Skip to content

Commit aed707e

Browse files
mberberomberbero
committed
Enhance certificate management in certy.go
- Added functionality to create and initialize a new acme.json file if it does not exist, including setting appropriate certificate details. - Improved the AddCustomCert method to ensure the domain directory exists and to handle errors more effectively. - Streamlined the saving of domain acme data, certificate, and key files with better error reporting. These changes improve the robustness and usability of the certificate management process.
1 parent 3e7aa52 commit aed707e

File tree

1 file changed

+38
-41
lines changed

1 file changed

+38
-41
lines changed

certy.go

Lines changed: 38 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -270,14 +270,28 @@ func (m *Manager) issueLetsEncryptCert(email, domain, location string) error {
270270
var domainAcme DomainAcme
271271
acmeFile := m.filePath(domain, "-acme.json")
272272

273+
// Try to read existing acme.json, if it doesn't exist create new one
273274
if err := m.readJSON(acmeFile, &domainAcme); err != nil {
274275
if !os.IsNotExist(err) {
275276
return fmt.Errorf("failed to read acme file: %w", err)
276277
}
277-
domainAcme = DomainAcme{}
278+
// Initialize new domain acme data
279+
domainAcme = DomainAcme{
280+
Sans: []string{domain},
281+
IssuerData: IssuerData{},
282+
IssueDate: time.Now(),
283+
ExpireDate: time.Now().AddDate(0, 0, 88), // Let's Encrypt certificates expire in 90 days
284+
}
285+
// Create and save initial acme.json
286+
if err := m.writeJSON(acmeFile, domainAcme); err != nil {
287+
return fmt.Errorf("failed to create initial acme file: %w", err)
288+
}
289+
log.Printf("Created new acme.json for domain %s", domain)
278290
}
279291

292+
// Check if certificate needs renewal
280293
if !domainAcme.RenewRequired() && !domainAcme.Expired() {
294+
log.Printf("Certificate for domain %s is still valid, no renewal needed", domain)
281295
return nil
282296
}
283297

@@ -500,59 +514,42 @@ func (m *Manager) issueLetsEncryptCert(email, domain, location string) error {
500514
return nil
501515
}
502516

503-
func (m *Manager) AddCustomCert(domain, certFileData, keyfileData string) {
504-
os.MkdirAll(m.Location+"/"+domain, 0755)
505-
506-
location := fmt.Sprintf("%s/%s", m.Location, domain)
507-
acmelocation := fmt.Sprintf("%s/%s/%s-acme.json", m.Location, domain, domain)
508-
509-
if _, err := os.Stat(location); os.IsNotExist(err) {
510-
if _, err := os.Create(location); err != nil {
511-
log.Println("Failed to create domain acme file: ", err)
512-
}
513-
}
514-
515-
if _, err := os.Stat(acmelocation); os.IsNotExist(err) {
516-
if _, err := os.Create(acmelocation); err != nil {
517-
log.Println("Failed to create domain acme file: ", err)
518-
}
517+
func (m *Manager) AddCustomCert(domain, certFileData, keyfileData string) error {
518+
// Ensure domain directory exists
519+
domainDir := filepath.Join(m.Location, domain)
520+
if err := m.ensureDir(domainDir); err != nil {
521+
return fmt.Errorf("failed to create domain directory: %w", err)
519522
}
520523

524+
// Create and initialize domain acme data
521525
domainAcme := DomainAcme{
522-
Sans: []string{},
526+
Sans: []string{domain},
523527
IssuerData: IssuerData{},
524528
CertFile: certFileData,
525529
KeyFile: keyfileData,
526530
CustomCert: true,
531+
IssueDate: time.Now(),
532+
ExpireDate: time.Now().AddDate(0, 0, 365), // Custom certs typically last 1 year
527533
}
528534

529-
jsonData, err := json.Marshal(domainAcme)
530-
if err != nil {
531-
log.Println("Failed to marshal domain acme data: ", err)
532-
}
533-
534-
if err := os.WriteFile(acmelocation, jsonData, 0644); err != nil {
535-
log.Println("Failed to write domain acme data: ", err)
536-
}
537-
538-
certFile := location + "/" + domain + "-cert.crt"
539-
keyFile := location + "/" + domain + "-key.pem"
540-
541-
if _, err := os.Create(certFile); err != nil {
542-
log.Println("Failed to create certificate file: ", err)
543-
}
544-
545-
if _, err := os.Create(keyFile); err != nil {
546-
log.Println("Failed to create key file: ", err)
535+
// Save domain acme data
536+
acmeFile := m.filePath(domain, "-acme.json")
537+
if err := m.writeJSON(acmeFile, domainAcme); err != nil {
538+
return fmt.Errorf("failed to write domain acme data: %w", err)
547539
}
548540

549-
if err := os.WriteFile(certFile, []byte(certFileData), 0644); err != nil {
550-
log.Println("Failed to write certificate file: ", err)
541+
// Save certificate file
542+
certFile := m.filePath(domain, "-cert.crt")
543+
if err := os.WriteFile(certFile, []byte(certFileData), 0600); err != nil {
544+
return fmt.Errorf("failed to write certificate file: %w", err)
551545
}
552546

553-
if err := os.WriteFile(keyFile, []byte(keyfileData), 0644); err != nil {
554-
log.Println("Failed to write key file: ", err)
547+
// Save key file
548+
keyFile := m.filePath(domain, "-key.pem")
549+
if err := os.WriteFile(keyFile, []byte(keyfileData), 0600); err != nil {
550+
return fmt.Errorf("failed to write key file: %w", err)
555551
}
556552

557-
fmt.Println("Custom certificate and key saved to " + location)
553+
log.Printf("Custom certificate and key saved for domain %s", domain)
554+
return nil
558555
}

0 commit comments

Comments
 (0)