63014e493f
- Add MockDirectory constant to avoid hardcoded strings - Skip certificate validation when using mock directory - Skip ACME client creation for mock directory to avoid TLS errors - Properly handle NO_DNS_01 configuration to disable DNS-01 challenges - Fix certificate verification errors when ACME_API=https://acme.mock.directory
27 lines
1.0 KiB
Go
27 lines
1.0 KiB
Go
package acme
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"codeberg.org/codeberg/pages/config"
|
|
"codeberg.org/codeberg/pages/server/cache"
|
|
"codeberg.org/codeberg/pages/server/certificates"
|
|
)
|
|
|
|
var ErrAcmeMissConfig = errors.New("ACME client has wrong config")
|
|
|
|
func CreateAcmeClient(cfg config.ACMEConfig, enableHTTPServer bool, challengeCache cache.ICache) (*certificates.AcmeClient, error) {
|
|
// check config
|
|
if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && cfg.APIEndpoint != certificates.MockDirectory {
|
|
return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to %s", ErrAcmeMissConfig, certificates.MockDirectory)
|
|
}
|
|
if cfg.EAB_HMAC != "" && cfg.EAB_KID == "" {
|
|
return nil, fmt.Errorf("%w: ACME_EAB_HMAC also needs ACME_EAB_KID to be set", ErrAcmeMissConfig)
|
|
} else if cfg.EAB_HMAC == "" && cfg.EAB_KID != "" {
|
|
return nil, fmt.Errorf("%w: ACME_EAB_KID also needs ACME_EAB_HMAC to be set", ErrAcmeMissConfig)
|
|
}
|
|
|
|
return certificates.NewAcmeClient(cfg, enableHTTPServer, challengeCache)
|
|
}
|