mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 04:33:16 +03:00
add zerossl acme (#6084)
Signed-off-by: si458 <simonsmith5521@gmail.com>
This commit is contained in:
parent
19eb1235f5
commit
bf7957ebff
@ -28,6 +28,8 @@ module.exports.CreateLetsEncrypt = function (parent) {
|
|||||||
obj.challenges = {};
|
obj.challenges = {};
|
||||||
obj.runAsProduction = false;
|
obj.runAsProduction = false;
|
||||||
obj.redirWebServerHooked = false;
|
obj.redirWebServerHooked = false;
|
||||||
|
obj.zerossl = false;
|
||||||
|
obj.csr = null;
|
||||||
obj.configErr = null;
|
obj.configErr = null;
|
||||||
obj.configOk = false;
|
obj.configOk = false;
|
||||||
obj.pendingRequest = false;
|
obj.pendingRequest = false;
|
||||||
@ -57,6 +59,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
|
|||||||
// Get the current certificate
|
// Get the current certificate
|
||||||
obj.getCertificate = function(certs, func) {
|
obj.getCertificate = function(certs, func) {
|
||||||
obj.runAsProduction = (obj.parent.config.letsencrypt.production === true);
|
obj.runAsProduction = (obj.parent.config.letsencrypt.production === true);
|
||||||
|
obj.zerossl = ((typeof obj.parent.config.letsencrypt.zerossl == 'object') ? obj.parent.config.letsencrypt.zerossl : false);
|
||||||
obj.log("Getting certs from local store (" + (obj.runAsProduction ? "Production" : "Staging") + ")");
|
obj.log("Getting certs from local store (" + (obj.runAsProduction ? "Production" : "Staging") + ")");
|
||||||
if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "Add \"cert\" value to settings in config.json before using Let's Encrypt."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
|
if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "Add \"cert\" value to settings in config.json before using Let's Encrypt."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
|
||||||
if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
|
if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
|
||||||
@ -164,26 +167,36 @@ module.exports.CreateLetsEncrypt = function (parent) {
|
|||||||
obj.log("Generating private key...");
|
obj.log("Generating private key...");
|
||||||
acme.forge.createPrivateKey().then(function (accountKey) {
|
acme.forge.createPrivateKey().then(function (accountKey) {
|
||||||
|
|
||||||
// TODO: ZeroSSL
|
|
||||||
// https://acme.zerossl.com/v2/DV90
|
|
||||||
|
|
||||||
// Create the ACME client
|
// Create the ACME client
|
||||||
obj.log("Setting up ACME client...");
|
obj.log("Setting up ACME client...");
|
||||||
|
if (obj.zerossl) {
|
||||||
|
if (obj.zerossl.kid == "") { obj.log("EAB KID hasn't been set, invalid configuration."); return; }
|
||||||
|
if (obj.zerossl.hmackey == "") { obj.log("EAB HMAC KEY hasn't been set, invalid configuration."); return; }
|
||||||
|
obj.client = new acme.Client({
|
||||||
|
directoryUrl: acme.directory.zerossl.production,
|
||||||
|
accountKey: accountKey,
|
||||||
|
externalAccountBinding: {
|
||||||
|
kid: obj.zerossl.kid,
|
||||||
|
hmacKey: obj.zerossl.hmackey
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
obj.client = new acme.Client({
|
obj.client = new acme.Client({
|
||||||
directoryUrl: obj.runAsProduction ? acme.directory.letsencrypt.production : acme.directory.letsencrypt.staging,
|
directoryUrl: obj.runAsProduction ? acme.directory.letsencrypt.production : acme.directory.letsencrypt.staging,
|
||||||
accountKey: accountKey
|
accountKey: accountKey
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
|
||||||
// Create Certificate Request (CSR)
|
// Create Certificate Request (CSR)
|
||||||
obj.log("Creating certificate request...");
|
obj.log("Creating certificate request...");
|
||||||
var certRequest = { commonName: obj.leDomains[0] };
|
var certRequest = { commonName: obj.leDomains[0] };
|
||||||
if (obj.leDomains.length > 1) { certRequest.altNames = obj.leDomains; }
|
if (obj.leDomains.length > 1) { certRequest.altNames = obj.leDomains; }
|
||||||
acme.forge.createCsr(certRequest).then(function (r) {
|
acme.forge.createCsr(certRequest).then(function (r) {
|
||||||
var csr = r[1];
|
obj.csr = r[1];
|
||||||
obj.tempPrivateKey = r[0];
|
obj.tempPrivateKey = r[0];
|
||||||
obj.log("Requesting certificate from Let's Encrypt...");
|
if(obj.zerossl) { obj.log("Requesting certificate from ZeroSSL..."); } else { obj.log("Requesting certificate from Let's Encrypt..."); }
|
||||||
obj.client.auto({
|
obj.client.auto({
|
||||||
csr,
|
csr: obj.csr,
|
||||||
email: obj.parent.config.letsencrypt.email,
|
email: obj.parent.config.letsencrypt.email,
|
||||||
termsOfServiceAgreed: true,
|
termsOfServiceAgreed: true,
|
||||||
skipChallengeVerification: (obj.parent.config.letsencrypt.skipchallengeverification === true),
|
skipChallengeVerification: (obj.parent.config.letsencrypt.skipchallengeverification === true),
|
||||||
|
@ -3504,12 +3504,33 @@
|
|||||||
"production": {
|
"production": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"default": false,
|
"default": false,
|
||||||
"description": "By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time."
|
"description": "By default a test certificate will be obtained from Let's Encrypt. Setting \"zerossl\", will ignore this setting. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time."
|
||||||
},
|
},
|
||||||
"nochecks": {
|
"nochecks": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"default": false,
|
"default": false,
|
||||||
"description": "If you choose \"true\", MeshCentral won't verify if \"email\" is valid, has a valid MX record, AND if \"names\" doesn't contain a wildcard, can be resolved by DNS A/AAAA record."
|
"description": "If you choose \"true\", MeshCentral won't verify if \"email\" is valid, has a valid MX record, AND if \"names\" doesn't contain a wildcard, can be resolved by DNS A/AAAA record."
|
||||||
|
},
|
||||||
|
"zerossl": {
|
||||||
|
"type": "object",
|
||||||
|
"description": "If this object is set, we will use ZeroSSL for SSL creation instead of Let's Encrypt",
|
||||||
|
"required": [
|
||||||
|
"kid",
|
||||||
|
"hmacKey"
|
||||||
|
],
|
||||||
|
"properties": {
|
||||||
|
"kid": {
|
||||||
|
"type": "string",
|
||||||
|
"description": "EAB KID",
|
||||||
|
"default": ""
|
||||||
|
},
|
||||||
|
"hmackey": {
|
||||||
|
"type": "string",
|
||||||
|
"description": "EAB HMAC KEY",
|
||||||
|
"default": ""
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"additionalProperties": false
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
|
@ -565,7 +565,11 @@
|
|||||||
"email": "myemail@myserver.com",
|
"email": "myemail@myserver.com",
|
||||||
"names": "myserver.com,customer1.myserver.com",
|
"names": "myserver.com,customer1.myserver.com",
|
||||||
"skipChallengeVerification": false,
|
"skipChallengeVerification": false,
|
||||||
"production": false
|
"production": false,
|
||||||
|
"zerossl": {
|
||||||
|
"kid": "a1b2c3d4e5",
|
||||||
|
"hmacKey": "a1b2c3d4e5"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"_peers": {
|
"_peers": {
|
||||||
"serverId": "server1",
|
"serverId": "server1",
|
||||||
|
Loading…
Reference in New Issue
Block a user