deblan-mirror/lego
1
0
Fork 0
mirror of https://github.com/go-acme/lego synced 2026-03-14 14:35:48 +01:00
Code Issues Projects Releases Packages Wiki Activity

refactor: logs inside CLI files

Browse source
This commit is contained in:
Fernandez Ludovic 2026-01-10 04:14:08 +01:00
commit 0880332b90
9 changed files with 95 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

22
cmd/accounts_storage.go
View file

@ -79,7 +79,7 @@ func NewAccountsStorage(ctx *cli.Context) *AccountsStorage {
serverURL, err := url.Parse(ctx.String(flgServer))
if err != nil {
log.Fatal(err)
log.Fatal("URL parsing", "flag", flgServer, "serverURL", ctx.String(flgServer), "error", err)
}
rootPath := filepath.Join(ctx.String(flgPath), baseAccountsRootFolderName)
@ -103,7 +103,7 @@ func (s *AccountsStorage) ExistsAccountFilePath() bool {
if _, err := os.Stat(accountFile); os.IsNotExist(err) {
return false
} else if err != nil {
log.Fatal(err)
log.Fatal("Could not read the account file.", "filepath", accountFile, "error", err)
}
return true
@ -137,14 +137,14 @@ func (s *AccountsStorage) Save(account *Account) error {
func (s *AccountsStorage) LoadAccount(privateKey crypto.PrivateKey) *Account {
fileBytes, err := os.ReadFile(s.accountFilePath)
if err != nil {
log.Fatalf("Could not load file for account %s: %v", s.GetUserID(), err)
log.Fatal("Could not load the account file.", "userID", s.GetUserID(), "error", err)
}
var account Account
err = json.Unmarshal(fileBytes, &account)
if err != nil {
log.Fatalf("Could not parse file for account %s: %v", s.GetUserID(), err)
log.Fatal("Could not parse the account file.", "userID", s.GetUserID(), "error", err)
}
account.key = privateKey
@ -152,14 +152,14 @@ func (s *AccountsStorage) LoadAccount(privateKey crypto.PrivateKey) *Account {
if account.Registration == nil || account.Registration.Body.Status == "" {
reg, err := tryRecoverRegistration(s.ctx, privateKey)
if err != nil {
log.Fatalf("Could not load account for %s. Registration is nil: %#v", s.GetUserID(), err)
log.Fatal("Could not load the account file. Registration is nil.", "userID", s.GetUserID(), "error", err)
}
account.Registration = reg
err = s.Save(&account)
if err != nil {
log.Fatalf("Could not save account for %s. Registration is nil: %#v", s.GetUserID(), err)
log.Fatal("Could not save the account file. Registration is nil.", "userID", s.GetUserID(), "error", err)
}
}
@ -170,22 +170,22 @@ func (s *AccountsStorage) GetPrivateKey(keyType certcrypto.KeyType) crypto.Priva
accKeyPath := filepath.Join(s.keysPath, s.GetUserID()+".key")
if _, err := os.Stat(accKeyPath); os.IsNotExist(err) {
log.Printf("No key found for account %s. Generating a %s key.", s.GetUserID(), keyType)
log.Info("No key found for the account. Generating a new private key.", "userID", s.GetUserID(), "keyType", keyType)
s.createKeysFolder()
privateKey, err := generatePrivateKey(accKeyPath, keyType)
if err != nil {
log.Fatalf("Could not generate RSA private account key for account %s: %v", s.GetUserID(), err)
log.Fatal("Could not generate the RSA private account key.", "userID", s.GetUserID(), "error", err)
}
log.Printf("Saved key to %s", accKeyPath)
log.Info("Saved key.", "filepath", accKeyPath)
return privateKey
}
privateKey, err := loadPrivateKey(accKeyPath)
if err != nil {
log.Fatalf("Could not load RSA private key from file %s: %v", accKeyPath, err)
log.Fatal("Could not load an RSA private key from the file.", "filepath", accKeyPath, "error", err)
}
return privateKey
@ -193,7 +193,7 @@ func (s *AccountsStorage) GetPrivateKey(keyType certcrypto.KeyType) crypto.Priva
func (s *AccountsStorage) createKeysFolder() {
if err := createNonExistingFolder(s.keysPath); err != nil {
log.Fatalf("Could not check/create directory for account %s: %v", s.GetUserID(), err)
log.Fatal("Could not check/create the directory for the account.", "userID", s.GetUserID(), "error", err)
}
}

26
cmd/certs_storage.go
View file

@ -65,7 +65,7 @@ func NewCertificatesStorage(ctx *cli.Context) *CertificatesStorage {
switch pfxFormat {
case "DES", "RC2", "SHA256":
default:
log.Fatalf("Invalid PFX format: %s", pfxFormat)
log.Fatal("Invalid PFX format.", "format", pfxFormat)
}
return &CertificatesStorage{
@ -82,14 +82,14 @@ func NewCertificatesStorage(ctx *cli.Context) *CertificatesStorage {
func (s *CertificatesStorage) CreateRootFolder() {
err := createNonExistingFolder(s.rootPath)
if err != nil {
log.Fatalf("Could not check/create path: %v", err)
log.Fatal("Could not check/create the root folder", "filepath", s.rootPath, "error", err)
}
}
func (s *CertificatesStorage) CreateArchiveFolder() {
err := createNonExistingFolder(s.archivePath)
if err != nil {
log.Fatalf("Could not check/create path: %v", err)
log.Fatal("Could not check/create the archive folder.", "filepath", s.archivePath, "error", err)
}
}
@ -104,13 +104,13 @@ func (s *CertificatesStorage) SaveResource(certRes *certificate.Resource) {
// as web servers would not be able to work with a combined file.
err := s.WriteFile(domain, certExt, certRes.Certificate)
if err != nil {
log.Fatalf("Unable to save Certificate for domain %s\n\t%v", domain, err)
log.Fatal("Unable to save Certificate.", "domain", domain, "error", err)
}
if certRes.IssuerCertificate != nil {
err = s.WriteFile(domain, issuerExt, certRes.IssuerCertificate)
if err != nil {
log.Fatalf("Unable to save IssuerCertificate for domain %s\n\t%v", domain, err)
log.Fatal("Unable to save IssuerCertificate.", "domain", domain, "error", err)
}
}
@ -118,33 +118,33 @@ func (s *CertificatesStorage) SaveResource(certRes *certificate.Resource) {
if certRes.PrivateKey != nil {
err = s.WriteCertificateFiles(domain, certRes)
if err != nil {
log.Fatalf("Unable to save PrivateKey for domain %s\n\t%v", domain, err)
log.Fatal("Unable to save PrivateKey.", "domain", domain, "error", err)
}
} else if s.pem || s.pfx {
// we don't have the private key; can't write the .pem or .pfx file
log.Fatalf("Unable to save PEM or PFX without private key for domain %s. Are you using a CSR?", domain)
log.Fatal("Unable to save PEM or PFX without the private key. Are you using a CSR?", "domain", domain)
}
jsonBytes, err := json.MarshalIndent(certRes, "", "\t")
if err != nil {
log.Fatalf("Unable to marshal CertResource for domain %s\n\t%v", domain, err)
log.Fatal("Unable to marshal CertResource.", "domain", domain, "error", err)
}
err = s.WriteFile(domain, resourceExt, jsonBytes)
if err != nil {
log.Fatalf("Unable to save CertResource for domain %s\n\t%v", domain, err)
log.Fatal("Unable to save CertResource.", "domain", domain, "error", err)
}
}
func (s *CertificatesStorage) ReadResource(domain string) certificate.Resource {
raw, err := s.ReadFile(domain, resourceExt)
if err != nil {
log.Fatalf("Error while loading the meta data for domain %s\n\t%v", domain, err)
log.Fatal("Error while loading the metadata.", "domain", domain, "error", err)
}
var resource certificate.Resource
if err = json.Unmarshal(raw, &resource); err != nil {
log.Fatalf("Error while marshaling the meta data for domain %s\n\t%v", domain, err)
log.Fatal("Error while marshaling the metadata.", "domain", domain, "error", err)
}
return resource
@ -156,7 +156,7 @@ func (s *CertificatesStorage) ExistsFile(domain, extension string) bool {
if _, err := os.Stat(filePath); os.IsNotExist(err) {
return false
} else if err != nil {
log.Fatal(err)
log.Fatal("File stat", "filepath", filePath, "error", err)
}
return true
@ -319,7 +319,7 @@ func getPFXEncoder(pfxFormat string) (*pkcs12.Encoder, error) {
func sanitizedDomain(domain string) string {
safe, err := idna.ToASCII(strings.NewReplacer(":", "-", "*", "_").Replace(domain))
if err != nil {
log.Fatal(err)
log.Fatal("Could not sanitize the domain.", "domain", domain, "error", err)
}
return safe

8
cmd/cmd_before.go
View file

@ -1,22 +1,24 @@
package cmd
import (
"fmt"
"github.com/go-acme/lego/v5/log"
"github.com/urfave/cli/v2"
)
func Before(ctx *cli.Context) error {
if ctx.String(flgPath) == "" {
log.Fatalf("Could not determine current working directory. Please pass --%s.", flgPath)
log.Fatal(fmt.Sprintf("Could not determine the current working directory. Please pass --%s.", flgPath))
}
err := createNonExistingFolder(ctx.String(flgPath))
if err != nil {
log.Fatalf("Could not check/create path: %v", err)
log.Fatal("Could not check/create the path.", "flag", flgPath, "filepath", ctx.String(flgPath), "error", err)
}
if ctx.String(flgServer) == "" {
log.Fatalf("Could not determine current working server. Please pass --%s.", flgServer)
log.Fatal(fmt.Sprintf("Could not determine the current working server. Please pass --%s.", flgServer))
}
return nil

60
cmd/cmd_renew.go
View file

@ -4,6 +4,7 @@ import (
"crypto"
"crypto/x509"
"errors"
"fmt"
"math/rand"
"os"
"slices"
@ -42,15 +43,15 @@ func createRenew() *cli.Command {
hasCsr := ctx.String(flgCSR) != ""
if hasDomains && hasCsr {
log.Fatalf("Please specify either --%s/-d or --%s/-c, but not both", flgDomains, flgCSR)
log.Fatal(fmt.Sprintf("Please specify either --%s/-d or --%s/-c, but not both", flgDomains, flgCSR))
}
if !hasDomains && !hasCsr {
log.Fatalf("Please specify --%s/-d (or --%s/-c if you already have a CSR)", flgDomains, flgCSR)
log.Fatal(fmt.Sprintf("Please specify --%s/-d (or --%s/-c if you already have a CSR)", flgDomains, flgCSR))
}
if ctx.Bool(flgForceCertDomains) && hasCsr {
log.Fatalf("--%s only works with --%s/-d, --%s/-c doesn't support this option.", flgForceCertDomains, flgDomains, flgCSR)
log.Fatal(fmt.Sprintf("--%s only works with --%s/-d, --%s/-c doesn't support this option.", flgForceCertDomains, flgDomains, flgCSR))
}
return nil
@ -137,7 +138,7 @@ func renew(cliCtx *cli.Context) error {
account, keyType := setupAccount(cliCtx, NewAccountsStorage(cliCtx))
if account.Registration == nil {
log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", account.Email)
log.Fatal("The account is not registered. Use 'run' to register a new account.", "email", account.Email)
}
certsStorage := NewCertificatesStorage(cliCtx)
@ -166,7 +167,7 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
// as web servers would not be able to work with a combined file.
certificates, err := certsStorage.ReadCertificate(domain, certExt)
if err != nil {
log.Fatalf("Error while loading the certificate for domain %s\n\t%v", domain, err)
log.Fatal("Error while loading the certificate.", "domain", domain, "error", err)
}
cert := certificates[0]
@ -187,14 +188,14 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
// Figure out if we need to sleep before renewing.
if ariRenewalTime.After(now) {
log.Infof("[%s] Sleeping %s until renewal time %s", domain, ariRenewalTime.Sub(now), ariRenewalTime)
log.Info("Sleeping until renewal time", "domain", domain, "sleep", ariRenewalTime.Sub(now), "renewalTime", ariRenewalTime)
time.Sleep(ariRenewalTime.Sub(now))
}
}
replacesCertID, err = certificate.MakeARICertID(cert)
if err != nil {
log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
log.Fatal("Error while construction the ARI CertID.", "domain", domain, "error", err)
}
}
@ -213,14 +214,14 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
// This is just meant to be informal for the user.
timeLeft := cert.NotAfter.Sub(time.Now().UTC())
log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
log.Info("acme: Trying renewal.", "domain", domain, "hoursRemaining", int(timeLeft.Hours()))
var privateKey crypto.PrivateKey
if cliCtx.Bool(flgReuseKey) {
keyBytes, errR := certsStorage.ReadFile(domain, keyExt)
if errR != nil {
log.Fatalf("Error while loading the private key for domain %s\n\t%v", domain, errR)
log.Fatal("Error while loading the private key.", "domain", domain, "error", errR)
}
privateKey, errR = certcrypto.ParsePEMPrivateKey(keyBytes)
@ -238,7 +239,7 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
rnd := rand.New(rand.NewSource(time.Now().UnixNano()))
sleepTime := time.Duration(rnd.Int63n(int64(jitter)))
log.Infof("renewal: random delay of %s", sleepTime)
log.Info("renewal: random delay.", "sleep", sleepTime)
time.Sleep(sleepTime)
}
@ -265,7 +266,7 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
certRes, err := client.Certificate.Obtain(cliCtx.Context, request)
if err != nil {
log.Fatal(err)
log.Fatal("Could not obtain the certificate.", "error", err)
}
certRes.Domain = domain
@ -280,12 +281,12 @@ func renewForDomains(cliCtx *cli.Context, account *Account, keyType certcrypto.K
func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyType, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
csr, err := readCSRFile(cliCtx.String(flgCSR))
if err != nil {
log.Fatal(err)
log.Fatal("Could not read CSR file.", "flag", flgCSR, "filepath", cliCtx.String(flgCSR), "error", err)
}
domain, err := certcrypto.GetCSRMainDomain(csr)
if err != nil {
log.Fatalf("Error: %v", err)
log.Fatal("Could not get CSR main domain.", "error", err)
}
// load the cert resource from files.
@ -293,7 +294,7 @@ func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyTy
// as web servers would not be able to work with a combined file.
certificates, err := certsStorage.ReadCertificate(domain, certExt)
if err != nil {
log.Fatalf("Error while loading the certificate for domain %s\n\t%v", domain, err)
log.Fatal("Error while loading the certificate.", "domain", domain, "error", err)
}
cert := certificates[0]
@ -314,14 +315,14 @@ func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyTy
// Figure out if we need to sleep before renewing.
if ariRenewalTime.After(now) {
log.Infof("[%s] Sleeping %s until renewal time %s", domain, ariRenewalTime.Sub(now), ariRenewalTime)
log.Info("Sleeping until renewal time", "domain", domain, "sleep", ariRenewalTime.Sub(now), "renewalTime", ariRenewalTime)
time.Sleep(ariRenewalTime.Sub(now))
}
}
replacesCertID, err = certificate.MakeARICertID(cert)
if err != nil {
log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
log.Fatal("Error while construction the ARI CertID.", "domain", domain, "error", err)
}
}
@ -335,7 +336,7 @@ func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyTy
// This is just meant to be informal for the user.
timeLeft := cert.NotAfter.Sub(time.Now().UTC())
log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
log.Info("acme: Trying renewal.", "domain", domain, "hoursRemaining", int(timeLeft.Hours()))
request := certificate.ObtainForCSRRequest{
CSR: csr,
@ -353,7 +354,7 @@ func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyTy
certRes, err := client.Certificate.ObtainForCSR(cliCtx.Context, request)
if err != nil {
log.Fatal(err)
log.Fatal("Could not obtain the certificate fro CSR.", "error", err)
}
certsStorage.SaveResource(certRes)
@ -365,7 +366,7 @@ func renewForCSR(cliCtx *cli.Context, account *Account, keyType certcrypto.KeyTy
func needRenewal(x509Cert *x509.Certificate, domain string, days int, dynamic bool) bool {
if x509Cert.IsCA {
log.Fatalf("[%s] Certificate bundle starts with a CA certificate", domain)
log.Fatal("Certificate bundle starts with a CA certificate.", "domain", domain)
}
if dynamic {
@ -381,8 +382,8 @@ func needRenewal(x509Cert *x509.Certificate, domain string, days int, dynamic bo
return true
}
log.Printf("[%s] The certificate expires in %d days, the number of days defined to perform the renewal is %d: no renewal.",
domain, notAfter, days)
log.Info(fmt.Sprintf("Skip renewal: the certificate expires in %d days, the number of days defined to perform the renewal is %d.",
notAfter, days), "domain", domain)
return false
}
@ -401,8 +402,8 @@ func needRenewalDynamic(x509Cert *x509.Certificate, domain string, now time.Time
return true
}
log.Infof("[%s] The certificate expires at %s, the renewal can be performed in %s: no renewal.",
domain, x509Cert.NotAfter.Format(time.RFC3339), dueDate.Sub(now))
log.Info(fmt.Sprintf("Skip renewal: The certificate expires at %s, the renewal can be performed in %s.",
x509Cert.NotAfter.Format(time.RFC3339), dueDate.Sub(now)), "domain", domain)
return false
}
@ -410,18 +411,17 @@ func needRenewalDynamic(x509Cert *x509.Certificate, domain string, now time.Time
// getARIRenewalTime checks if the certificate needs to be renewed using the renewalInfo endpoint.
func getARIRenewalTime(cliCtx *cli.Context, cert *x509.Certificate, domain string, client *lego.Client) *time.Time {
if cert.IsCA {
log.Fatalf("[%s] Certificate bundle starts with a CA certificate", domain)
log.Fatal("Certificate bundle starts with a CA certificate.", "domain", domain)
}
renewalInfo, err := client.Certificate.GetRenewalInfo(cliCtx.Context, certificate.RenewalInfoRequest{Cert: cert})
if err != nil {
if errors.Is(err, api.ErrNoARI) {
// The server does not advertise a renewal info endpoint.
log.Warnf("[%s] acme: %v", domain, err)
log.Warn("acme: the server does not advertise a renewal info endpoint.", "domain", domain, "errorr", err)
return nil
}
log.Warnf("[%s] acme: calling renewal info endpoint: %v", domain, err)
log.Warn("acme: calling renewal info endpoint", "domain", domain, "error", err)
return nil
}
@ -430,14 +430,14 @@ func getARIRenewalTime(cliCtx *cli.Context, cert *x509.Certificate, domain strin
renewalTime := renewalInfo.ShouldRenewAt(now, cliCtx.Duration(flgARIWaitToRenewDuration))
if renewalTime == nil {
log.Infof("[%s] acme: renewalInfo endpoint indicates that renewal is not needed", domain)
log.Info("acme: renewalInfo endpoint indicates that renewal is not needed.", "domain", domain)
return nil
}
log.Infof("[%s] acme: renewalInfo endpoint indicates that renewal is needed", domain)
log.Info("acme: renewalInfo endpoint indicates that renewal is needed.", "domain", domain)
if renewalInfo.ExplanationURL != "" {
log.Infof("[%s] acme: renewalInfo endpoint provided an explanation: %s", domain, renewalInfo.ExplanationURL)
log.Info("acme: renewalInfo endpoint provided an explanation.", "domain", domain, "explanationURL", renewalInfo.ExplanationURL)
}
return renewalTime

12
cmd/cmd_revoke.go
View file

@ -41,7 +41,7 @@ func revoke(cliCtx *cli.Context) error {
account, keyType := setupAccount(cliCtx, NewAccountsStorage(cliCtx))
if account.Registration == nil {
log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", account.Email)
log.Fatal("Account is not registered. Use 'run' to register a new account.", "email", account.Email)
}
client := newClient(cliCtx, account, keyType)
@ -50,21 +50,21 @@ func revoke(cliCtx *cli.Context) error {
certsStorage.CreateRootFolder()
for _, domain := range cliCtx.StringSlice(flgDomains) {
log.Printf("Trying to revoke certificate for domain %s", domain)
log.Info("Trying to revoke the certificate.", "domain", domain)
certBytes, err := certsStorage.ReadFile(domain, certExt)
if err != nil {
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
log.Fatal("Error while revoking the certificate.", "domain", domain, "error", err)
}
reason := cliCtx.Uint(flgReason)
err = client.Certificate.RevokeWithReason(cliCtx.Context, certBytes, &reason)
if err != nil {
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
log.Fatal("Error while revoking the certificate.", "domain", domain, "error", err)
}
log.Println("Certificate was revoked.")
log.Info("Certificate was revoked.", "domain", domain)
if cliCtx.Bool(flgKeep) {
return nil
@ -77,7 +77,7 @@ func revoke(cliCtx *cli.Context) error {
return err
}
log.Println("Certificate was archived for domain:", domain)
log.Info("Certificate was archived", "domain", domain)
}
return nil

12
cmd/cmd_run.go
View file

@ -119,12 +119,12 @@ func run(cliCtx *cli.Context) error {
if account.Registration == nil {
reg, err := register(cliCtx, client)
if err != nil {
log.Fatalf("Could not complete registration\n\t%v", err)
log.Fatal("Could not complete registration.", "error", err)
}
account.Registration = reg
if err = accountsStorage.Save(account); err != nil {
log.Fatal(err)
log.Fatal("Could not save the account file.", "error", err)
}
fmt.Printf(rootPathWarningMessage, accountsStorage.GetRootPath())
@ -137,7 +137,7 @@ func run(cliCtx *cli.Context) error {
if err != nil {
// Make sure to return a non-zero exit code if ObtainSANCertificate returned at least one error.
// Due to us not returning partial certificate we can just exit here instead of at the end.
log.Fatalf("Could not obtain certificates:\n\t%v", err)
log.Fatal("Could not obtain certificates", "error", err)
}
certsStorage.SaveResource(cert)
@ -159,14 +159,14 @@ func handleTOS(ctx *cli.Context, client *lego.Client) bool {
reader := bufio.NewReader(os.Stdin)
log.Printf("Please review the TOS at %s", client.GetToSURL())
log.Warn("Please review the TOS", "url", client.GetToSURL())
for {
fmt.Println("Do you accept the TOS? Y/n")
text, err := reader.ReadString('\n')
if err != nil {
log.Fatalf("Could not read from console: %v", err)
log.Fatal("Could not read from the console", "error", err)
}
text = strings.Trim(text, "\r\n")
@ -192,7 +192,7 @@ func register(cliCtx *cli.Context, client *lego.Client) (*registration.Resource,
hmacEncoded := cliCtx.String(flgHMAC)
if kid == "" || hmacEncoded == "" {
log.Fatalf("Requires arguments --%s and --%s.", flgKID, flgHMAC)
log.Fatal(fmt.Sprintf("Requires arguments --%s and --%s.", flgKID, flgHMAC))
}
return client.Registration.RegisterWithExternalAccountBinding(cliCtx.Context, registration.RegisterEABOptions{

2
cmd/lego/main.go
View file

@ -40,6 +40,6 @@ func main() {
err = app.Run(os.Args)
if err != nil {
log.Fatal(err)
log.Fatal("Error", "error", err)
}
}

10
cmd/setup.go
View file

@ -78,18 +78,18 @@ func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyTy
retryClient.Logger = nil
if _, v := os.LookupEnv("LEGO_DEBUG_ACME_HTTP_CLIENT"); v {
retryClient.Logger = log.Logger
retryClient.Logger = log.Default()
}
config.HTTPClient = retryClient.StandardClient()
client, err := lego.NewClient(config)
if err != nil {
log.Fatalf("Could not create client: %v", err)
log.Fatal("Could not create client.", "error", err)
}
if client.GetExternalAccountRequired() && !ctx.IsSet(flgEAB) {
log.Fatalf("Server requires External Account Binding. Use --%s with --%s and --%s.", flgEAB, flgKID, flgHMAC)
log.Fatal(fmt.Sprintf("Server requires External Account Binding. Use --%s with --%s and --%s.", flgEAB, flgKID, flgHMAC))
}
return client
@ -113,7 +113,7 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType {
return certcrypto.EC384
}
log.Fatalf("Unsupported KeyType: %s", keyType)
log.Fatal("Unsupported KeyType.", "keyType", keyType)
return ""
}
@ -202,7 +202,7 @@ func checkRetry(ctx context.Context, resp *http.Response, err error) (bool, erro
}
default:
log.Warnf("retry: %v", errorDetails)
log.Warn(fmt.Sprintf("retry: %v", errorDetails))
return rt, errorDetails
}

30
cmd/setup_challenges.go
View file

@ -21,27 +21,27 @@ import (
func setupChallenges(ctx *cli.Context, client *lego.Client) {
if !ctx.Bool(flgHTTP) && !ctx.Bool(flgTLS) && !ctx.IsSet(flgDNS) {
log.Fatalf("No challenge selected. You must specify at least one challenge: `--%s`, `--%s`, `--%s`.", flgHTTP, flgTLS, flgDNS)
log.Fatal(fmt.Sprintf("No challenge selected. You must specify at least one challenge: `--%s`, `--%s`, `--%s`.", flgHTTP, flgTLS, flgDNS))
}
if ctx.Bool(flgHTTP) {
err := client.Challenge.SetHTTP01Provider(setupHTTPProvider(ctx), http01.SetDelay(ctx.Duration(flgHTTPDelay)))
if err != nil {
log.Fatal(err)
log.Fatal("Could not set HTTP challenge provider.", "error", err)
}
}
if ctx.Bool(flgTLS) {
err := client.Challenge.SetTLSALPN01Provider(setupTLSProvider(ctx), tlsalpn01.SetDelay(ctx.Duration(flgTLSDelay)))
if err != nil {
log.Fatal(err)
log.Fatal("Could not set TLS challenge provider.", "error", err)
}
}
if ctx.IsSet(flgDNS) {
err := setupDNS(ctx, client)
if err != nil {
log.Fatal(err)
log.Fatal("Could not set DNS challenge provider.", "error", err)
}
}
}
@ -52,33 +52,39 @@ func setupHTTPProvider(ctx *cli.Context) challenge.Provider {
case ctx.IsSet(flgHTTPWebroot):
ps, err := webroot.NewHTTPProvider(ctx.String(flgHTTPWebroot))
if err != nil {
log.Fatal(err)
log.Fatal("Could not create the webroot provider.",
"flag", flgHTTPWebroot, "webRoot", ctx.String(flgHTTPWebroot), "error", err)
}
return ps
case ctx.IsSet(flgHTTPMemcachedHost):
ps, err := memcached.NewMemcachedProvider(ctx.StringSlice(flgHTTPMemcachedHost))
if err != nil {
log.Fatal(err)
log.Fatal("Could not create the memcached provider.",
"flag", flgHTTPMemcachedHost, "memcachedHosts", strings.Join(ctx.StringSlice(flgHTTPMemcachedHost), ", "), "error", err)
}
return ps
case ctx.IsSet(flgHTTPS3Bucket):
ps, err := s3.NewHTTPProvider(ctx.String(flgHTTPS3Bucket))
if err != nil {
log.Fatal(err)
log.Fatal("Could not create the S3 provider.",
"flag", flgHTTPS3Bucket, "bucket", ctx.String(flgHTTPS3Bucket), "error", err)
}
return ps
case ctx.IsSet(flgHTTPPort):
iface := ctx.String(flgHTTPPort)
if !strings.Contains(iface, ":") {
log.Fatalf("The --%s switch only accepts interface:port or :port for its argument.", flgHTTPPort)
log.Fatal(
fmt.Sprintf("The --%s switch only accepts interface:port or :port for its argument.", flgHTTPPort),
"flag", flgHTTPPort, "port", ctx.String(flgHTTPPort),
)
}
host, port, err := net.SplitHostPort(iface)
if err != nil {
log.Fatal(err)
log.Fatal("Could not split host and port.", "iface", iface, "error", err)
}
srv := http01.NewProviderServer(host, port)
@ -105,12 +111,12 @@ func setupTLSProvider(ctx *cli.Context) challenge.Provider {
case ctx.IsSet(flgTLSPort):
iface := ctx.String(flgTLSPort)
if !strings.Contains(iface, ":") {
log.Fatalf("The --%s switch only accepts interface:port or :port for its argument.", flgTLSPort)
log.Fatal(fmt.Sprintf("The --%s switch only accepts interface:port or :port for its argument.", flgTLSPort))
}
host, port, err := net.SplitHostPort(iface)
if err != nil {
log.Fatal(err)
log.Fatal("Could not split host and port.", "iface", iface, "error", err)
}
return tlsalpn01.NewProviderServer(host, port)
@ -164,7 +170,7 @@ func setupDNS(ctx *cli.Context, client *lego.Client) error {
func checkPropagationExclusiveOptions(ctx *cli.Context) error {
if ctx.IsSet(flgDNSDisableCP) {
log.Printf("The flag '%s' is deprecated use '%s' instead.", flgDNSDisableCP, flgDNSPropagationDisableANS)
log.Warn(fmt.Sprintf("The flag '%s' is deprecated use '%s' instead.", flgDNSDisableCP, flgDNSPropagationDisableANS))
}
if (isSetBool(ctx, flgDNSDisableCP) || isSetBool(ctx, flgDNSPropagationDisableANS)) && ctx.IsSet(flgDNSPropagationWait) {