Fix dns names changed + log levels
- The dns names are now stored as a HashSet instead of a Vec to match regardless of ordering - Fixed print without log & changed log level for http logs to debug
This commit is contained in:
parent
8aaaeb21ad
commit
a843b20f7a
13
src/certs.rs
13
src/certs.rs
@ -6,7 +6,7 @@ use acme2::{
|
|||||||
DirectoryBuilder, OrderBuilder, OrderStatus,
|
DirectoryBuilder, OrderBuilder, OrderStatus,
|
||||||
};
|
};
|
||||||
use log::{debug, info};
|
use log::{debug, info};
|
||||||
use std::{sync::Arc, time::Duration, fmt::Display};
|
use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet};
|
||||||
use tokio::fs;
|
use tokio::fs;
|
||||||
|
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
@ -37,7 +37,7 @@ pub trait CertExt {
|
|||||||
/// expired already
|
/// expired already
|
||||||
fn expires_in_days(&self) -> i32;
|
fn expires_in_days(&self) -> i32;
|
||||||
/// Get a list of all domain names for which this cert is valid
|
/// Get a list of all domain names for which this cert is valid
|
||||||
fn dns_names(&self) -> Vec<String>;
|
fn dns_names(&self) -> HashSet<String>;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The ACME API endpoint that should be used. This can be the Letsencrypt production or tesing, as
|
/// The ACME API endpoint that should be used. This can be the Letsencrypt production or tesing, as
|
||||||
@ -105,11 +105,12 @@ impl CertRequester {
|
|||||||
|
|
||||||
let acc = match fs::read(&self.conf.account_file).await {
|
let acc = match fs::read(&self.conf.account_file).await {
|
||||||
Ok(pem) => {
|
Ok(pem) => {
|
||||||
|
info!("Using account '{}'", &self.conf.account_file);
|
||||||
let key = PKey::private_key_from_pem(&pem)?;
|
let key = PKey::private_key_from_pem(&pem)?;
|
||||||
builder.private_key(key).build().await?
|
builder.private_key(key).build().await?
|
||||||
}
|
}
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
println!("Creating new account!");
|
info!("Account '{}' does not exists. Creating new", &self.conf.account_file);
|
||||||
let acc = builder.terms_of_service_agreed(true).build().await?;
|
let acc = builder.terms_of_service_agreed(true).build().await?;
|
||||||
let key = acc.private_key().private_key_to_pem_pkcs8()?;
|
let key = acc.private_key().private_key_to_pem_pkcs8()?;
|
||||||
fs::write(&self.conf.account_file, &key).await?;
|
fs::write(&self.conf.account_file, &key).await?;
|
||||||
@ -203,7 +204,7 @@ impl CertRequester {
|
|||||||
return Err(ReqErr::NoChain);
|
return Err(ReqErr::NoChain);
|
||||||
}
|
}
|
||||||
|
|
||||||
info!("The new certificate expires in {}", certs[0].expires_in_days());
|
info!("The new certificate expires in {} days", certs[0].expires_in_days());
|
||||||
|
|
||||||
let x = certs
|
let x = certs
|
||||||
.into_iter()
|
.into_iter()
|
||||||
@ -225,8 +226,8 @@ impl CertExt for X509 {
|
|||||||
diff.days
|
diff.days
|
||||||
}
|
}
|
||||||
|
|
||||||
fn dns_names(&self) -> Vec<String> {
|
fn dns_names(&self) -> HashSet<String> {
|
||||||
let mut names = Vec::new();
|
let mut names = HashSet::new();
|
||||||
|
|
||||||
if let Some(alt_names) = self.subject_alt_names() {
|
if let Some(alt_names) = self.subject_alt_names() {
|
||||||
names.extend(
|
names.extend(
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
use serde_derive::Deserialize;
|
use serde_derive::Deserialize;
|
||||||
use std::collections::HashMap;
|
use std::collections::{HashMap, HashSet};
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
@ -24,7 +24,7 @@ pub struct ConfigCert {
|
|||||||
/// Path to the fullchain certificate file that will be created or updated
|
/// Path to the fullchain certificate file that will be created or updated
|
||||||
pub fullchain_file: String,
|
pub fullchain_file: String,
|
||||||
/// List of domain names to include in the certificate
|
/// List of domain names to include in the certificate
|
||||||
pub domains: Vec<String>,
|
pub domains: HashSet<String>,
|
||||||
/// Renew the certificate this many days before expiration
|
/// Renew the certificate this many days before expiration
|
||||||
pub renew_days: i32,
|
pub renew_days: i32,
|
||||||
/// Optional custom endpoint. If no enpoint is specified, the production letsencrypt endpoint
|
/// Optional custom endpoint. If no enpoint is specified, the production letsencrypt endpoint
|
||||||
|
|||||||
14
src/http.rs
14
src/http.rs
@ -1,6 +1,6 @@
|
|||||||
use std::{sync::Arc, collections::HashMap, net::{SocketAddr, AddrParseError}, convert::Infallible, future::Future};
|
use std::{sync::Arc, collections::HashMap, net::{SocketAddr, AddrParseError}, convert::Infallible, future::Future};
|
||||||
use hyper::{Server, service::{make_service_fn, service_fn}, Request, Body, Response, Method};
|
use hyper::{Server, service::{make_service_fn, service_fn}, Request, Body, Response, Method};
|
||||||
use log::info;
|
use log::debug;
|
||||||
use tokio::sync::{RwLock, oneshot};
|
use tokio::sync::{RwLock, oneshot};
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
@ -68,10 +68,10 @@ impl ChallengeServer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async fn serve_challenges(req: Request<Body>, mgr: ChallengeManager) -> Response<Body> {
|
async fn serve_challenges(req: Request<Body>, mgr: ChallengeManager) -> Response<Body> {
|
||||||
info!("New http request: {}", req.uri());
|
debug!("New http request: {}", req.uri());
|
||||||
|
|
||||||
if !matches!(req.method(), &Method::GET) {
|
if !matches!(req.method(), &Method::GET) {
|
||||||
info!("Request is not GET -> Reject");
|
debug!("Request is not GET -> Reject");
|
||||||
|
|
||||||
return Response::builder()
|
return Response::builder()
|
||||||
.status(405)
|
.status(405)
|
||||||
@ -83,7 +83,7 @@ impl ChallengeServer {
|
|||||||
|
|
||||||
let path = req.uri().path();
|
let path = req.uri().path();
|
||||||
if !path.starts_with(challenge_prefix) {
|
if !path.starts_with(challenge_prefix) {
|
||||||
info!("Request is not for /.well-known -> Reject");
|
debug!("Request is not for /.well-known -> Reject");
|
||||||
|
|
||||||
return Response::builder()
|
return Response::builder()
|
||||||
.status(404)
|
.status(404)
|
||||||
@ -92,18 +92,18 @@ impl ChallengeServer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let tok = &path[challenge_prefix.len()..];
|
let tok = &path[challenge_prefix.len()..];
|
||||||
info!("Requested token: {}", tok);
|
debug!("Requested token: {}", tok);
|
||||||
|
|
||||||
match mgr.get(tok).await {
|
match mgr.get(tok).await {
|
||||||
Some(auth) => {
|
Some(auth) => {
|
||||||
info!("Answering Request = {auth}");
|
debug!("Answering Request = {auth}");
|
||||||
Response::builder()
|
Response::builder()
|
||||||
.status(200)
|
.status(200)
|
||||||
.body(auth.to_string().into())
|
.body(auth.to_string().into())
|
||||||
.unwrap()
|
.unwrap()
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
info!("No matching challenge");
|
debug!("No matching challenge");
|
||||||
Response::builder()
|
Response::builder()
|
||||||
.status(404)
|
.status(404)
|
||||||
.body(String::new().into())
|
.body(String::new().into())
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user