elego

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2025 License: Apache-2.0 Imports: 35 Imported by: 0

README

elego

Use the simplest Lego to generate SSL

Install pkg

go get github.com/pkg6/elego

Install

// go install 
go install github.com/pkg6/elego/cmd/elego@latest

// Installation releases compressed file
curl -sSL https://raw.githubusercontent.com/pkg6/elego/main/install.sh | bash

// Installation in China
export GO_VERSION=1.23.9 GO_PACKAGE="github.com/pkg6/elego/cmd/elego@latest" FORCE=1
bash -c "$(curl -fsSL https://gitee.com/zhiqiangwang/sh/raw/main/install/goinstall.sh)"

elego Help

elego --help
NAME:
   elego - Let's Encrypt client written in Go

USAGE:
   elego [global options] [command [command options]]

VERSION:
   v0.2.0

COMMANDS:
   init              Initialize elego configuration and directory
   create            Register an account, then create and install a certificate
   list              List all certificates installed on this machine
   deploy            Deploy the local certificate
                     The script is controlled by environment variables
                     Please check https://github.com/pkg6/elego/blob/main/deploy/README.md

   clear             Clean up all temporary files generated
   scheduled:run     Automatically renew and complete deployment through scheduled tasks
   scheduled:list    List scheduled tasks
   scheduled:remove  Delete scheduled tasks based on domain name
   help, h           Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --server string, -s string  CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory") [$ELEGO_SERVER]
   --email string, -m string   Email used for registration and recovery contact. (default: "elego@darwin.com") [$ELEGO_EMAIL]
   --path string               Directory to use for storing the data. (default: "/Users/mac/.elego") [$ELEGO_PATH]
   --kid string                Key identifier from External CA. Used for External Account Binding. [$ELEGO_EAB_KID]
   --hmac string               MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. [$ELEGO_EAB_HMAC]
   --dns string                Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges.
      The script is controlled by environment variables
      Please check https://github.com/pkg6/elego/blob/main/edns/README.md
   --http.webroot string                                          Set the webroot folder to use for HTTP-01 based challenges to write directly to the .well-known/acme-challenge file. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
   --http.memcached-host string [ --http.memcached-host string ]  Set the memcached host(s) to use for HTTP-01 based challenges. Challenges will be written to all specified hosts.
   --http.s3-bucket string                                        Set the S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket.
   --http.port string                                             Set the port and interface to use for HTTP-01 based challenges to listen on. Supported: interface:port or :port. (default: ":80")
   --domain string, -d string                                     Add a domain to the process. Can be specified multiple times.
   --deploy string                                                Set your publishing method. When it is local, it is deployed to the /etc/nginx/ssl/ directory by default. (default: "local")
   --interval duration                                            Check interval (e.g. 12h, 30m, 1h30m) (default: 24h0m0s) [$ELEGO_RENEW_INTERVAL]
   --help, -h                                                     show help
   --version, -v                                                  print the version

0.2.x usage steps

  1. Create SSL certificate

    elego create --domain="test.example.com" --http.webroot="/data/wwwroot/test.example.com"

  2. Deploy certificate

    elego deploy --domain="test.example.com" --deploy="local"

  3. Add scheduled tasks to the plan

    elego scheduled:run

cat > /etc/systemd/system/elego-scheduled.service << EOF
[Unit]
Description=Start Elego Scheduled Task
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/elego scheduled:run
Restart=always
User=root

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reexec
systemctl daemon-reload
systemctl start elego-scheduled.service
systemctl enable elego-scheduled.service
systemctl status elego-scheduled.service

Local deployment. env configuration

cat > ~/.elego/.env << EOF
LOCAL_POST_COMMAND="nginx -s reload"
EOF

use webroot

elego create --domain="test.example.com" --http.webroot="/data/wwwroot/test.example.com"

use dns

https://go-acme.github.io/lego/dns/index.html

export CLOUDFLARE_EMAIL=you@example.com
export CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733
elego create --domain="test.example.com" --dns="cloudflare"

Reference Environment Variables and Names

dns Environment Link

use deploy

Reference Environment Variables and Names

deploy Environment Link 

//By default, it is saved in the /etc/nginx/ssl directory.
//export LOCAL_CERT_PATH="/home/ubuntu/ssl/test.example.com.pem"
//export LOCAL_KEY_PATH="/home/ubuntu/ssl/test.example.com.key"
elego deploy --domain="test.example.com" --deploy="local"

nginx Block Configuration

listen 443 ssl;
ssl_certificate /etc/nginx/ssl/test.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/test.example.com.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

kids and hmacEncoded

https://cloud.google.com/certificate-manager/docs/public-ca-tutorial?hl=zh-cn

https://zerossl.com/documentation/acme/generate-eab-credentials/

Documentation

Index

Constants

View Source 
const (
	IssuerExt   = ".issuer.crt"
	CertExt     = ".crt"
	KeyExt      = ".key"
	PemExt      = ".pem"
	PfxExt      = ".pfx"
	ResourceExt = ".json"
)
View Source 
const (
	CADirURLLetsencrypt        = "letsencrypt"
	CADirURLLetsencryptStaging = "letsencrypt_staging"
	CADirURLZerossl            = "zerossl"
	CADirURLGts                = "gts"
)
View Source 
const (
	DeployLocalPath = "/etc/nginx/ssl/"
)

Variables

View Source 
var CADirURLs = map[string]string{
	CADirURLLetsencrypt:        lego.LEDirectoryProduction,
	lego.LEDirectoryProduction: lego.LEDirectoryProduction,

	CADirURLLetsencryptStaging: lego.LEDirectoryStaging,
	lego.LEDirectoryStaging:    lego.LEDirectoryStaging,

	CADirURLZerossl: zeroSSLURL,

	CADirURLGts: gtsURL,
	// contains filtered or unexported fields
}

Functions

func Deploy added in v0.1.4 

func Deploy(name string, certificate *certificate.Resource, filePath string) error

func GetCADirURL added in v0.1.3 

func GetCADirURL(name string) string

func ObtainCertificate 

func ObtainCertificate(client *lego.Client, domains []string) (*certificate.Resource, error)

func ParsePEMBundle added in v0.2.0 

func ParsePEMBundle(content []byte, inputDomain string) (*x509.Certificate, error)

func SanitizedDomain added in v0.1.3 

func SanitizedDomain(domain string) (string, error)

func SetChallenge 

func SetChallenge(client *lego.Client, challenge IChallenge) error

func UnsanitizeDomain added in v0.2.0 

func UnsanitizeDomain(sanitized string) (string, error)

Types

type Account 

type Account struct {
	Email        string                 `json:"email"`
	Registration *registration.Resource `json:"registration"`
	Key          crypto.PrivateKey      `json:"-"`
}

Account represents a users local saved credentials.

func NewLegoClient 

func NewLegoClient(accountStorage *AccountsStorage, register IRegister) (account *Account, client *lego.Client, err error)

func (*Account) GetEmail 

func (a *Account) GetEmail() string

GetEmail returns the email address for the account.

func (*Account) GetPrivateKey 

func (a *Account) GetPrivateKey() crypto.PrivateKey

GetPrivateKey returns the private RSA account key.

func (*Account) GetRegistration 

func (a *Account) GetRegistration() *registration.Resource

GetRegistration returns the server registration.

type AccountsStorage 

type AccountsStorage struct {
	Email    string
	CADirURL string
	// contains filtered or unexported fields
}

func NewAccountsStorage 

func NewAccountsStorage(savePath, email, CADirURLOrName string) (*AccountsStorage, error)

NewAccountsStorage Creates a new AccountsStorage.

func (*AccountsStorage) GetCADirURL added in v0.1.3 

func (s *AccountsStorage) GetCADirURL() string

func (*AccountsStorage) GetEmail 

func (s *AccountsStorage) GetEmail() string

func (*AccountsStorage) LoadAccount 

func (s *AccountsStorage) LoadAccount() (*Account, error)

func (*AccountsStorage) Remove 

func (s *AccountsStorage) Remove()

func (*AccountsStorage) Save 

func (s *AccountsStorage) Save(account *Account) error

type CertificatesStorage added in v0.1.3 

type CertificatesStorage struct {
	// contains filtered or unexported fields
}

func NewCertificatesStorage added in v0.1.3 

func NewCertificatesStorage(savePath, pfxFormat string) (s *CertificatesStorage, err error)

NewCertificatesStorage pfxFormat RC2

func (*CertificatesStorage) CheckExpire added in v0.1.3 

func (s *CertificatesStorage) CheckExpire(inputDomain string) (day float64, err error)

func (*CertificatesStorage) GetAllResource added in v0.2.0 

func (s *CertificatesStorage) GetAllResource() ([]*certificate.Resource, error)

func (*CertificatesStorage) GetSavePath added in v0.1.4 

func (s *CertificatesStorage) GetSavePath(domain string) (string, error)

func (*CertificatesStorage) ReadCertificate added in v0.1.3 

func (s *CertificatesStorage) ReadCertificate(domain string) ([]*x509.Certificate, error)

func (*CertificatesStorage) ReadResource added in v0.1.3 

func (s *CertificatesStorage) ReadResource(domain string) (*certificate.Resource, error)

func (*CertificatesStorage) SanitizedDomainSavePath added in v0.1.4 

func (s *CertificatesStorage) SanitizedDomainSavePath(sanitizedDomain, extension string) string

func (*CertificatesStorage) SaveResource added in v0.1.3 

func (s *CertificatesStorage) SaveResource(certRes *certificate.Resource) error

type DNSChallenge 

type DNSChallenge struct {
	DNS                         string
	Servers                     []string
	PropagationWait             int
	Timeout                     int
	AuthoritativeNssPropagation bool
	RecursiveNssPropagation     bool
}

func (*DNSChallenge) Set 

func (w *DNSChallenge) Set(client *lego.Client) error

type DomainDeploys added in v0.2.0 

type DomainDeploys struct {
	Domain  string   `json:"domain"`
	Deploys []string `json:"deploy"`
}

type EABRegister 

type EABRegister struct {
	TermsOfServiceAgreed bool
	Kid                  string
	HmacEncoded          string
}

func (*EABRegister) Register 

func (r *EABRegister) Register(lego *lego.Client) (*registration.Resource, error)

type HTTPChallenge 

type HTTPChallenge struct {
	HeaderName string
}

func (*HTTPChallenge) Set 

func (w *HTTPChallenge) Set(client *lego.Client) error

type HTTPMemcachedHostChallenge 

type HTTPMemcachedHostChallenge struct {
	Hosts []string
}

func (*HTTPMemcachedHostChallenge) Set 

func (w *HTTPMemcachedHostChallenge) Set(client *lego.Client) error

type HTTPPortChallenge 

type HTTPPortChallenge struct {
	HostPort   string
	HeaderName string
}

func (*HTTPPortChallenge) Set 

func (w *HTTPPortChallenge) Set(client *lego.Client) error

type HTTPS3BucketChallenge 

type HTTPS3BucketChallenge struct {
	Bucket string
}

func (*HTTPS3BucketChallenge) Set 

func (w *HTTPS3BucketChallenge) Set(client *lego.Client) error

type HTTPWebrootChallenge 

type HTTPWebrootChallenge struct {
	WebRoot string
}

func (*HTTPWebrootChallenge) Set 

func (w *HTTPWebrootChallenge) Set(client *lego.Client) error

type IChallenge 

type IChallenge interface {
	Set(client *lego.Client) error
}

type IRegister 

type IRegister interface {
	Register(lego *lego.Client) (*registration.Resource, error)
}

type Register 

type Register struct {
}

func (*Register) Register 

func (r *Register) Register(lego *lego.Client) (*registration.Resource, error)

type TLSChallenge 

type TLSChallenge struct {
}

func (*TLSChallenge) Set 

func (w *TLSChallenge) Set(client *lego.Client) error

type TLSPortChallenge 

type TLSPortChallenge struct {
	HostPort string
}

func (*TLSPortChallenge) Set 

func (w *TLSPortChallenge) Set(client *lego.Client) error

Source Files

View all Source files

Directories

Path Synopsis
cmd
elego command
aliyun/cdn
aliyun/dcdn
aliyun/fc
aliyun/live
aliyun/oss
aliyun/vod
local
ssh
tencentcloud/cdn
tencentcloud/clb
tencentcloud/cos
tencentcloud/ecdn
tencentcloud/scf
tencentcloud/ssl
tencentcloud/vod
aliyun
aws
baidu
baidu/lego
cloudflare
cmcccloud
cmcccloud/lego
dynv6
dynv6/lego
godaddy
huawei
jdcloud
jdcloud/lego
tencentcloud
westcn
pkg
Strings
client
paths
structs
tables
dingtalk
discord
feishu
slack
telegram
workwx

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.