Add flag to use Let's Encrypt staging

2025-02-25 18:55:29 -06:00 · 2022-02-17 14:08:32 -07:00 · 2022-02-17 14:08:32 -07:00 · ca6667cede
commit ca6667cede
parent f1020aac49
3 changed files with 29 additions and 17 deletions
--- a/boringproxy.go
+++ b/boringproxy.go
@ -53,6 +53,7 @@ func Listen() {
 	allowHttp := flagSet.Bool("allow-http", false, "Allow unencrypted (HTTP) requests")
 	publicIp := flagSet.String("public-ip", "", "Public IP")
 	behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy")
+	acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers")
 	err := flagSet.Parse(os.Args[2:])
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err)
@ -99,7 +100,11 @@ func Listen() {
 	}
 	//certmagic.DefaultACME.DisableHTTPChallenge = true
 	//certmagic.DefaultACME.DisableTLSALPNChallenge = true
-	//certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
+
+	if *acmeUseStaging {
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
+	}
+
 	certConfig := certmagic.NewDefault()

 	if *newAdminDomain != "" {
--- a/client.go
+++ b/client.go
@ -34,14 +34,15 @@ type Client struct {
 }

 type ClientConfig struct {
-	ServerAddr  string `json:"serverAddr,omitempty"`
-	Token       string `json:"token,omitempty"`
-	ClientName  string `json:"clientName,omitempty"`
-	User        string `json:"user,omitempty"`
-	CertDir     string `json:"certDir,omitempty"`
-	AcmeEmail   string `json:"acmeEmail,omitempty"`
-	DnsServer   string `json:"dnsServer,omitempty"`
-	BehindProxy bool   `json:"behindProxy,omitempty"`
+	ServerAddr     string `json:"serverAddr,omitempty"`
+	Token          string `json:"token,omitempty"`
+	ClientName     string `json:"clientName,omitempty"`
+	User           string `json:"user,omitempty"`
+	CertDir        string `json:"certDir,omitempty"`
+	AcmeEmail      string `json:"acmeEmail,omitempty"`
+	AcmeUseStaging bool   `json:"acmeUseStaging,omitempty"`
+	DnsServer      string `json:"dnsServer,omitempty"`
+	BehindProxy    bool   `json:"behindProxy,omitempty"`
 }

 func NewClient(config *ClientConfig) (*Client, error) {
@ -81,6 +82,10 @@ func NewClient(config *ClientConfig) (*Client, error) {
 		certmagic.DefaultACME.Email = config.AcmeEmail
 	}

+	if config.AcmeUseStaging {
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
+	}
+
 	certConfig := certmagic.NewDefault()

 	httpClient := &http.Client{
--- a/cmd/boringproxy/main.go
+++ b/cmd/boringproxy/main.go
@ -50,6 +50,7 @@ func main() {
 		user := flagSet.String("user", "admin", "user")
 		certDir := flagSet.String("cert-dir", "", "TLS cert directory")
 		acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)")
+		acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers")
 		dnsServer := flagSet.String("dns-server", "", "Custom DNS server")
 		behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy")

@ -71,14 +72,15 @@ func main() {
 		}

 		config := &boringproxy.ClientConfig{
-			ServerAddr:  *server,
-			Token:       *token,
-			ClientName:  *name,
-			User:        *user,
-			CertDir:     *certDir,
-			AcmeEmail:   *acmeEmail,
-			DnsServer:   *dnsServer,
-			BehindProxy: *behindProxy,
+			ServerAddr:     *server,
+			Token:          *token,
+			ClientName:     *name,
+			User:           *user,
+			CertDir:        *certDir,
+			AcmeEmail:      *acmeEmail,
+			AcmeUseStaging: *acmeUseStaging,
+			DnsServer:      *dnsServer,
+			BehindProxy:    *behindProxy,
 		}

 		ctx := context.Background()