sam/SafelineAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

changed file

Browse Source
This commit is contained in:
jonne
2026-02-22 21:47:44 +01:00
parent 8f450aa809
commit d42d0c7820
1 changed files with 65 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
pkg/services/ApplyCert.go
View File

@@ -24,9 +24,11 @@ type MyUser struct {
func (u *MyUser) GetEmail() string { func (u *MyUser) GetEmail() string {
return u.Email return u.Email
} }
func (u *MyUser) GetRegistration() *registration.Resource { func (u *MyUser) GetRegistration() *registration.Resource {
return u.Registration return u.Registration
} }
func (u *MyUser) GetPrivateKey() crypto.PrivateKey { func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
return u.key return u.key
} }
@@ -34,50 +36,99 @@ func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
func ApplyCert(domains []string, email, dir string, provider challenge.Provider) bool { func ApplyCert(domains []string, email, dir string, provider challenge.Provider) bool {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil { if err != nil {
logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
"Error requesting certificate for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true return true
} }
myUser := MyUser{ myUser := MyUser{
Email: email, Email: email,
key: privateKey, key: privateKey,
} }
config := lego.NewConfig(&myUser) config := lego.NewConfig(&myUser)
config.Certificate.KeyType = certcrypto.RSA2048 config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config) client, err := lego.NewClient(config)
if err != nil { if err != nil {
logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
return true "Error requesting certificate for %s%s%s: %s%s%s",
} logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
err = client.Challenge.SetDNS01Provider(provider) )
if err != nil {
logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
return true return true
} }
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) // =====================================================
// 🔒 FORCE DNS-01 ONLY — DISABLE ALL OTHER CHALLENGES
// =====================================================
client.Challenge.RemoveHTTP01Provider()
client.Challenge.RemoveTLSALPN01Provider()
err = client.Challenge.SetDNS01Provider(provider)
if err != nil { if err != nil {
logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
"Error requesting certificate for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true return true
} }
// =====================================================
reg, err := client.Registration.Register(
registration.RegisterOptions{TermsOfServiceAgreed: true},
)
if err != nil {
logger.Error.Printf(
"Error requesting certificate for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true
}
myUser.Registration = reg myUser.Registration = reg
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: domains, Domains: domains,
Bundle: true, Bundle: true,
} }
certificates, err := client.Certificate.Obtain(request) certificates, err := client.Certificate.Obtain(request)
if err != nil { if err != nil {
logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
"Error requesting certificate for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true return true
} }
err = os.WriteFile(filepath.Join(dir, domains[0]+".crt"), certificates.Certificate, os.ModePerm)
err = os.WriteFile(
filepath.Join(dir, domains[0]+".crt"),
certificates.Certificate,
os.ModePerm,
)
if err != nil { if err != nil {
logger.Error.Printf("Error saving certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
"Error saving certificate for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true return true
} }
err = os.WriteFile(filepath.Join(dir, domains[0]+".key"), certificates.PrivateKey, os.ModePerm)
err = os.WriteFile(
filepath.Join(dir, domains[0]+".key"),
certificates.PrivateKey,
os.ModePerm,
)
if err != nil { if err != nil {
logger.Error.Printf("Error saving certificate key for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset) logger.Error.Printf(
"Error saving certificate key for %s%s%s: %s%s%s",
logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
)
return true return true
} }
return false return false
} }