mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
letsencrypt: Better error handling, prompt user for SA
This commit is contained in:
parent
b67543f81c
commit
1818b1ea62
3 changed files with 39 additions and 6 deletions
|
@ -62,19 +62,19 @@ func Activate(configs []server.Config) ([]server.Config, error) {
|
|||
// make client to service this email address with CA server
|
||||
client, err := newClient(leEmail)
|
||||
if err != nil {
|
||||
return configs, err
|
||||
return configs, errors.New("error creating client: " + err.Error())
|
||||
}
|
||||
|
||||
// client is ready, so let's get free, trusted SSL certificates! yeah!
|
||||
certificates, err := obtainCertificates(client, serverConfigs)
|
||||
if err != nil {
|
||||
return configs, err
|
||||
return configs, errors.New("error obtaining cert: " + err.Error())
|
||||
}
|
||||
|
||||
// ... that's it. save the certs, keys, and metadata files to disk
|
||||
err = saveCertsAndKeys(certificates)
|
||||
if err != nil {
|
||||
return configs, err
|
||||
return configs, errors.New("error saving assets: " + err.Error())
|
||||
}
|
||||
|
||||
// it all comes down to this: turning TLS on for all the configs
|
||||
|
@ -158,7 +158,10 @@ func newClient(leEmail string) (*acme.Client, error) {
|
|||
}
|
||||
|
||||
// The client facilitates our communication with the CA server.
|
||||
client := acme.NewClient(CAUrl, &leUser, rsaKeySizeToUse, exposePort)
|
||||
client, err := acme.NewClient(CAUrl, &leUser, rsaKeySizeToUse, exposePort)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// If not registered, the user must register an account with the CA
|
||||
// and agree to terms
|
||||
|
@ -169,7 +172,13 @@ func newClient(leEmail string) (*acme.Client, error) {
|
|||
}
|
||||
leUser.Registration = reg
|
||||
|
||||
// TODO: we can just do the agreement once: when registering, right?
|
||||
if !Agreed && reg.TosURL == "" {
|
||||
Agreed = promptUserAgreement("<TODO>", false) // TODO
|
||||
}
|
||||
if !Agreed && reg.TosURL == "" {
|
||||
return nil, errors.New("user must agree to terms")
|
||||
}
|
||||
|
||||
err = client.AgreeToTOS()
|
||||
if err != nil {
|
||||
saveUser(leUser) // TODO: Might as well try, right? Error check?
|
||||
|
|
|
@ -34,7 +34,8 @@ func keepCertificatesRenewed(configs []server.Config) {
|
|||
// checkCertificateRenewal loops through all configured
|
||||
// sites and looks for certificates to renew. Nothing is mutated
|
||||
// through this function. The changes happen directly on disk.
|
||||
// It returns the number of certificates renewed and
|
||||
// It returns the number of certificates renewed and any errors
|
||||
// that occurred.
|
||||
func processCertificateRenewal(configs []server.Config) (int, []error) {
|
||||
log.Print("[INFO] Processing certificate renewals...")
|
||||
var errs []error
|
||||
|
|
|
@ -156,6 +156,29 @@ func getEmail(cfg server.Config) string {
|
|||
return strings.TrimSpace(leEmail)
|
||||
}
|
||||
|
||||
// promptUserAgreement prompts the user to agree to the agreement
|
||||
// at agreementURL via stdin. If the agreement has changed, then pass
|
||||
// true as the second argument. If this is the user's first time
|
||||
// agreeing, pass false. It returns whether the user agreed or not.
|
||||
func promptUserAgreement(agreementURL string, changed bool) bool {
|
||||
if changed {
|
||||
fmt.Printf("The Let's Encrypt Subscriber Agreement has changed:\n%s\n", agreementURL)
|
||||
fmt.Print("Do you agree to the new terms? (y/n): ")
|
||||
} else {
|
||||
fmt.Printf("To continue, you must agree to the Let's Encrypt Subscriber Agreement:\n%s\n", agreementURL)
|
||||
fmt.Print("Do you agree to the terms? (y/n): ")
|
||||
}
|
||||
|
||||
reader := bufio.NewReader(stdin) // TODO/BUG: This doesn't work when Caddyfile is piped into caddy
|
||||
answer, err := reader.ReadString('\n')
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
answer = strings.ToLower(strings.TrimSpace(answer))
|
||||
|
||||
return answer == "y" || answer == "yes"
|
||||
}
|
||||
|
||||
// stdin is used to read the user's input if prompted;
|
||||
// this is changed by tests during tests.
|
||||
var stdin = io.ReadWriter(os.Stdin)
|
||||
|
|
Loading…
Reference in a new issue