diff --git a/acme/api/order.go b/acme/api/order.go index 3eaae38c2..84ec15a4d 100644 --- a/acme/api/order.go +++ b/acme/api/order.go @@ -30,12 +30,7 @@ type OrderOptions struct { type OrderService service // New Creates a new order. -func (o *OrderService) New(ctx context.Context, domains []string) (acme.ExtendedOrder, error) { - return o.NewWithOptions(ctx, domains, nil) -} - -// NewWithOptions Creates a new order. -func (o *OrderService) NewWithOptions(ctx context.Context, domains []string, opts *OrderOptions) (acme.ExtendedOrder, error) { +func (o *OrderService) New(ctx context.Context, domains []string, opts *OrderOptions) (acme.ExtendedOrder, error) { orderReq := acme.Order{Identifiers: createIdentifiers(domains)} if opts != nil { diff --git a/acme/api/order_test.go b/acme/api/order_test.go index dc1f2e3af..79e2a121d 100644 --- a/acme/api/order_test.go +++ b/acme/api/order_test.go @@ -93,7 +93,7 @@ func TestOrderService_NewWithOptions(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - order, err := core.Orders.NewWithOptions(t.Context(), []string{"example.com"}, test.opts) + order, err := core.Orders.New(t.Context(), []string{"example.com"}, test.opts) require.NoError(t, err) assert.Equal(t, test.expected, order) diff --git a/certcrypto/crypto.go b/certcrypto/crypto.go index 00f0654b9..7196a349e 100644 --- a/certcrypto/crypto.go +++ b/certcrypto/crypto.go @@ -138,15 +138,6 @@ func GeneratePrivateKey(keyType KeyType) (crypto.PrivateKey, error) { return nil, fmt.Errorf("invalid KeyType: %s", keyType) } -// Deprecated: uses [CreateCSR] instead. -func GenerateCSR(privateKey crypto.PrivateKey, domain string, san []string, mustStaple bool) ([]byte, error) { - return CreateCSR(privateKey, CSROptions{ - Domain: domain, - SAN: san, - MustStaple: mustStaple, - }) -} - type CSROptions struct { Domain string SAN []string diff --git a/certificate/certificates.go b/certificate/certificates.go index 270cb4803..e6a48c556 100644 --- a/certificate/certificates.go +++ b/certificate/certificates.go @@ -177,7 +177,7 @@ func (c *Certifier) Obtain(ctx context.Context, request ObtainRequest) (*Resourc ReplacesCertID: request.ReplacesCertID, } - order, err := c.core.Orders.NewWithOptions(ctx, domains, orderOpts) + order, err := c.core.Orders.New(ctx, domains, orderOpts) if err != nil { return nil, err } @@ -245,7 +245,7 @@ func (c *Certifier) ObtainForCSR(ctx context.Context, request ObtainForCSRReques ReplacesCertID: request.ReplacesCertID, } - order, err := c.core.Orders.NewWithOptions(ctx, domains, orderOpts) + order, err := c.core.Orders.New(ctx, domains, orderOpts) if err != nil { return nil, err } @@ -472,7 +472,7 @@ func (c *Certifier) RevokeWithReason(ctx context.Context, cert []byte, reason *u return c.core.Certificates.Revoke(ctx, revokeMsg) } -// RenewOptions options used by Certifier.RenewWithOptions. +// RenewOptions options used by [Certifier.Renew]. type RenewOptions struct { NotBefore time.Time NotAfter time.Time @@ -498,27 +498,7 @@ type RenewOptions struct { // If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle. // // For private key reuse the PrivateKey property of the passed in Resource should be non-nil. -// -// Deprecated: use RenewWithOptions instead. -func (c *Certifier) Renew(ctx context.Context, certRes Resource, bundle, mustStaple bool, preferredChain string) (*Resource, error) { - return c.RenewWithOptions(ctx, certRes, &RenewOptions{ - Bundle: bundle, - PreferredChain: preferredChain, - MustStaple: mustStaple, - }) -} - -// RenewWithOptions takes a Resource and tries to renew the certificate. -// -// If the renewal process succeeds, the new certificate will be returned in a new CertResource. -// Please be aware that this function will return a new certificate in ANY case that is not an error. -// If the server does not provide us with a new cert on a GET request to the CertURL -// this function will start a new-cert flow where a new certificate gets generated. -// -// If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle. -// -// For private key reuse the PrivateKey property of the passed in Resource should be non-nil. -func (c *Certifier) RenewWithOptions(ctx context.Context, certRes Resource, options *RenewOptions) (*Resource, error) { +func (c *Certifier) Renew(ctx context.Context, certRes Resource, options *RenewOptions) (*Resource, error) { // Input certificate is PEM encoded. // Decode it here as we may need the decoded cert later on in the renewal process. // The input may be a bundle or a single certificate. diff --git a/challenge/dns01/client_cname.go b/challenge/dns01/client_cname.go index d7115d091..b3340cf19 100644 --- a/challenge/dns01/client_cname.go +++ b/challenge/dns01/client_cname.go @@ -15,9 +15,17 @@ func (c *Client) lookupCNAME(ctx context.Context, fqdn string) string { for range 50 { // Keep following CNAMEs r, err := c.sendQuery(ctx, fqdn, dns.TypeCNAME, true) + if err != nil { + log.Debug("Lookup CNAME.", + slog.String("fqdn", fqdn), + log.ErrorAttr(err), + ) - if err != nil || r.Rcode != dns.RcodeSuccess { - // TODO(ldez): logs the error in v5 + // No more CNAME records to follow, exit + break + } + + if r.Rcode != dns.RcodeSuccess { // No more CNAME records to follow, exit break } diff --git a/providers/dns/acmedns/acmedns.go b/providers/dns/acmedns/acmedns.go index 8154e4b1a..2378f5ad0 100644 --- a/providers/dns/acmedns/acmedns.go +++ b/providers/dns/acmedns/acmedns.go @@ -113,25 +113,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { }, nil } -// NewDNSProviderClient creates an ACME-DNS DNSProvider with the given acmeDNSClient and [goacmedns.Storage]. -// -// Deprecated: use [NewDNSProviderConfig] instead. -func NewDNSProviderClient(client acmeDNSClient, store goacmedns.Storage) (*DNSProvider, error) { - if client == nil { - return nil, errors.New("acme-dns: Client must be not nil") - } - - if store == nil { - return nil, errors.New("acme-dns: Storage must be not nil") - } - - return &DNSProvider{ - config: NewDefaultConfig(), - client: client, - storage: store, - }, nil -} - // ErrCNAMERequired is returned by Present when the Domain indicated had no // existing ACME-DNS account in the Storage and additional setup is required. // The user must create a CNAME in the DNS zone for Domain that aliases FQDN diff --git a/providers/dns/acmedns/acmedns.toml b/providers/dns/acmedns/acmedns.toml index e491569b0..52e235b10 100644 --- a/providers/dns/acmedns/acmedns.toml +++ b/providers/dns/acmedns/acmedns.toml @@ -1,8 +1,8 @@ Name = "Joohoi's ACME-DNS" Description = '''''' URL = "https://github.com/joohoi/acme-dns" -Code = "acme-dns" -Aliases = ["acmedns"] # TODO(ldez): remove "-" in v5 +Code = "acmedns" +Aliases = ["acme-dns"] Since = "v1.1.0" Example = ''' diff --git a/providers/dns/edgedns/edgedns.go b/providers/dns/edgedns/edgedns.go index 43a55b588..cc9378421 100644 --- a/providers/dns/edgedns/edgedns.go +++ b/providers/dns/edgedns/edgedns.go @@ -31,8 +31,8 @@ const ( EnvPollingInterval = envNamespace + "POLLING_INTERVAL" ) -// Test Environment variables names (unused). -// TODO(ldez): must be moved into test files. +// Managed by the Akamai EdgeGrid client. +// The constants are only helpers. const ( EnvHost = envNamespace + "HOST" EnvClientToken = envNamespace + "CLIENT_TOKEN" diff --git a/providers/dns/internal/selectel/provider.go b/providers/dns/internal/selectel/provider.go index 6a51252b2..077799aaa 100644 --- a/providers/dns/internal/selectel/provider.go +++ b/providers/dns/internal/selectel/provider.go @@ -26,9 +26,6 @@ type Config struct { PollingInterval time.Duration TTL int HTTPClient *http.Client - - // TODO(ldez): remove in v5? - BaseURL string } // DNSProvider implements the challenge.Provider interface. @@ -38,7 +35,7 @@ type DNSProvider struct { } // NewDNSProviderConfig return a DNSProvider instance configured for selectel. -func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { +func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) { if config == nil { return nil, errors.New("the configuration of the DNS provider is nil") } @@ -59,11 +56,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { client.HTTPClient = clientdebug.Wrap(client.HTTPClient) - var err error + if baseURL != "" { + var err error - client.BaseURL, err = url.Parse(config.BaseURL) - if err != nil { - return nil, fmt.Errorf("%w", err) + client.BaseURL, err = url.Parse(baseURL) + if err != nil { + return nil, err + } } return &DNSProvider{config: config, client: client}, nil diff --git a/providers/dns/internal/selectel/provider_test.go b/providers/dns/internal/selectel/provider_test.go index 75a032bf4..26c2fff5e 100644 --- a/providers/dns/internal/selectel/provider_test.go +++ b/providers/dns/internal/selectel/provider_test.go @@ -40,7 +40,7 @@ func TestNewDNSProviderConfig(t *testing.T) { config.TTL = test.ttl config.Token = test.token - p, err := NewDNSProviderConfig(config) + p, err := NewDNSProviderConfig(config, "") if test.expected == "" { require.NoError(t, err) diff --git a/providers/dns/ipv64/ipv64.go b/providers/dns/ipv64/ipv64.go index 9ee8c071a..8b2b30e73 100644 --- a/providers/dns/ipv64/ipv64.go +++ b/providers/dns/ipv64/ipv64.go @@ -36,7 +36,6 @@ type Config struct { PropagationTimeout time.Duration PollingInterval time.Duration HTTPClient *http.Client - SequenceInterval time.Duration // Deprecated: unused, will be removed in v5. } // NewDefaultConfig returns a default configuration for the DNSProvider. diff --git a/providers/dns/netcup/netcup.go b/providers/dns/netcup/netcup.go index 382076102..28f00128c 100644 --- a/providers/dns/netcup/netcup.go +++ b/providers/dns/netcup/netcup.go @@ -26,9 +26,6 @@ const ( EnvAPIKey = envNamespace + "API_KEY" EnvAPIPassword = envNamespace + "API_PASSWORD" - // Deprecated: the TTL is not configurable on record. - EnvTTL = envNamespace + "TTL" - EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" EnvPollingInterval = envNamespace + "POLLING_INTERVAL" EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT" @@ -44,9 +41,6 @@ type Config struct { PropagationTimeout time.Duration PollingInterval time.Duration HTTPClient *http.Client - - // Deprecated: the TTL is not configurable on record. - TTL int } // NewDefaultConfig returns a default configuration for the DNSProvider. diff --git a/providers/dns/scaleway/scaleway.go b/providers/dns/scaleway/scaleway.go index 1a81a5317..678843582 100644 --- a/providers/dns/scaleway/scaleway.go +++ b/providers/dns/scaleway/scaleway.go @@ -52,7 +52,7 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil) // Config is used to configure the creation of the DNSProvider. type Config struct { ProjectID string - Token string // TODO(ldez) rename to SecretKey in the next major. + SecretKey string AccessKey string PropagationTimeout time.Duration @@ -90,7 +90,7 @@ func NewDNSProvider() (*DNSProvider, error) { } config := NewDefaultConfig() - config.Token = values[EnvSecretKey] + config.SecretKey = values[EnvSecretKey] config.AccessKey = env.GetOrDefaultString(EnvAccessKey, dumpAccessKey) config.ProjectID = env.GetOrFile(EnvProjectID) @@ -103,7 +103,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, errors.New("scaleway: the configuration of the DNS provider is nil") } - if config.Token == "" { + if config.SecretKey == "" { return nil, errors.New("scaleway: credentials missing") } @@ -112,7 +112,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { } configuration := []scw.ClientOption{ - scw.WithAuth(config.AccessKey, config.Token), + scw.WithAuth(config.AccessKey, config.SecretKey), scw.WithUserAgent(useragent.Get()), } diff --git a/providers/dns/scaleway/scaleway_test.go b/providers/dns/scaleway/scaleway_test.go index af5f28e49..33b5d0e98 100644 --- a/providers/dns/scaleway/scaleway_test.go +++ b/providers/dns/scaleway/scaleway_test.go @@ -84,7 +84,7 @@ func TestNewDNSProviderConfig(t *testing.T) { t.Run(test.desc, func(t *testing.T) { config := NewDefaultConfig() config.TTL = test.ttl - config.Token = test.token + config.SecretKey = test.token p, err := NewDNSProviderConfig(config) diff --git a/providers/dns/selectel/selectel.go b/providers/dns/selectel/selectel.go index 457762454..edb65376c 100644 --- a/providers/dns/selectel/selectel.go +++ b/providers/dns/selectel/selectel.go @@ -20,7 +20,6 @@ import ( const ( envNamespace = "SELECTEL_" - EnvBaseURL = envNamespace + "BASE_URL" EnvAPIToken = envNamespace + "API_TOKEN" EnvTTL = envNamespace + "TTL" @@ -29,6 +28,8 @@ const ( EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT" ) +const defaultBaseURL = "https://api.selectel.ru/domains/v1" + var _ challenge.ProviderTimeout = (*DNSProvider)(nil) // Config is used to configure the creation of the DNSProvider. @@ -37,7 +38,6 @@ type Config = selectel.Config // NewDefaultConfig returns a default configuration for the DNSProvider. func NewDefaultConfig() *Config { return &Config{ - BaseURL: env.GetOrDefaultString(EnvBaseURL, ""), TTL: env.GetOrDefaultInt(EnvTTL, selectel.MinTTL), PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second), PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval), @@ -72,7 +72,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, errors.New("selectel: the configuration of the DNS provider is nil") } - provider, err := selectel.NewDNSProviderConfig(config) + provider, err := selectel.NewDNSProviderConfig(config, defaultBaseURL) if err != nil { return nil, fmt.Errorf("selectel: %w", err) } diff --git a/providers/dns/selectel/selectel.toml b/providers/dns/selectel/selectel.toml index 087c97b5b..1e404723e 100644 --- a/providers/dns/selectel/selectel.toml +++ b/providers/dns/selectel/selectel.toml @@ -13,7 +13,6 @@ lego --dns selectel -d '*.example.com' -d example.com run [Configuration.Credentials] SELECTEL_API_TOKEN = "API token" [Configuration.Additional] - SELECTEL_BASE_URL = "API endpoint URL" SELECTEL_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)" SELECTEL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)" SELECTEL_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)" diff --git a/providers/dns/vinyldns/vinyldns.go b/providers/dns/vinyldns/vinyldns.go index b2fefc0c9..5979486ec 100644 --- a/providers/dns/vinyldns/vinyldns.go +++ b/providers/dns/vinyldns/vinyldns.go @@ -106,9 +106,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { if config.HTTPClient != nil { client.HTTPClient = config.HTTPClient - } else { - // For compatibility, it should be removed in v5. - client.HTTPClient.Timeout = 30 * time.Second } client.HTTPClient = clientdebug.Wrap(client.HTTPClient) diff --git a/providers/dns/vscale/vscale.go b/providers/dns/vscale/vscale.go index 71d77fa57..b2ec79091 100644 --- a/providers/dns/vscale/vscale.go +++ b/providers/dns/vscale/vscale.go @@ -20,7 +20,6 @@ import ( const ( envNamespace = "VSCALE_" - EnvBaseURL = envNamespace + "BASE_URL" EnvAPIToken = envNamespace + "API_TOKEN" EnvTTL = envNamespace + "TTL" @@ -39,7 +38,6 @@ type Config = selectel.Config // NewDefaultConfig returns a default configuration for the DNSProvider. func NewDefaultConfig() *Config { return &Config{ - BaseURL: env.GetOrDefaultString(EnvBaseURL, defaultBaseURL), TTL: env.GetOrDefaultInt(EnvTTL, selectel.MinTTL), PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second), PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval), @@ -74,11 +72,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, errors.New("vscale: the configuration of the DNS provider is nil") } - if config.BaseURL == "" { - config.BaseURL = defaultBaseURL - } - - provider, err := selectel.NewDNSProviderConfig(config) + provider, err := selectel.NewDNSProviderConfig(config, defaultBaseURL) if err != nil { return nil, fmt.Errorf("vscale: %w", err) } diff --git a/providers/dns/vscale/vscale.toml b/providers/dns/vscale/vscale.toml index f7dc0d943..c7fff21f2 100644 --- a/providers/dns/vscale/vscale.toml +++ b/providers/dns/vscale/vscale.toml @@ -13,7 +13,6 @@ lego --dns vscale -d '*.example.com' -d example.com run [Configuration.Credentials] VSCALE_API_TOKEN = "API token" [Configuration.Additional] - VSCALE_BASE_URL = "API endpoint URL" VSCALE_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)" VSCALE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)" VSCALE_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)" diff --git a/providers/dns/vultr/vultr.go b/providers/dns/vultr/vultr.go index 87c15d2e4..7012a92ee 100644 --- a/providers/dns/vultr/vultr.go +++ b/providers/dns/vultr/vultr.go @@ -39,7 +39,6 @@ type Config struct { PollingInterval time.Duration TTL int HTTPClient *http.Client - HTTPTimeout time.Duration // TODO(ldez): remove in v5 } // NewDefaultConfig returns a default configuration for the DNSProvider. @@ -48,7 +47,9 @@ func NewDefaultConfig() *Config { TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL), PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout), PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval), - HTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second), + HTTPClient: &http.Client{ + Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second), + }, } } @@ -83,7 +84,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { } authClient := OAuthStaticAccessToken(config.HTTPClient, config.APIKey) - authClient.Timeout = config.HTTPTimeout client := govultr.NewClient(clientdebug.Wrap(authClient))