newBasicACMEClient sets up a basically-functional ACME client that is not capable of solving challenges but can provide basic interactions with the server.
()
| 250 | // newBasicACMEClient sets up a basically-functional ACME client that is not capable |
| 251 | // of solving challenges but can provide basic interactions with the server. |
| 252 | func (iss *ACMEIssuer) newBasicACMEClient() (*acmez.Client, error) { |
| 253 | caURL := iss.CA |
| 254 | if caURL == "" { |
| 255 | caURL = DefaultACME.CA |
| 256 | } |
| 257 | // ensure endpoint is secure (assume HTTPS if scheme is missing) |
| 258 | if !strings.Contains(caURL, "://") { |
| 259 | caURL = "https://" + caURL |
| 260 | } |
| 261 | u, err := url.Parse(caURL) |
| 262 | if err != nil { |
| 263 | return nil, err |
| 264 | } |
| 265 | if u.Scheme != "https" && !SubjectIsInternal(u.Host) { |
| 266 | return nil, fmt.Errorf("%s: insecure CA URL (HTTPS required for non-internal CA)", caURL) |
| 267 | } |
| 268 | return &acmez.Client{ |
| 269 | Client: &acme.Client{ |
| 270 | Directory: caURL, |
| 271 | UserAgent: buildUAString(), |
| 272 | HTTPClient: iss.httpClient, |
| 273 | Logger: slog.New(zapslog.NewHandler( |
| 274 | iss.Logger.Core(), |
| 275 | zapslog.WithName(iss.Logger.Name()+".acme_client"), |
| 276 | // the default enables traces at ERROR level, this disables |
| 277 | // them by setting it to a level higher than any other level |
| 278 | zapslog.AddStacktraceAt(slog.Level(127)), |
| 279 | )), |
| 280 | }, |
| 281 | }, nil |
| 282 | } |
| 283 | |
| 284 | // GetRenewalInfo gets the ACME Renewal Information (ARI) for the certificate. |
| 285 | func (iss *ACMEIssuer) GetRenewalInfo(ctx context.Context, cert Certificate) (acme.RenewalInfo, error) { |
no test coverage detected