From d7129803488e81e6df691161b774908bf801e527 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Wed, 28 Dec 2016 14:54:57 +0000
Subject: Add LetsEncrypt support

When configured the server will request a TLS certificate for the specified server name from LetsEncrypt
---
 cmd/cashierd/main.go | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'cmd')

diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index 7df85e6..12d744d 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -18,6 +18,7 @@ import (
 	"strings"
 
 	"go4.org/wkfs"
+	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/oauth2"
 
 	"github.com/gorilla/csrf"
@@ -342,10 +343,19 @@ func main() {
 
 	tlsConfig := &tls.Config{}
 	if config.Server.UseTLS {
-		tlsConfig.Certificates = make([]tls.Certificate, 1)
-		tlsConfig.Certificates[0], err = loadCerts(config.Server.TLSCert, config.Server.TLSKey)
-		if err != nil {
-			log.Fatal(err)
+		if config.Server.LetsEncryptServername != "" {
+			m := autocert.Manager{
+				Prompt:     autocert.AcceptTOS,
+				Cache:      autocert.DirCache(config.Server.LetsEncryptCache),
+				HostPolicy: autocert.HostWhitelist(config.Server.LetsEncryptServername),
+			}
+			tlsConfig.GetCertificate = m.GetCertificate
+		} else {
+			tlsConfig.Certificates = make([]tls.Certificate, 1)
+			tlsConfig.Certificates[0], err = loadCerts(config.Server.TLSCert, config.Server.TLSKey)
+			if err != nil {
+				log.Fatal(err)
+			}
 		}
 		l = tls.NewListener(l, tlsConfig)
 	}
-- 
cgit v1.2.3