Merge pull request #144 from Teifun2/dns-challenge-for-letsencrypt

DNS challenge for letsencrypt
2025-08-11 23:55:24 +02:00 · 2024-05-06 10:50:18 +08:00
parent b4c771cdee 90c2199a1b
commit 0b601406de
10 changed files with 1793 additions and 46 deletions
--- a/src/mod/acme/acme.go
+++ b/src/mod/acme/acme.go
@@ -33,6 +33,7 @@ type CertificateInfoJSON struct {
 	AcmeName string `json:"acme_name"`
 	AcmeUrl  string `json:"acme_url"`
 	SkipTLS  bool   `json:"skip_tls"`
+	DNS      bool   `json:"dns"`
 }

 // ACMEUser represents a user in the ACME system.
@@ -79,7 +80,7 @@ func NewACME(acmeServer string, port string, database *database.Database) *ACMEH
 }

 // ObtainCert obtains a certificate for the specified domains.
-func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool) (bool, error) {
+func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool, dns bool) (bool, error) {
 	log.Println("[ACME] Obtaining certificate...")

 	// generate private key
@@ -145,10 +146,47 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	}

 	// setup how to receive challenge
-	err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", a.Port))
-	if err != nil {
-		log.Println(err)
-		return false, err
+	if dns {
+		if !a.Database.TableExists("acme") {
+			a.Database.NewTable("acme")
+			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -1)")
+		}
+
+		if !a.Database.KeyExists("acme", certificateName+"_dns_provider") || !a.Database.KeyExists("acme", certificateName+"_dns_credentials") {
+			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -2)")
+		}
+
+		var dnsCredentials string
+		err := a.Database.Read("acme", certificateName+"_dns_credentials", &dnsCredentials)
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
+
+		var dnsProvider string
+		err = a.Database.Read("acme", certificateName+"_dns_provider", &dnsProvider)
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
+
+		provider, err := GetDnsChallengeProviderByName(dnsProvider, dnsCredentials)
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
+
+		err = client.Challenge.SetDNS01Provider(provider)
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
+	} else {
+		err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", a.Port))
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
 	}

 	// New users will need to register
@@ -241,6 +279,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 		AcmeName: caName,
 		AcmeUrl:  caUrl,
 		SkipTLS:  skipTLS,
+		DNS:      dns,
 	}

 	certInfoBytes, err := json.Marshal(certInfo)
@@ -391,8 +430,18 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
 		skipTLS = true
 	}

+	var dns bool
+
+	if dnsString, err := utils.PostPara(r, "dns"); err != nil {
+		dns = false
+	} else if dnsString != "true" {
+		dns = false
+	} else {
+		dns = true
+	}
+
 	domains := strings.Split(domainPara, ",")
-	result, err := a.ObtainCert(domains, filename, email, ca, caUrl, skipTLS)
+	result, err := a.ObtainCert(domains, filename, email, ca, caUrl, skipTLS, dns)
 	if err != nil {
 		utils.SendErrorResponse(w, jsonEscape(err.Error()))
 		return
@@ -424,7 +473,7 @@ func IsPortInUse(port int) bool {
 }

 // Load cert information from json file
-func loadCertInfoJSON(filename string) (*CertificateInfoJSON, error) {
+func LoadCertInfoJSON(filename string) (*CertificateInfoJSON, error) {
 	certInfoBytes, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
--- a/src/mod/acme/acme_dns.go
+++ b/src/mod/acme/acme_dns.go
@@ -0,0 +1,53 @@
+package acme
+
+import (
+	"log"
+	"os"
+	"strings"
+
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/providers/dns"
+)
+
+func GetDnsChallengeProviderByName(dnsProvider string, dnsCredentials string) (challenge.Provider, error) {
+	credentials := extractDnsCredentials(dnsCredentials)
+	setCredentialsIntoEnvironmentVariables(credentials)
+
+	provider, err := dns.NewDNSChallengeProviderByName(dnsProvider)
+	return provider, err
+}
+
+func setCredentialsIntoEnvironmentVariables(credentials map[string]string) {
+	for key, value := range credentials {
+		err := os.Setenv(key, value)
+		if err != nil {
+			log.Println("[ERR] Failed to set environment variable %s: %v", key, err)
+		} else {
+			log.Println("[INFO] Environment variable %s set successfully", key)
+		}
+	}
+}
+
+func extractDnsCredentials(input string) map[string]string {
+	result := make(map[string]string)
+
+	// Split the input string by newline character
+	lines := strings.Split(input, "\n")
+
+	// Iterate over each line
+	for _, line := range lines {
+		// Split the line by "=" character
+		parts := strings.Split(line, "=")
+
+		// Check if the line is in the correct format
+		if len(parts) == 2 {
+			key := strings.TrimSpace(parts[0])
+			value := strings.TrimSpace(parts[1])
+
+			// Add the key-value pair to the map
+			result[key] = value
+		}
+	}
+
+	return result
+}
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@@ -344,7 +344,7 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro

 		// Load certificate info for ACME detail
 		certInfoFilename := fmt.Sprintf("%s/%s.json", filepath.Dir(expiredCert.Filepath), certName)
-		certInfo, err := loadCertInfoJSON(certInfoFilename)
+		certInfo, err := LoadCertInfoJSON(certInfoFilename)
 		if err != nil {
 			log.Printf("Renew %s certificate error, can't get the ACME detail for cert: %v, trying org section as ca", certName, err)

@@ -356,7 +356,7 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
 			}
 		}

-		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS)
+		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS, certInfo.DNS)
 		if err != nil {
 			log.Println("Renew " + fileName + "(" + strings.Join(expiredCert.Domains, ",") + ") failed: " + err.Error())
 		} else {
@@ -404,3 +404,34 @@ func (a *AutoRenewer) HanldeSetEAB(w http.ResponseWriter, r *http.Request) {
 	utils.SendOK(w)

 }
+
+// Handle update auto renew DNS configuration
+func (a *AutoRenewer) HanldeSetDNS(w http.ResponseWriter, r *http.Request) {
+	dnsProvider, err := utils.PostPara(r, "dnsProvider")
+	if err != nil {
+		utils.SendErrorResponse(w, "dnsProvider not set")
+		return
+	}
+
+	dnsCredentials, err := utils.PostPara(r, "dnsCredentials")
+	if err != nil {
+		utils.SendErrorResponse(w, "dnsCredentials not set")
+		return
+	}
+
+	filename, err := utils.PostPara(r, "filename")
+	if err != nil {
+		utils.SendErrorResponse(w, "filename not set")
+		return
+	}
+
+	if !a.AcmeHandler.Database.TableExists("acme") {
+		a.AcmeHandler.Database.NewTable("acme")
+	}
+
+	a.AcmeHandler.Database.Write("acme", filename+"_dns_provider", dnsProvider)
+	a.AcmeHandler.Database.Write("acme", filename+"_dns_credentials", dnsCredentials)
+
+	utils.SendOK(w)
+
+}