Add acme letsencrypt for valid certs

Author: nodauf

src/cmd/web.go

@@ -99,11 +99,15 @@ var webCmd = &cobra.Command{
 
 		if TLS && (tlsKey == "" || tlsCertificate == "") {
 			var err error
-			cert, err = utils.GenerateTLSCertificate(commonName)
-			if err != nil {
-				return errors.New("Error while generating certificate: " + err.Error())
+			if commonName == "" {
+				cert, err = utils.GenerateTLSSelfSignedCertificate(commonName)
+				if err != nil {
+					return errors.New("Error while generating certificate: " + err.Error())
+				}
+				TLSConfig.Certificates = append(TLSConfig.Certificates, *cert)
+			} else {
+				TLSConfig, err = utils.GenerateTLSLetsencryptCertificate(commonName)
 			}
-			TLSConfig.Certificates = append(TLSConfig.Certificates, *cert)
 		} else if (TLS || tlsKey != "" || tlsCertificate != "") && (!TLS || tlsKey == "" || tlsCertificate == "") {
 			return errors.New("Tls, certificate and/or key arguments missing")
 
@@ -189,7 +193,7 @@ func init() {
 	webCmd.Flags().BoolVar(&promptPassword, "promptPassword", false, "Prompt for for basic auth's password")
 
 	webCmd.Flags().BoolVar(&TLS, "tls", false, "Enables HTTPS (for web and webdav)")
-	webCmd.Flags().StringVarP(&commonName, "commonName", "n","", "Common name to use in the certificat")
+	webCmd.Flags().StringVarP(&commonName, "commonName", "n", "", "Common name to use in the certificat")
 	webCmd.Flags().StringVarP(&tlsCertificate, "certificate", "c", "", "HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365 (for web and webdav)")
 	webCmd.Flags().StringVarP(&tlsKey, "key", "k", "", "HTTPS Key : openssl genrsa -out server.key 2048 (for web and webdav)")
 

src/utils/certs.go

@@ -6,12 +6,17 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"fmt"
+	"log"
 	"math/big"
+	"net/http"
 	"time"
+
+	"golang.org/x/crypto/acme/autocert"
 )
 
 // Credits: https://github.com/kgretzky/pwndrop/blob/master/core/gen_cert.go
-func GenerateTLSCertificate(common string) (*tls.Certificate, error) {
+func GenerateTLSSelfSignedCertificate(common string) (*tls.Certificate, error) {
 	private_key, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, err
@@ -59,6 +64,31 @@ func GenerateTLSCertificate(common string) (*tls.Certificate, error) {
 	return ret_tls, nil
 }
 
+func GenerateTLSLetsencryptCertificate(common string) (tls.Config, error) {
+	fmt.Printf("Generating certificate for %s\n", common)
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(common), //Your domain here
+		Cache:      autocert.DirCache("certs"),     //Folder for storing certificates
+	}
+	ret_tls := tls.Config{
+		GetCertificate: certManager.GetCertificate,
+	}
+	go func() {
+		srv := &http.Server{
+			Addr:         ":80",
+			Handler:      certManager.HTTPHandler(nil),
+			IdleTimeout:  time.Minute,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
+		}
+
+		err := srv.ListenAndServe()
+		log.Fatal(err)
+	}()
+	return ret_tls, nil
+}
+
 func genRandomString(n int) string {
 	const lb = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	b := make([]byte, n)