MCPcopy
hub / github.com/caddyserver/caddy / makeIssuerTemplate

Method makeIssuerTemplate

modules/caddytls/acmeissuer.go:254–319  ·  view source on GitHub ↗
(ctx caddy.Context)

Source from the content-addressed store, hash-verified

252}
253
254func (iss *ACMEIssuer) makeIssuerTemplate(ctx caddy.Context) (certmagic.ACMEIssuer, error) {
255 template := certmagic.ACMEIssuer{
256 CA: iss.CA,
257 TestCA: iss.TestCA,
258 Email: iss.Email,
259 Profile: iss.Profile,
260 AccountKeyPEM: iss.AccountKey,
261 CertObtainTimeout: time.Duration(iss.ACMETimeout),
262 TrustedRoots: iss.rootPool,
263 ExternalAccount: iss.ExternalAccount,
264 NotAfter: time.Duration(iss.CertificateLifetime),
265 Logger: iss.logger,
266 }
267
268 if len(iss.NetworkProxyRaw) != 0 {
269 proxyMod, err := ctx.LoadModule(iss, "NetworkProxyRaw")
270 if err != nil {
271 return template, fmt.Errorf("failed to load network_proxy module: %v", err)
272 }
273 if m, ok := proxyMod.(caddy.ProxyFuncProducer); ok {
274 template.HTTPProxy = m.ProxyFunc()
275 } else {
276 return template, fmt.Errorf("network_proxy module is not `(func(*http.Request) (*url.URL, error))``")
277 }
278 }
279
280 if iss.Challenges != nil {
281 if iss.Challenges.HTTP != nil {
282 template.DisableHTTPChallenge = iss.Challenges.HTTP.Disabled
283 template.AltHTTPPort = iss.Challenges.HTTP.AlternatePort
284 }
285 if iss.Challenges.TLSALPN != nil {
286 template.DisableTLSALPNChallenge = iss.Challenges.TLSALPN.Disabled
287 template.AltTLSALPNPort = iss.Challenges.TLSALPN.AlternatePort
288 }
289 if iss.Challenges.DNS != nil {
290 template.DNS01Solver = iss.Challenges.DNS.solver
291 }
292 template.ListenHost = iss.Challenges.BindHost
293 if iss.Challenges.Distributed != nil {
294 template.DisableDistributedSolvers = !*iss.Challenges.Distributed
295 }
296 }
297
298 if iss.PreferredChains != nil {
299 template.PreferredChains = certmagic.ChainPreference{
300 Smallest: iss.PreferredChains.Smallest,
301 AnyCommonName: iss.PreferredChains.AnyCommonName,
302 RootCommonName: iss.PreferredChains.RootCommonName,
303 }
304 }
305
306 // ZeroSSL requires EAB, but we can generate that automatically (requires an email address be configured)
307 if strings.HasPrefix(iss.CA, "https://acme.zerossl.com/") {
308 template.NewAccountFunc = func(ctx context.Context, acmeIss *certmagic.ACMEIssuer, acct acme.Account) (acme.Account, error) {
309 if acmeIss.ExternalAccount != nil {
310 return acct, nil
311 }

Callers 1

ProvisionMethod · 0.95

Calls 4

DurationMethod · 0.80
LoadModuleMethod · 0.80
ProxyFuncMethod · 0.65

Tested by

no test coverage detected