Steven/certman
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

[CI-SKIP] Upload current

Browse Source
This commit is contained in:
Steven Tracey
2026-04-24 10:37:46 -04:00
parent 6aacbfbb71
commit fb1abd6211
12 changed files with 519 additions and 579 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
app/server/certs.go
View File

@@ -8,8 +8,6 @@ import (
"git.nevets.tech/Steven/certman/app"
"git.nevets.tech/Steven/certman/common"
"git.nevets.tech/Steven/certman/server"
"github.com/go-git/go-billy/v5/memfs"
"github.com/go-git/go-git/v5/storage/memory"
"github.com/spf13/cobra"
)
@@ -41,12 +39,7 @@ func renewCertCmd(domain string, noPush bool) error {
if err != nil {
return err
}
err = renewCerts(domain, noPush, mgr)
if err != nil {
return err
}
// return ReloadDaemonCmd() // Not sure if this is necessary
return nil
return renewCerts(domain, noPush, mgr)
}
func renewCerts(domain string, noPush bool, mgr *server.ACMEManager) error {
@@ -56,70 +49,37 @@ func renewCerts(domain string, noPush bool, mgr *server.ACMEManager) error {
return fmt.Errorf("domain %s does not exist", domain)
}
_, err := mgr.RenewForDomain(domain)
if err != nil {
// if no existing cert, obtain instead
_, err = mgr.ObtainForDomain(domain, config, domainConfig)
if err != nil {
if _, err := mgr.RenewForDomain(domain); err != nil {
// If the domain has no stored resource yet, fall through to Obtain.
if _, err := mgr.ObtainForDomain(domain, config, domainConfig); err != nil {
return fmt.Errorf("error obtaining domain certificates for domain %s: %v", domain, err)
}
}
domainConfig.Internal.LastIssued = time.Now().UTC().Unix()
err = app.WriteDomainConfig(domainConfig)
if err != nil {
if err := app.WriteDomainConfig(domainConfig); err != nil {
return fmt.Errorf("error saving domain config %s: %v", domain, err)
}
err = common.EncryptFileXChaCha(domainConfig.Certificates.CryptoKey, filepath.Join(mgr.CertsRoot, domain, domain+".crt"), filepath.Join(mgr.CertsRoot, domain, domain+".crt.crpt"), nil)
if err != nil {
certsDir := filepath.Join(mgr.CertsRoot, domain)
if err := common.EncryptFileXChaCha(domainConfig.Certificates.CryptoKey, filepath.Join(certsDir, domain+".crt"), filepath.Join(certsDir, domain+".crt.crpt"), nil); err != nil {
return fmt.Errorf("error encrypting domain cert for domain %s: %v", domain, err)
}
err = common.EncryptFileXChaCha(domainConfig.Certificates.CryptoKey, filepath.Join(mgr.CertsRoot, domain, domain+".key"), filepath.Join(mgr.CertsRoot, domain, domain+".key.crpt"), nil)
if err != nil {
if err := common.EncryptFileXChaCha(domainConfig.Certificates.CryptoKey, filepath.Join(certsDir, domain+".key"), filepath.Join(certsDir, domain+".key.crpt"), nil); err != nil {
return fmt.Errorf("error encrypting domain key for domain %s: %v", domain, err)
}
if !noPush {
giteaClient := common.CreateGiteaClient(config)
if giteaClient == nil {
return fmt.Errorf("error creating gitea client for domain %s: %v", domain, err)
}
gitWorkspace := &common.GitWorkspace{
Storage: memory.NewStorage(),
FS: memfs.New(),
}
var repoUrl string
if !domainConfig.Internal.RepoExists {
repoUrl = common.CreateGiteaRepo(domain, giteaClient, config, domainConfig)
if repoUrl == "" {
return fmt.Errorf("error creating Gitea repo for domain %s", domain)
}
domainConfig.Internal.RepoExists = true
err = app.WriteDomainConfig(domainConfig)
if err != nil {
return fmt.Errorf("error saving domain config %s: %v", domain, err)
}
err = common.InitRepo(repoUrl, gitWorkspace)
if err != nil {
return fmt.Errorf("error initializing repo for domain %s: %v", domain, err)
}
} else {
repoUrl = config.Git.Server + "/" + config.Git.OrgName + "/" + domain + domainConfig.Repo.RepoSuffix + ".git"
err = common.CloneRepo(repoUrl, gitWorkspace, common.Server, config)
if err != nil {
return fmt.Errorf("error cloning repo for domain %s: %v", domain, err)
}
}
err = common.AddAndPushCerts(domain, gitWorkspace, config, domainConfig)
if err != nil {
return fmt.Errorf("error pushing certificates for domain %s: %v", domain, err)
}
fmt.Printf("Successfully pushed certificates for domain %s\n", domain)
if noPush {
return nil
}
ws, err := prepareServerWorkspace(config, domainConfig, domain)
if err != nil {
return fmt.Errorf("prepare workspace for %s: %w", domain, err)
}
if err := server.AddAndPushCerts(ws, certsDir, config); err != nil {
return fmt.Errorf("push certificates for %s: %w", domain, err)
}
fmt.Printf("Successfully pushed certificates for domain %s\n", domain)
return nil
}