go/lego
go/lego
1
0
Fork 0
mirror of https://github.com/go-acme/lego.git synced 2025-01-03 07:19:39 +02:00
Code Issues Releases Activity

feat: skip the TLS verification of the ACME server (#2335)

Browse Source
This commit is contained in:
Ludovic Fernandez 2024-11-10 19:42:01 +01:00 committed by GitHub
parent 4efd1e1711
commit 2b08b83adf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/flags.go
View File

@ -38,6 +38,7 @@ const (
flgDNSPropagationRNS = "dns.propagation-rns" flgDNSPropagationRNS = "dns.propagation-rns"
flgDNSResolvers = "dns.resolvers" flgDNSResolvers = "dns.resolvers"
flgHTTPTimeout = "http-timeout" flgHTTPTimeout = "http-timeout"
flgTLSSkipVerify = "tls-skip-verify"
flgDNSTimeout = "dns-timeout" flgDNSTimeout = "dns-timeout"
flgPEM = "pem" flgPEM = "pem"
flgPFX = "pfx" flgPFX = "pfx"
@ -175,6 +176,10 @@ func CreateFlags(defaultPath string) []cli.Flag {
Name: flgHTTPTimeout, Name: flgHTTPTimeout,
Usage: "Set the HTTP timeout value to a specific value in seconds.", Usage: "Set the HTTP timeout value to a specific value in seconds.",
}, },
&cli.BoolFlag{
Name: flgTLSSkipVerify,
Usage: "Skip the TLS verification of the ACME server.",
},
&cli.IntFlag{ &cli.IntFlag{
Name: flgDNSTimeout, Name: flgDNSTimeout,
Usage: "Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries.", Usage: "Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries.",

8
cmd/setup.go
View File

@ -1,9 +1,11 @@
package cmd package cmd
import ( import (
"crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"net/http"
"os" "os"
"strings" "strings"
"time" "time"
@ -48,6 +50,12 @@ func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyTy
config.HTTPClient.Timeout = time.Duration(ctx.Int(flgHTTPTimeout)) * time.Second config.HTTPClient.Timeout = time.Duration(ctx.Int(flgHTTPTimeout)) * time.Second
} }
if ctx.Bool(flgTLSSkipVerify) {
config.HTTPClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
}
client, err := lego.NewClient(config) client, err := lego.NewClient(config)
if err != nil { if err != nil {
log.Fatalf("Could not create client: %v", err) log.Fatalf("Could not create client: %v", err)

1
docs/data/zz_cli_help.toml
View File

@ -45,6 +45,7 @@ GLOBAL OPTIONS:
--dns.propagation-wait value By setting this flag, disables all the propagation checks of the TXT record and uses a wait duration instead. (default: 0s) --dns.propagation-wait value By setting this flag, disables all the propagation checks of the TXT record and uses a wait duration instead. (default: 0s)
--dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined. --dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
--http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0) --http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0)
--tls-skip-verify Skip the TLS verification of the ACME server. (default: false)
--dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10) --dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10)
--pem Generate an additional .pem (base64) file by concatenating the .key and .crt files together. (default: false) --pem Generate an additional .pem (base64) file by concatenating the .key and .crt files together. (default: false)
--pfx Generate an additional .pfx (PKCS#12) file by concatenating the .key and .crt and issuer .crt files together. (default: false) [$LEGO_PFX] --pfx Generate an additional .pfx (PKCS#12) file by concatenating the .key and .crt and issuer .crt files together. (default: false) [$LEGO_PFX]