*CertReloader, error)

Init obtains a new LetsEncrypt cert for the specified domains if there is none in cacheDir or loads an existing one. Certs will be auto renewed in the configured interval. 1. Check if we have a cached certificate, if yes kickoff renewal routine and return 2. No Cached Certificate found - make sure the supplied cacheDir exists 3. Create a new SSLUser and ACME Client 4. Obtain a new certificate 5. Save To Disk 6. Kickoff Renewal Routine

func NewCertReloader Uses

func NewCertReloader(certPath, keyPath string, logFile *os.File) (*CertReloader, error)

NewCertReloader returns a new CertReloader instance

func (*CertReloader) GetCertificateFunc Uses

func (reloader *CertReloader) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificateFunc is needed for hot reload

type Config Uses

type Config struct {

    // renew the certificate X hours before it expires
    // LetsEncrypt Certs are valid for 90 Days
    RenewBefore int

    // Interval for checking if cert is closer to expiration than RenewBefore
    CheckInterval time.Duration

    // SSLEmail for contact
    SSLEmail string

    // ACME Directory URL. Can be set to for testing
    DirectoryURL string

    // Endpoints for webroot challenge
    // CAUTION: challenge must be received on port 80 and 443
    // if you choose different ports here you must redirect the traffic
    HTTPAddress string
    TLSAddress  string

    // UNIX Permission for the CacheDir and all files inside
    CacheDirPerm os.FileMode

    // Domains for which to obtain the certificate
    Domains []string

    // Path of the CacheDir
    CacheDir string

    // DNSProvider name for DNS challenges (optional)
    // see:
    DNSProvider string

    // Local runmode
    Local bool

    // UpdateHosts adds the domains to /etc/hosts if running in local mode
    UpdateHosts bool

    // Handler funcs for graceful service shutdown and restoring
    WillRenewCertificate     func()
    DidRenewCertificate      func()
    FailedToRenewCertificate func(error)

Config allows configuration of simplecert

type SSLUser Uses

type SSLUser struct {
    Email        string
    Registration *registration.Resource
    Key          *rsa.PrivateKey

SSLUser implements the ACME User interface

func (SSLUser) GetEmail Uses

func (u SSLUser) GetEmail() string

GetEmail returns the users email

func (SSLUser) GetPrivateKey Uses

func (u SSLUser) GetPrivateKey() crypto.PrivateKey

GetPrivateKey returns the users private key

func (SSLUser) GetRegistration Uses

func (u SSLUser) GetRegistration() *registration.Resource

GetRegistration returns the users registration resource

Package simplecert imports 31 packages (graph). Updated 2019-04-18. Refresh now. Tools for package owners.