letsencrypts3provider

package module

v0.2.0 Latest Latest Go to latest Published: Sep 11, 2020 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/natureglobal/go-letsencrypt-s3provider

Links

Open Source Insights

README ¶

A Challenge Provider for Let's Encrypt which Uploads the Token and KeyAuth to Amazon S3

Why?

We're using a name server that cannot manipulate it's records over an open API, and we cannot use webroot on our production servers.

Description

This is a custom Let's Encrypt challenge provider based on the webroot provider but behaves differently when challenged.

When requested to meet the challenge, this script creates a file in a S3 bucket (which is provided as AWS_LETSENCRYPT_S3PROVIDER_BUCKET environment variable) with token as the name and keyAuth as the content.
And removes the file on cleanup.
When Let's Encrypt fetches the token (ex: example.com/.well-known/acme-challenge/xxxxxx), another web application handles the request (use the func Handler(w http.ResponseWriter, req *http.Request) in handler/), fetches the file from the same S3 bucket and responds to Let's Encrypt's request.

Usage

# creates privatekey.pem and cert.pem
AWS_SECRET_KEY={SECRET_KEY} \
AWS_ACCESS_KEY_ID={ACCESS_KEY} \
AWS_LETSENCRYPT_S3PROVIDER_BUCKET={bucket name} \
go-letsencrypt-s3provider {email} {domain1,domain2,..} production privatekey.pem cert.pem

It is easy to use go-s3proxy to access the challenge files placed in s3.

import "github.com/natureglobal/go-s3proxy"

var handler http.Handler = s3proxy.Proxy(os.Getenv("AWS_LETSENCRYPT_S3PROVIDER_BUCKET")

func Handle(w http.ResponseWriter, req *http.Request) {
	log.Printf("Func path: %s", req.URL.Path)
	handler.ServeHTTP(w, req)
}

Documentation ¶

Index ¶

Constants
func Obtain(ob *ObtainRequest) (*certificate.Resource, error)
func Run(argv []string, stdout, stderr io.Writer) error
type ObtainRequest

Constants ¶

View Source

const (
	RootDST  = "DST Root CA X3"
	RootISRG = "ISRG Root X1"
)

Variables ¶

This section is empty.

Functions ¶

func Obtain ¶ added in v0.2.0

func Obtain(ob *ObtainRequest) (*certificate.Resource, error)

Obtain server key and certificates

func Run ¶ added in v0.2.0

func Run(argv []string, stdout, stderr io.Writer) error

Run the letsencrypts3provider cli

Types ¶

type ObtainRequest ¶ added in v0.2.0

type ObtainRequest struct {
	Domains            []string
	Directory          string
	Email              string
	Bucket             string
	Bundle, MustStaple bool
	PreferredChain     string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
go-letsencrypt-s3provider

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL