MCPcopy
hub / github.com/caddyserver/certmagic / newACMEClient

Method newACMEClient

acmeclient.go:171–248  ·  view source on GitHub ↗

newACMEClient creates a new underlying ACME client using the settings in am, independent of any particular ACME account. If useTestCA is true, am.TestCA will be used if it is set; otherwise, the primary CA will be used.

(useTestCA bool)

Source from the content-addressed store, hash-verified

169// independent of any particular ACME account. If useTestCA is true, am.TestCA
170// will be used if it is set; otherwise, the primary CA will be used.
171func (iss *ACMEIssuer) newACMEClient(useTestCA bool) (*acmez.Client, error) {
172 client, err := iss.newBasicACMEClient()
173 if err != nil {
174 return nil, err
175 }
176
177 // fill in a little more beyond a basic client
178 if useTestCA && iss.TestCA != "" {
179 client.Client.Directory = iss.TestCA
180 }
181 certObtainTimeout := iss.CertObtainTimeout
182 if certObtainTimeout == 0 {
183 certObtainTimeout = DefaultACME.CertObtainTimeout
184 }
185 client.Client.PollTimeout = certObtainTimeout
186 client.ChallengeSolvers = make(map[string]acmez.Solver)
187
188 // configure challenges (most of the time, DNS challenge is
189 // exclusive of other ones because it is usually only used
190 // in situations where the default challenges would fail)
191 if iss.DNS01Solver == nil {
192 // enable HTTP-01 challenge
193 if !iss.DisableHTTPChallenge {
194 var solver acmez.Solver = &httpSolver{
195 handler: iss.HTTPChallengeHandler(http.NewServeMux()),
196 address: net.JoinHostPort(iss.ListenHost, strconv.Itoa(iss.getHTTPPort())),
197 }
198 if !iss.DisableDistributedSolvers {
199 solver = distributedSolver{
200 storage: iss.config.Storage,
201 storageKeyIssuerPrefix: iss.storageKeyCAPrefix(client.Directory),
202 solver: solver,
203 }
204 }
205 client.ChallengeSolvers[acme.ChallengeTypeHTTP01] = solver
206 }
207
208 // enable TLS-ALPN-01 challenge
209 if !iss.DisableTLSALPNChallenge {
210 var solver acmez.Solver = &tlsALPNSolver{
211 config: iss.config,
212 address: net.JoinHostPort(iss.ListenHost, strconv.Itoa(iss.getTLSALPNPort())),
213 }
214 if !iss.DisableDistributedSolvers {
215 solver = distributedSolver{
216 storage: iss.config.Storage,
217 storageKeyIssuerPrefix: iss.storageKeyCAPrefix(client.Directory),
218 solver: solver,
219 }
220 }
221 client.ChallengeSolvers[acme.ChallengeTypeTLSALPN01] = solver
222 }
223 } else {
224 // use DNS challenge exclusively
225 client.ChallengeSolvers[acme.ChallengeTypeDNS01] = iss.DNS01Solver
226 }
227
228 // wrap solvers in our wrapper so that we can keep track of challenge

Callers 2

lookUpAccountMethod · 0.95

Calls 5

newBasicACMEClientMethod · 0.95
HTTPChallengeHandlerMethod · 0.95
getHTTPPortMethod · 0.95
storageKeyCAPrefixMethod · 0.95
getTLSALPNPortMethod · 0.95

Tested by

no test coverage detected