Documentation
¶
Index ¶
- Variables
- func CertExists(domain string) bool
- func InstallCA() error
- func IssueCert(primaryDomain string, allDomains []string, certsDir string) error
- func IssueCertForce(primaryDomain string, allDomains []string, certsDir string) error
- func MkcertPath() string
- func ReissueCertForWorktree(site config.Site) error
- func SecureSite(site config.Site) error
- func UnsecureSite(site config.Site) error
- func WorktreeCertDomains(siteDomains []string, worktreeDomains []string) []string
Constants ¶
This section is empty.
Variables ¶
var ErrDNSDisabled = fmt.Errorf("HTTPS requires lerd-managed DNS, set dns.enabled: true and re-run lerd install")
ErrDNSDisabled signals that the operation requires the lerd-managed DNS / mkcert CA stack, which the user has opted out of. Surfaces through the CLI `lerd secure` command and the dashboard HTTPS toggle.
Functions ¶
func CertExists ¶
CertExists returns true if the certificate for the domain already exists.
func InstallCA ¶
func InstallCA() error
InstallCA installs the mkcert root CA into the system trust store.
func IssueCert ¶
IssueCert issues a TLS certificate covering all the given domains using mkcert. The cert files are named after primaryDomain. Each domain also gets a wildcard entry. If the cert and key files already exist they are reused without re-running mkcert.
func IssueCertForce ¶ added in v1.20.0
IssueCertForce regenerates the certificate for primaryDomain even if files exist. Writes to temp paths and renames atomically so a transient mkcert failure leaves the previous cert/key intact (which is critical: a missing cert trips RepairVhosts into flipping the site to plain HTTP).
func ReissueCertForWorktree ¶ added in v1.20.0
ReissueCertForWorktree reissues the site's TLS certificate to include wildcard SANs for all current worktree domains (*.branch.domain.test). Call this after a new worktree is created on a secured site so that subdomains like app.branch.domain.test are covered by the certificate.
func SecureSite ¶ added in v0.1.29
SecureSite issues a TLS certificate for the site and switches its nginx vhost to HTTPS.
func UnsecureSite ¶ added in v0.1.29
UnsecureSite regenerates a plain HTTP vhost for the site, removing TLS.
func WorktreeCertDomains ¶ added in v1.20.0
WorktreeCertDomains builds the full domain list for a certificate that covers the site's own domains plus all worktree domains. Each domain gets a wildcard entry via IssueCert, so worktree domains like branch.myapp.test produce *.branch.myapp.test SANs for deep subdomain coverage.
Types ¶
This section is empty.
Source Files