|
|
|
|
@@ -19,12 +19,12 @@ import (
|
|
|
|
|
traefiktls "github.com/containous/traefik/v2/pkg/tls"
|
|
|
|
|
"github.com/containous/traefik/v2/pkg/types"
|
|
|
|
|
"github.com/containous/traefik/v2/pkg/version"
|
|
|
|
|
"github.com/go-acme/lego/v3/certificate"
|
|
|
|
|
"github.com/go-acme/lego/v3/challenge"
|
|
|
|
|
"github.com/go-acme/lego/v3/challenge/dns01"
|
|
|
|
|
"github.com/go-acme/lego/v3/lego"
|
|
|
|
|
"github.com/go-acme/lego/v3/providers/dns"
|
|
|
|
|
"github.com/go-acme/lego/v3/registration"
|
|
|
|
|
"github.com/go-acme/lego/v4/certificate"
|
|
|
|
|
"github.com/go-acme/lego/v4/challenge"
|
|
|
|
|
"github.com/go-acme/lego/v4/challenge/dns01"
|
|
|
|
|
"github.com/go-acme/lego/v4/lego"
|
|
|
|
|
"github.com/go-acme/lego/v4/providers/dns"
|
|
|
|
|
"github.com/go-acme/lego/v4/registration"
|
|
|
|
|
ptypes "github.com/traefik/paerser/types"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
@@ -33,13 +33,14 @@ var oscpMustStaple = false
|
|
|
|
|
|
|
|
|
|
// Configuration holds ACME configuration provided by users.
|
|
|
|
|
type Configuration struct {
|
|
|
|
|
Email string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
|
|
|
|
|
CAServer string `description:"CA server to use." json:"caServer,omitempty" toml:"caServer,omitempty" yaml:"caServer,omitempty"`
|
|
|
|
|
Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty"`
|
|
|
|
|
KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty"`
|
|
|
|
|
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge." json:"dnsChallenge,omitempty" toml:"dnsChallenge,omitempty" yaml:"dnsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge." json:"httpChallenge,omitempty" toml:"httpChallenge,omitempty" yaml:"httpChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge." json:"tlsChallenge,omitempty" toml:"tlsChallenge,omitempty" yaml:"tlsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
Email string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
|
|
|
|
|
CAServer string `description:"CA server to use." json:"caServer,omitempty" toml:"caServer,omitempty" yaml:"caServer,omitempty"`
|
|
|
|
|
PreferredChain string `description:"Preferred chain to use." json:"preferredChain,omitempty" toml:"preferredChain,omitempty" yaml:"preferredChain,omitempty"`
|
|
|
|
|
Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty"`
|
|
|
|
|
KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty"`
|
|
|
|
|
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge." json:"dnsChallenge,omitempty" toml:"dnsChallenge,omitempty" yaml:"dnsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge." json:"httpChallenge,omitempty" toml:"httpChallenge,omitempty" yaml:"httpChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge." json:"tlsChallenge,omitempty" toml:"tlsChallenge,omitempty" yaml:"tlsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SetDefaults sets the default values.
|
|
|
|
|
@@ -263,14 +264,18 @@ func (p *Provider) getClient() (*lego.Client, error) {
|
|
|
|
|
|
|
|
|
|
err = client.Challenge.SetDNS01Provider(provider,
|
|
|
|
|
dns01.CondOption(len(p.DNSChallenge.Resolvers) > 0, dns01.AddRecursiveNameservers(p.DNSChallenge.Resolvers)),
|
|
|
|
|
dns01.CondOption(p.DNSChallenge.DisablePropagationCheck || p.DNSChallenge.DelayBeforeCheck > 0,
|
|
|
|
|
dns01.AddPreCheck(func(_, _ string) (bool, error) {
|
|
|
|
|
if p.DNSChallenge.DelayBeforeCheck > 0 {
|
|
|
|
|
log.Debugf("Delaying %d rather than validating DNS propagation now.", p.DNSChallenge.DelayBeforeCheck)
|
|
|
|
|
time.Sleep(time.Duration(p.DNSChallenge.DelayBeforeCheck))
|
|
|
|
|
}
|
|
|
|
|
dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
|
|
|
|
|
if p.DNSChallenge.DisablePropagationCheck {
|
|
|
|
|
return true, nil
|
|
|
|
|
})),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.DNSChallenge.DelayBeforeCheck > 0 {
|
|
|
|
|
logger.Debugf("Delaying %d rather than validating DNS propagation now.", p.DNSChallenge.DelayBeforeCheck)
|
|
|
|
|
time.Sleep(time.Duration(p.DNSChallenge.DelayBeforeCheck))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return check(fqdn, value)
|
|
|
|
|
}),
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
@@ -627,7 +632,7 @@ func (p *Provider) renewCertificates(ctx context.Context) {
|
|
|
|
|
Domain: cert.Domain.Main,
|
|
|
|
|
PrivateKey: cert.Key,
|
|
|
|
|
Certificate: cert.Certificate.Certificate,
|
|
|
|
|
}, true, oscpMustStaple)
|
|
|
|
|
}, true, oscpMustStaple, p.PreferredChain)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Errorf("Error renewing certificate from LE: %v, %v", cert.Domain, err)
|
|
|
|
|
continue
|
|
|
|
|
|
Fernandez Ludovic