make acme account config file changable & print infos about it on start

2023-02-11 01:09:07 +01:00 · 2023-02-11 01:09:07 +01:00 · c261aed9a9
parent 4320126822
commit c261aed9a9
4 changed files with 15 additions and 5 deletions
--- a/cmd/flags.go
+++ b/cmd/flags.go
@ -148,5 +148,11 @@ var (
 			Usage:   "Use DNS-Challenge for main domain\n\nRead more at: https://go-acme.github.io/lego/dns/",
 			EnvVars: []string{"DNS_PROVIDER"},
 		},
+		&cli.StringFlag{
+			Name:    "acme-account-config",
+			Usage:   "json file of acme account",
+			Value:   "acme-account.json",
+			EnvVars: []string{"ACME_ACCOUNT_CONFIG"},
+		},
 	}...)
 )
--- a/cmd/setup.go
+++ b/cmd/setup.go
@ -57,6 +57,7 @@ func createAcmeClient(ctx *cli.Context, enableHTTPServer bool, challengeCache ca
 	acmeAcceptTerms := ctx.Bool("acme-accept-terms")
 	dnsProvider := ctx.String("dns-provider")
 	acmeUseRateLimits := ctx.Bool("acme-use-rate-limits")
+	acmeAccountConf := ctx.String("acme-account-config")

 	// check config
 	if (!acmeAcceptTerms || dnsProvider == "") && acmeAPI != "https://acme.mock.directory" {
@ -64,6 +65,7 @@ func createAcmeClient(ctx *cli.Context, enableHTTPServer bool, challengeCache ca
 	}

 	return certificates.NewAcmeClient(
+		acmeAccountConf,
 		acmeAPI,
 		acmeMail,
 		acmeEabHmac,
--- a/server/certificates/acme_client.go
+++ b/server/certificates/acme_client.go
@ -27,8 +27,8 @@ type AcmeClient struct {
 	acmeClientCertificateLimitPerUser map[string]*equalizer.TokenBucket
 }

-func NewAcmeClient(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider string, acmeAcceptTerms, enableHTTPServer, acmeUseRateLimits bool, challengeCache cache.SetGetKey) (*AcmeClient, error) {
-	acmeConfig, err := SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeAcceptTerms)
+func NewAcmeClient(acmeAccountConf, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider string, acmeAcceptTerms, enableHTTPServer, acmeUseRateLimits bool, challengeCache cache.SetGetKey) (*AcmeClient, error) {
+	acmeConfig, err := setupAcmeConfig(acmeAccountConf, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeAcceptTerms)
 	if err != nil {
 		return nil, err
 	}
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@ -331,13 +331,12 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
 	return &tlsCertificate, nil
 }

-func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcceptTerms bool) (*lego.Config, error) {
-	// TODO: make it a config flag
-	const configFile = "acme-account.json"
+func setupAcmeConfig(configFile, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcceptTerms bool) (*lego.Config, error) {
 	var myAcmeAccount AcmeAccount
 	var myAcmeConfig *lego.Config

 	if account, err := os.ReadFile(configFile); err == nil {
+		log.Info().Msgf("found existing acme account config file '%s'", configFile)
 		if err := json.Unmarshal(account, &myAcmeAccount); err != nil {
 			return nil, err
 		}
@ -360,6 +359,8 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
 		return nil, err
 	}

+	log.Info().Msgf("no existing acme account config found, try to create a new one")
+
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return nil, err
@ -403,6 +404,7 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
 				log.Error().Err(err).Msg("json.Marshalfailed, waiting for manual restart to avoid rate limits")
 				select {}
 			}
+			log.Info().Msgf("new acme account created. write to config file '%s'", configFile)
 			err = os.WriteFile(configFile, acmeAccountJSON, 0o600)
 			if err != nil {
 				log.Error().Err(err).Msg("os.WriteFile failed, waiting for manual restart to avoid rate limits")