-
Notifications
You must be signed in to change notification settings - Fork 19
/
autocert.go
34 lines (30 loc) · 853 Bytes
/
autocert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package log4shell
import (
"crypto/tls"
"os"
"github.com/pkg/errors"
"golang.org/x/crypto/acme/autocert"
)
// autoSignCert use a ACME client to send a request to Let's Encrypt.
// Your Config.Hostname must be domain name, and this program running
// at the server that IP address will be resolved.
func autoSignCert(domain string) (*tls.Certificate, error) {
const certDir = "autocert"
err := os.MkdirAll(certDir, 0700)
if err != nil {
return nil, errors.WithStack(err)
}
mgr := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(domain),
Cache: autocert.DirCache(certDir),
}
clientHello := tls.ClientHelloInfo{
ServerName: domain,
}
tlsCert, err := mgr.GetCertificate(&clientHello)
if err != nil {
return nil, errors.Wrap(err, "failed to sign certificate")
}
return tlsCert, nil
}