From eb91865b7095fe79719f25265fe4f8992ee2aa95 Mon Sep 17 00:00:00 2001
From: sickjuicy <engeldingermichel@gmail.com>
Date: Sun, 1 Dec 2024 04:25:01 +0100
Subject: [PATCH] Added to read json for the renew cert and fixed bug where on
 creation of a new cert the old NameServer ware used

---
 src/mod/acme/acme.go      | 39 +++++++++++++++++++++++++++++----------
 src/mod/acme/autorenew.go |  4 ++--
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/src/mod/acme/acme.go b/src/mod/acme/acme.go
index a099050..dbdfd3b 100644
--- a/src/mod/acme/acme.go
+++ b/src/mod/acme/acme.go
@@ -30,13 +30,20 @@ import (
 	"imuslab.com/zoraxy/mod/utils"
 )
 
+var defaultNameservers = []string{
+	"8.8.8.8:53", // Google DNS
+	"8.8.4.4:53", // Google DNS
+	"1.1.1.1:53", // Cloudflare DNS
+	"1.0.0.1:53", // Cloudflare DNS
+}
+
 type CertificateInfoJSON struct {
-	AcmeName    string `json:"acme_name"`  //ACME provider name
-	AcmeUrl     string `json:"acme_url"`   //Custom ACME URL (if any)
-	SkipTLS     bool   `json:"skip_tls"`   //Skip TLS verification of upstream
-	UseDNS      bool   `json:"dns"`        //Use DNS challenge
-	PropTimeout int    `json:"prop_time"`  //Propagation timeout
-	DNSServers  string `json:"dnsServers"` // DNS servers
+	AcmeName    string   `json:"acme_name"`  //ACME provider name
+	AcmeUrl     string   `json:"acme_url"`   //Custom ACME URL (if any)
+	SkipTLS     bool     `json:"skip_tls"`   //Skip TLS verification of upstream
+	UseDNS      bool     `json:"dns"`        //Use DNS challenge
+	PropTimeout int      `json:"prop_time"`  //Propagation timeout
+	DNSServers  []string `json:"dnsServers"` // DNS servers
 }
 
 // ACMEUser represents a user in the ACME system.
@@ -166,15 +173,25 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 		return false, err
 	}
 
+	// Load certificate info from JSON file
+	certInfo, err := LoadCertInfoJSON(fmt.Sprintf("./conf/certs/%s.json", certificateName))
+	if err == nil {
+		useDNS = certInfo.UseDNS
+		if dnsServers == "" && len(certInfo.DNSServers) > 0 {
+			dnsServers = strings.Join(certInfo.DNSServers, ",")
+		}
+		propagationTimeout = certInfo.PropTimeout
+	}
+
 	// setup how to receive challenge
 	if useDNS {
 		if !a.Database.TableExists("acme") {
 			a.Database.NewTable("acme")
-			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -1)")
+			return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -1)")
 		}
 
 		if !a.Database.KeyExists("acme", certificateName+"_dns_provider") || !a.Database.KeyExists("acme", certificateName+"_dns_credentials") {
-			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -2)")
+			return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -2)")
 		}
 
 		var dnsCredentials string
@@ -205,7 +222,8 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 			a.Logf("Using DNS servers: "+strings.Join(dnsServersList, ", "), nil)
 			err = client.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers(dnsServersList))
 		} else {
-			err = client.Challenge.SetDNS01Provider(provider)
+			// Use default DNS-01 nameservers if dnsServers is empty
+			err = client.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers(defaultNameservers))
 		}
 		if err != nil {
 			a.Logf("Failed to resolve DNS01 Provider", err)
@@ -303,12 +321,13 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	}
 
 	// Save certificate's ACME info for renew usage
-	certInfo := &CertificateInfoJSON{
+	certInfo = &CertificateInfoJSON{
 		AcmeName:    caName,
 		AcmeUrl:     caUrl,
 		SkipTLS:     skipTLS,
 		UseDNS:      useDNS,
 		PropTimeout: propagationTimeout,
+		DNSServers:  strings.Split(dnsServers, ","),
 	}
 
 	certInfoBytes, err := json.Marshal(certInfo)
diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go
index 3a4d7e3..4d3e90c 100644
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@@ -393,8 +393,8 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
 
 		// Extract DNS servers from the certificate info if available
 		var dnsServers string
-		if certInfo.DNSServers != "" {
-			dnsServers = certInfo.DNSServers
+		if len(certInfo.DNSServers) > 0 {
+			dnsServers = strings.Join(certInfo.DNSServers, ",")
 		}
 
 		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS, certInfo.UseDNS, certInfo.PropTimeout, dnsServers)