mirror of
https://github.com/go-acme/lego.git
synced 2025-01-13 10:32:25 +02:00
regru: client certificate support (#2050)
Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
parent
d51b5e408b
commit
cab8e1f556
@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error {
|
|||||||
ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`)
|
ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`)
|
||||||
ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`)
|
ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`)
|
||||||
ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
|
ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
|
||||||
|
ew.writeln(` - "REGRU_TLS_CERT": authentication certificate`)
|
||||||
|
ew.writeln(` - "REGRU_TLS_KEY": authentication private key`)
|
||||||
ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`)
|
ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`)
|
||||||
|
|
||||||
ew.writeln()
|
ew.writeln()
|
||||||
|
@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
| `REGRU_HTTP_TIMEOUT` | API request timeout |
|
| `REGRU_HTTP_TIMEOUT` | API request timeout |
|
||||||
| `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
|
| `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
|
||||||
| `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
|
| `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
|
||||||
|
| `REGRU_TLS_CERT` | authentication certificate |
|
||||||
|
| `REGRU_TLS_KEY` | authentication private key |
|
||||||
| `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |
|
| `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |
|
||||||
|
|
||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
|
@ -3,6 +3,7 @@ package regru
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -19,6 +20,8 @@ const (
|
|||||||
|
|
||||||
EnvUsername = envNamespace + "USERNAME"
|
EnvUsername = envNamespace + "USERNAME"
|
||||||
EnvPassword = envNamespace + "PASSWORD"
|
EnvPassword = envNamespace + "PASSWORD"
|
||||||
|
EnvTLSCert = envNamespace + "TLS_CERT"
|
||||||
|
EnvTLSKey = envNamespace + "TLS_KEY"
|
||||||
|
|
||||||
EnvTTL = envNamespace + "TTL"
|
EnvTTL = envNamespace + "TTL"
|
||||||
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
|
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
|
||||||
@ -30,6 +33,8 @@ const (
|
|||||||
type Config struct {
|
type Config struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
|
TLSCert string
|
||||||
|
TLSKey string
|
||||||
|
|
||||||
PropagationTimeout time.Duration
|
PropagationTimeout time.Duration
|
||||||
PollingInterval time.Duration
|
PollingInterval time.Duration
|
||||||
@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) {
|
|||||||
config := NewDefaultConfig()
|
config := NewDefaultConfig()
|
||||||
config.Username = values[EnvUsername]
|
config.Username = values[EnvUsername]
|
||||||
config.Password = values[EnvPassword]
|
config.Password = values[EnvPassword]
|
||||||
|
config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "")
|
||||||
|
config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "")
|
||||||
|
|
||||||
return NewDNSProviderConfig(config)
|
return NewDNSProviderConfig(config)
|
||||||
}
|
}
|
||||||
@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
|||||||
client.HTTPClient = config.HTTPClient
|
client.HTTPClient = config.HTTPClient
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.TLSCert != "" || config.TLSKey != "" {
|
||||||
|
if config.TLSCert == "" {
|
||||||
|
return nil, errors.New("regru: TLS certificate is missing")
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.TLSKey == "" {
|
||||||
|
return nil, errors.New("regru: TLS key is missing")
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("regru: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
client.HTTPClient.Transport = &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{
|
||||||
|
Certificates: []tls.Certificate{tlsCert},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &DNSProvider{config: config, client: client}, nil
|
return &DNSProvider{config: config, client: client}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
|
|||||||
REGRU_USERNAME = "API username"
|
REGRU_USERNAME = "API username"
|
||||||
REGRU_PASSWORD = "API password"
|
REGRU_PASSWORD = "API password"
|
||||||
[Configuration.Additional]
|
[Configuration.Additional]
|
||||||
|
REGRU_TLS_CERT = "authentication certificate"
|
||||||
|
REGRU_TLS_KEY = "authentication private key"
|
||||||
REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
|
REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||||
REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
|
REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
|
||||||
REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"
|
REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"
|
||||||
|
Loading…
Reference in New Issue
Block a user