diff --git a/src/mod/acme/acme.go b/src/mod/acme/acme.go
index 12c178d..a099050 100644
--- a/src/mod/acme/acme.go
+++ b/src/mod/acme/acme.go
@@ -116,6 +116,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
config := lego.NewConfig(&adminUser)
// skip TLS verify if need
+ // Ref: https://github.com/go-acme/lego/blob/6af2c756ac73a9cb401621afca722d0f4112b1b8/lego/client_config.go#L74
if skipTLS {
a.Logf("Ignoring TLS/SSL Verification Error for ACME Server", nil)
config.HTTPClient.Transport = &http.Transport{
@@ -151,6 +152,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
config.CADirURL = caLinkOverwrite
a.Logf("Using "+caLinkOverwrite+" for CA Directory URL", nil)
} else {
+ // (caName == "" || caUrl == "") will use default acme
config.CADirURL = a.DefaultAcmeServer
a.Logf("Using Default ACME "+a.DefaultAcmeServer+" for CA Directory URL", nil)
}
@@ -168,11 +170,11 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
if useDNS {
if !a.Database.TableExists("acme") {
a.Database.NewTable("acme")
- return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -1)")
+ return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -1)")
}
if !a.Database.KeyExists("acme", certificateName+"_dns_provider") || !a.Database.KeyExists("acme", certificateName+"_dns_credentials") {
- return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -2)")
+ return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -2)")
}
var dnsCredentials string
@@ -218,9 +220,19 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
}
// New users will need to register
+ /*
+ reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+ if err != nil {
+ log.Println(err)
+ return false, err
+ }
+ */
var reg *registration.Resource
+ // New users will need to register
if client.GetExternalAccountRequired() {
a.Logf("External Account Required for this ACME Provider", nil)
+ // IF KID and HmacEncoded is overidden
+
if !a.Database.TableExists("acme") {
a.Database.NewTable("acme")
return false, errors.New("kid and HmacEncoded configuration required for ACME Provider (Error -1)")
@@ -256,6 +268,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
a.Logf("Register with external account binder failed", err)
return false, err
}
+ //return false, errors.New("External Account Required for this ACME Provider.")
} else {
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
@@ -296,7 +309,6 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
SkipTLS: skipTLS,
UseDNS: useDNS,
PropTimeout: propagationTimeout,
- DNSServers: dnsServers,
}
certInfoBytes, err := json.Marshal(certInfo)
@@ -478,6 +490,12 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
}
}
+ //Clean spaces in front or behind each domain
+ cleanedDomains := []string{}
+ for _, domain := range domains {
+ cleanedDomains = append(cleanedDomains, strings.TrimSpace(domain))
+ }
+
// Extract DNS servers from the request
var dnsServers []string
dnsServersPara, err := utils.PostPara(r, "dnsServers")
@@ -488,12 +506,6 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
}
}
- //Clean spaces in front or behind each domain
- cleanedDomains := []string{}
- for _, domain := range domains {
- cleanedDomains = append(cleanedDomains, strings.TrimSpace(domain))
- }
-
// Convert DNS servers slice to a single string
dnsServersString := strings.Join(dnsServers, ",")
diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go
index 29ee43c..3a4d7e3 100644
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@@ -26,6 +26,7 @@ type AutoRenewConfig struct {
Email string //Email for acme
RenewAll bool //Renew all or selective renew with the slice below
FilesToRenew []string //If RenewAll is false, renew these certificate files
+ DNSServers string // DNS servers
}
type AutoRenewer struct {
@@ -354,6 +355,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
return a.renewExpiredDomains(expiredCertList)
}
+// Close the auto renewer
func (a *AutoRenewer) Close() {
if a.TickerstopChan != nil {
a.TickerstopChan <- true
@@ -464,12 +466,18 @@ func (a *AutoRenewer) HandleSetDNS(w http.ResponseWriter, r *http.Request) {
return
}
+ dnsServers, err := utils.PostPara(r, "dnsServers")
+ if err != nil {
+ dnsServers = ""
+ }
+
if !a.AcmeHandler.Database.TableExists("acme") {
a.AcmeHandler.Database.NewTable("acme")
}
a.AcmeHandler.Database.Write("acme", filename+"_dns_provider", dnsProvider)
a.AcmeHandler.Database.Write("acme", filename+"_dns_credentials", dnsCredentials)
+ a.AcmeHandler.Database.Write("acme", filename+"_dns_servers", dnsServers)
utils.SendOK(w)
diff --git a/src/web/snippet/acme.html b/src/web/snippet/acme.html
index a070b3b..74865a1 100644
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@@ -25,6 +25,8 @@
+
+
@@ -50,7 +52,7 @@
If you don't want to share your private email address, you can also fill in an email address that point to a mailbox not exists on your domain.
-
+
@@ -135,13 +137,6 @@
-
-
-
-
- If you have more than one DNS server, enter them separated by commas (e.g. ns1.example.com,ns2.example.com)
-
-
@@ -166,6 +161,11 @@
-->
+
+
+
+ If you have more than one DNS server, enter them separated by commas (e.g. ns1.example.com,ns2.example.com)
+
@@ -444,11 +444,15 @@
let optionalFieldsHTML = "";
for (const [key, datatype] of Object.entries(data)) {
if (datatype == "int"){
- $("#dnsProviderAPIFields").append(`
+ let defaultValue = 10;
+ if (key == "HTTPTimeout"){
+ defaultValue = 300;
+ }
+ $("#dnsProviderAPIFields").append(`
${key}
-
+
`);
}else if (datatype == "bool"){
booleanFieldsHTML += (`
@@ -607,8 +611,12 @@
//Boolean option
let checked = $(this).find("input")[0].checked;
dnsCredentials[thisKey] = checked;
+ }else if ($(this).hasClass("typeint")){
+ //Int options
+ let value = $(this).find("input").val();
+ dnsCredentials[thisKey] = parseInt(value);
}else{
- //String or int options
+ //String options
let value = $(this).find("input").val().trim();
dnsCredentials[thisKey] = value;
}
@@ -732,7 +740,7 @@
var dns = $("#useDnsChallenge")[0].checked;
var skipTLSValue = $("#skipTLSCheckbox")[0].checked;
- var dnsServers = $("#dnsInput").val(); // New line: Read DNS servers from input field
+ var dnsServers = $("#dnsInput").val(); // Erfassen der DNS-Server
$.ajax({
url: "/api/acme/obtainCert",
@@ -745,7 +753,7 @@
caURL: caURL,
skipTLS: skipTLSValue,
dns: dns,
- dnsServers: dnsServers // New line: Include DNS servers in the request
+ dnsServers: dnsServers // DNS-Server in die Anfrage einfügen
},
success: function(response) {
$("#obtainButton").removeClass("loading").removeClass("disabled");