Re: [go-nuts] Auto-renew letsencrypt cert with standard library code
Hi, FWIW, The Caddy web server is written in Go and handles this scenario. So > you might consider using it or at least looking at its source to understand > how to implement this feature. > We implemented an alternative in case you need more examples: https://github.com/Parquery/revproxyry Cheers, Marko > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAGu4bVArrYN6A2yGfeVMn1wizhf%2Be5f8Ug5LV%3DW3Qt%2B7VYoUZQ%40mail.gmail.com.
Re: [go-nuts] Auto-renew letsencrypt cert with standard library code
FWIW, The Caddy web server is written in Go and handles this scenario. So
you might consider using it or at least looking at its source to understand
how to implement this feature.
On Tue, Nov 5, 2019 at 9:20 AM Michael Ellis
wrote:
>
> I have the code at the bottom of this message in a web server I'm
> running in a Digital Ocean Droplet. The app is a simple ear training
> program for instrumentalists. The URL is https://etudes.ellisandgrant.com
> .
>
> It works with no problems until the letsencrypt certificate
> expires every 90 days. ListenAndServeTLS() returns an error, the program
> exits and restarts (because I'm running under `entr - r`) and then falls
> into the default case which is plain http service. I'd like to prevent
> that since modern browsers (for very good reasons) show scary warnings
> about plain http sites.
>
> I don't need absolute 100% uptime for the program. A few minutes
> unavailability while the cert is renewed would be perfectly acceptable. I
> just want to add a check at the restart to detect that the cert is expired
> and renew it automatically. How can I do that with packages from the Go
> standard library? ( I know Caddy is available but I'd prefer not to add a
> third-party dependency for what seems like a relatively simple task.)
>
>
> var serveSecure bool
> var certpath, certkeypath string
> if hostport == ":443" {
> certpath, certkeypath, err = getCertPaths()
> if err != nil {
> log.Printf("Can't find SSL certificates: %v", err)
> hostport = ":80"
> }
> serveSecure = true
> }
> log.Printf("serving on %s\n", hostport)
> switch serveSecure {
> case true:
> if err := http.ListenAndServeTLS(hostport, certpath, certkeypath, nil);
> err != nil {
> log.Fatalf("Could not listen on port %s : %v", hostport, err)
> }
> default:
> if err := http.ListenAndServe(hostport, nil); err != nil {
> log.Fatalf("Could not listen on port %s : %v", hostport, err)
> }
> }
>
>
> / getCertPaths attempts to retrieve a certficate and key for use with
> // ListenAndServeTLS. It returns an error if either item cannot be found
> but
> // does not otherwise attempt to validate them. That is left up to
> // ListenAndServeTLS.
> func getCertPaths() (certpath string, keypath string, err error) {
> certpath = os.Getenv("IETUDE_CERT_PATH")
> if certpath == "" {
> err = fmt.Errorf("no environment variable IETUDE_CERT_PATH")
> return
> }
> keypath = os.Getenv("IETUDE_CERTKEY_PATH")
> if keypath == "" {
> err = fmt.Errorf("no environment variable IETUDE_CERTKEY_PATH")
> return
> }
> return
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/dc40264f-5314-496b-9069-81acbf94701a%40googlegroups.com
>
> .
>
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CABx2%3DD9%2BG8pVF7om5DWdacu6V-VDMCrWR5e0WfJn8%2BCf-1CSCA%40mail.gmail.com.
[go-nuts] Auto-renew letsencrypt cert with standard library code
1. Check certificate expiry (stdlib) 2. Implement ACME client to request certificate 3. Respond to a challenge (the http one is easy) 4. Restart server with new certificate -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/fcc39ac7-dfc2-4fab-82bb-d83f37d115d1%40googlegroups.com.
[go-nuts] Auto-renew letsencrypt cert with standard library code
I have the code at the bottom of this message in a web server I'm
running in a Digital Ocean Droplet. The app is a simple ear training
program for instrumentalists. The URL is https://etudes.ellisandgrant.com.
It works with no problems until the letsencrypt certificate expires
every 90 days. ListenAndServeTLS() returns an error, the program exits and
restarts (because I'm running under `entr - r`) and then falls into the
default case which is plain http service. I'd like to prevent that since
modern browsers (for very good reasons) show scary warnings about plain
http sites.
I don't need absolute 100% uptime for the program. A few minutes
unavailability while the cert is renewed would be perfectly acceptable. I
just want to add a check at the restart to detect that the cert is expired
and renew it automatically. How can I do that with packages from the Go
standard library? ( I know Caddy is available but I'd prefer not to add a
third-party dependency for what seems like a relatively simple task.)
var serveSecure bool
var certpath, certkeypath string
if hostport == ":443" {
certpath, certkeypath, err = getCertPaths()
if err != nil {
log.Printf("Can't find SSL certificates: %v", err)
hostport = ":80"
}
serveSecure = true
}
log.Printf("serving on %s\n", hostport)
switch serveSecure {
case true:
if err := http.ListenAndServeTLS(hostport, certpath, certkeypath, nil); err
!= nil {
log.Fatalf("Could not listen on port %s : %v", hostport, err)
}
default:
if err := http.ListenAndServe(hostport, nil); err != nil {
log.Fatalf("Could not listen on port %s : %v", hostport, err)
}
}
/ getCertPaths attempts to retrieve a certficate and key for use with
// ListenAndServeTLS. It returns an error if either item cannot be found but
// does not otherwise attempt to validate them. That is left up to
// ListenAndServeTLS.
func getCertPaths() (certpath string, keypath string, err error) {
certpath = os.Getenv("IETUDE_CERT_PATH")
if certpath == "" {
err = fmt.Errorf("no environment variable IETUDE_CERT_PATH")
return
}
keypath = os.Getenv("IETUDE_CERTKEY_PATH")
if keypath == "" {
err = fmt.Errorf("no environment variable IETUDE_CERTKEY_PATH")
return
}
return
}
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/dc40264f-5314-496b-9069-81acbf94701a%40googlegroups.com.
