1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-23 01:07:23 +02:00

Adapt README and CHANGELOG to latest changes

This commit is contained in:
xenolf 2015-12-27 20:34:30 +01:00
parent 3a3baf1597
commit 7c60c45e2c
2 changed files with 35 additions and 11 deletions

View File

@ -2,8 +2,22 @@
## [Unreleased]
### Added:
- CLI: The `--exclude` or `-x` switch. To exclude a challenge from being solved.
- CLI: The `--httpPort`. To set the listen port of HTTP based challenges.
- CLI: The `--tlsPort`. To set the listen port of TLS based challenges.
- lib: ExcludeChallenges function. Pass an array of challenge identifiers to exclude them from solving.
- lib: SetHTTPPort function. Pass a port to set the listen port for HTTP based challenges.
- lib: SetTLSPort function. Pass a port to set the listen port of TLS based challenges.
### Changed:
- lib: NewClient does no longer accept the optPort parameter
### Removed:
- CLI: The `--port` switch was removed.
### Fixed:
- CLI: Fix logic using the --days parameter
- CLI: Fix logic using the `--days` parameter for renew
## [0.1.1] - 2015-12-18

View File

@ -45,15 +45,19 @@ The CLI does not require root permissions but needs to bind to port 80 and 443 f
To run the CLI without sudo, you have two options:
- Use setcap 'cap_net_bind_service=+ep' /path/to/program
- Pass the `--port` option and specify a custom port to bind to. In this case you have to forward port 443 to this custom port.
- Pass the `--httpPort` or/and the `--tlsPort` option and specify a custom port to bind to. In this case you have to forward port 80/443 to these custom ports (see [Port Usage](#port-usage)).
#### Port Usage
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
If this is not possible in your environment, you can use the `--port` option to instruct
If this is not possible in your environment, you can use the `--httpPort` and `--tlsPort` options to instruct
lego to listen on that port for any incoming challenges.
If you are using this option, make sure you proxy all of the following traffic to that port:
If you are using this option, make sure you proxy all of the following traffic to these ports.
HTTP Port:
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge.
TLS Port:
- All TLS handshakes on port 443 for TLS-SNI-01.
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
@ -68,7 +72,7 @@ USAGE:
./lego [global options] command [command options] [arguments...]
VERSION:
0.1.0
0.2.0
COMMANDS:
run Register an account, then create and install a certificate
@ -81,8 +85,10 @@ GLOBAL OPTIONS:
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
--email, -m Email used for registration and recovery contact.
--rsa-key-size, -B "2048" Size of the RSA key.
--path "${CWD}" Directory to use for storing the data
--port Challenges will use this port to listen on. Please make sure to forward port 443 to this port on your machine. Otherwise use setcap on the binary
--path "${CWD}" Directory to use for storing the data
--exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
--httpPort Set the port to use for HTTP based challenges to listen on.
--tlsPort Set the port to use for TLS based challenges to listen on.
--help, -h show help
--version, -v print the version
@ -141,14 +147,18 @@ myUser := MyUser{
// A client facilitates communication with the CA server. This CA URL is
// configured for a local dev instance of Boulder running in Docker in a VM.
// We specify an optPort of 5001 because we aren't running as root and can't
// bind a listener to port 80 or 443 (used later when we attempt to pass challenges).
// Keep in mind that we still need to proxy challenge traffic to port 5001.
client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize, "5001")
client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize)
if err != nil {
log.Fatal(err)
}
// We specify an httpPort of 5002 and an tlsPort of 5001 because we aren't running as
// root and can't bind a listener to port 80 and 443
// (used later when we attempt to pass challenges).
// Keep in mind that we still need to proxy challenge traffic to port 5002 and 5001.
client.SetHTTPPort("5002")
client.SetTLSPort("5001")
// New users will need to register; be sure to save it
reg, err := client.Register()
if err != nil {