(ctx caddy.Context)
| 252 | } |
| 253 | |
| 254 | func (iss *ACMEIssuer) makeIssuerTemplate(ctx caddy.Context) (certmagic.ACMEIssuer, error) { |
| 255 | template := certmagic.ACMEIssuer{ |
| 256 | CA: iss.CA, |
| 257 | TestCA: iss.TestCA, |
| 258 | Email: iss.Email, |
| 259 | Profile: iss.Profile, |
| 260 | AccountKeyPEM: iss.AccountKey, |
| 261 | CertObtainTimeout: time.Duration(iss.ACMETimeout), |
| 262 | TrustedRoots: iss.rootPool, |
| 263 | ExternalAccount: iss.ExternalAccount, |
| 264 | NotAfter: time.Duration(iss.CertificateLifetime), |
| 265 | Logger: iss.logger, |
| 266 | } |
| 267 | |
| 268 | if len(iss.NetworkProxyRaw) != 0 { |
| 269 | proxyMod, err := ctx.LoadModule(iss, "NetworkProxyRaw") |
| 270 | if err != nil { |
| 271 | return template, fmt.Errorf("failed to load network_proxy module: %v", err) |
| 272 | } |
| 273 | if m, ok := proxyMod.(caddy.ProxyFuncProducer); ok { |
| 274 | template.HTTPProxy = m.ProxyFunc() |
| 275 | } else { |
| 276 | return template, fmt.Errorf("network_proxy module is not `(func(*http.Request) (*url.URL, error))``") |
| 277 | } |
| 278 | } |
| 279 | |
| 280 | if iss.Challenges != nil { |
| 281 | if iss.Challenges.HTTP != nil { |
| 282 | template.DisableHTTPChallenge = iss.Challenges.HTTP.Disabled |
| 283 | template.AltHTTPPort = iss.Challenges.HTTP.AlternatePort |
| 284 | } |
| 285 | if iss.Challenges.TLSALPN != nil { |
| 286 | template.DisableTLSALPNChallenge = iss.Challenges.TLSALPN.Disabled |
| 287 | template.AltTLSALPNPort = iss.Challenges.TLSALPN.AlternatePort |
| 288 | } |
| 289 | if iss.Challenges.DNS != nil { |
| 290 | template.DNS01Solver = iss.Challenges.DNS.solver |
| 291 | } |
| 292 | template.ListenHost = iss.Challenges.BindHost |
| 293 | if iss.Challenges.Distributed != nil { |
| 294 | template.DisableDistributedSolvers = !*iss.Challenges.Distributed |
| 295 | } |
| 296 | } |
| 297 | |
| 298 | if iss.PreferredChains != nil { |
| 299 | template.PreferredChains = certmagic.ChainPreference{ |
| 300 | Smallest: iss.PreferredChains.Smallest, |
| 301 | AnyCommonName: iss.PreferredChains.AnyCommonName, |
| 302 | RootCommonName: iss.PreferredChains.RootCommonName, |
| 303 | } |
| 304 | } |
| 305 | |
| 306 | // ZeroSSL requires EAB, but we can generate that automatically (requires an email address be configured) |
| 307 | if strings.HasPrefix(iss.CA, "https://acme.zerossl.com/") { |
| 308 | template.NewAccountFunc = func(ctx context.Context, acmeIss *certmagic.ACMEIssuer, acct acme.Account) (acme.Account, error) { |
| 309 | if acmeIss.ExternalAccount != nil { |
| 310 | return acct, nil |
| 311 | } |
no test coverage detected