From 6a0a788d358a562019721f69c13e75458f04e9eb Mon Sep 17 00:00:00 2001 From: schou Date: Tue, 5 Dec 2023 14:05:19 -0500 Subject: [PATCH 1/5] add --no-email for disabling email in ACME query Signed-off-by: schou --- cmd/accounts_storage.go | 13 +++++++++---- cmd/flags.go | 6 ++++++ docs/data/zz_cli_help.toml | 1 + 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/cmd/accounts_storage.go b/cmd/accounts_storage.go index 05cd23722c..beffa86dd6 100644 --- a/cmd/accounts_storage.go +++ b/cmd/accounts_storage.go @@ -68,8 +68,13 @@ type AccountsStorage struct { // NewAccountsStorage Creates a new AccountsStorage. func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { - // TODO: move to account struct? Currently MUST pass email. - email := getEmail(ctx) + var userID string + if ctx.IsSet("no-email") { + userID = "default" + } else { + // TODO: move to account struct? + userID = getEmail(ctx) + } serverURL, err := url.Parse(ctx.String("server")) if err != nil { @@ -79,10 +84,10 @@ func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { rootPath := filepath.Join(ctx.String("path"), baseAccountsRootFolderName) serverPath := strings.NewReplacer(":", "_", "/", string(os.PathSeparator)).Replace(serverURL.Host) accountsPath := filepath.Join(rootPath, serverPath) - rootUserPath := filepath.Join(accountsPath, email) + rootUserPath := filepath.Join(accountsPath, userID) return &AccountsStorage{ - userID: email, + userID: userID, rootPath: rootPath, rootUserPath: rootUserPath, keysPath: filepath.Join(rootUserPath, baseKeysFolderName), diff --git a/cmd/flags.go b/cmd/flags.go index b014a1ff2d..247f35018e 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -31,6 +31,12 @@ func CreateFlags(defaultPath string) []cli.Flag { Aliases: []string{"m"}, Usage: "Email used for registration and recovery contact.", }, + &cli.BoolFlag{ + Name: "no-email", + Aliases: []string{"M"}, + EnvVars: []string{"LEGO_NO_EMAIL"}, + Usage: "Create an ACME request not including an email address.", + }, &cli.StringFlag{ Name: "csr", Aliases: []string{"c"}, diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index f082a80ac1..3a86e56c8b 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -23,6 +23,7 @@ GLOBAL OPTIONS: --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory") --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false) --email value, -m value Email used for registration and recovery contact. + --no-email, -M Create an ACME request not including an email address. (default: false) [$LEGO_NO_EMAIL] --csr value, -c value Certificate signing request filename, if an external CSR is to be used. --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB] --kid value Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID] From 0bae2c95b57d96af9ce6ef081c15e7119e2d3853 Mon Sep 17 00:00:00 2001 From: schou Date: Tue, 5 Dec 2023 14:14:18 -0500 Subject: [PATCH 2/5] update error message for helpful hint Signed-off-by: schou --- cmd/setup.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/setup.go b/cmd/setup.go index e07a878003..c4b5e49c8e 100644 --- a/cmd/setup.go +++ b/cmd/setup.go @@ -84,7 +84,7 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType { func getEmail(ctx *cli.Context) string { email := ctx.String("email") if email == "" { - log.Fatal("You have to pass an account (email address) to the program using --email or -m") + log.Fatal("You have to pass an account (email address) to the program using --email or -m, or use --no-email to disable including an email in the ACME request.") } return email } From e5f135c756b5d9c9779432389f971271915ee8fb Mon Sep 17 00:00:00 2001 From: schou Date: Tue, 5 Dec 2023 14:20:45 -0500 Subject: [PATCH 3/5] wording Signed-off-by: schou --- cmd/flags.go | 2 +- docs/data/zz_cli_help.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/flags.go b/cmd/flags.go index 247f35018e..5ec8c626ae 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -35,7 +35,7 @@ func CreateFlags(defaultPath string) []cli.Flag { Name: "no-email", Aliases: []string{"M"}, EnvVars: []string{"LEGO_NO_EMAIL"}, - Usage: "Create an ACME request not including an email address.", + Usage: "Create an ACME request without including an email address.", }, &cli.StringFlag{ Name: "csr", diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index 3a86e56c8b..3317060f33 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -23,7 +23,7 @@ GLOBAL OPTIONS: --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory") --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false) --email value, -m value Email used for registration and recovery contact. - --no-email, -M Create an ACME request not including an email address. (default: false) [$LEGO_NO_EMAIL] + --no-email, -M Create an ACME request without including an email address. (default: false) [$LEGO_NO_EMAIL] --csr value, -c value Certificate signing request filename, if an external CSR is to be used. --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB] --kid value Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID] From 504497e345b44d36f0a42dc1be474e206215e5b2 Mon Sep 17 00:00:00 2001 From: schou Date: Tue, 5 Dec 2023 14:23:29 -0500 Subject: [PATCH 4/5] usage helpful hint Signed-off-by: schou --- cmd/setup.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/setup.go b/cmd/setup.go index c4b5e49c8e..f83325b189 100644 --- a/cmd/setup.go +++ b/cmd/setup.go @@ -84,7 +84,7 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType { func getEmail(ctx *cli.Context) string { email := ctx.String("email") if email == "" { - log.Fatal("You have to pass an account (email address) to the program using --email or -m, or use --no-email to disable including an email in the ACME request.") + log.Fatal("You have to pass an account (email address) to the program using --email or -m, or use --no-email or -M to disable including an email in the ACME request.") } return email } From 51ef22a6c24d3172b165b287a962ac1828a11c66 Mon Sep 17 00:00:00 2001 From: schou Date: Wed, 6 Dec 2023 07:59:56 -0500 Subject: [PATCH 5/5] return empty string if no-email is set Signed-off-by: schou --- cmd/accounts_storage.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/accounts_storage.go b/cmd/accounts_storage.go index beffa86dd6..bc897522d3 100644 --- a/cmd/accounts_storage.go +++ b/cmd/accounts_storage.go @@ -58,6 +58,7 @@ const ( // │ └── root accounts directory // └── "path" option type AccountsStorage struct { + noEmail bool userID string rootPath string rootUserPath string @@ -69,7 +70,8 @@ type AccountsStorage struct { // NewAccountsStorage Creates a new AccountsStorage. func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { var userID string - if ctx.IsSet("no-email") { + noEmail := ctx.IsSet("no-email") + if noEmail { userID = "default" } else { // TODO: move to account struct? @@ -87,6 +89,7 @@ func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { rootUserPath := filepath.Join(accountsPath, userID) return &AccountsStorage{ + noEmail: noEmail, userID: userID, rootPath: rootPath, rootUserPath: rootUserPath, @@ -115,6 +118,9 @@ func (s *AccountsStorage) GetRootUserPath() string { } func (s *AccountsStorage) GetUserID() string { + if s.noEmail { + return "" + } return s.userID }