Package com.iizix.server.acme
Class LetsEncrypt
java.lang.Object
com.iizix.server.acme.LetsEncrypt
The iiziServer Let's Encrypt implementation for SSL certificates.
- Author:
- Christopher Mindus
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumThe reply code.static classClass used to hold information of a certificate request.static enumThe type of ACME challenge.Method Summary
Modifier and TypeMethodDescriptionstatic FilecreateCertificate_HTTPChallenge(String root, String domain, StringBuilder tos, String alias, String password, X509Certificate[] cert) Performs a HTTP challenge request on the running iiziServer or iiziGo instance.org.shredzone.acme4j.challenge.ChallengednsChallenge(org.shredzone.acme4j.Authorization auth) Prepares a DNS challenge.fetchCertificate(String domain, URI acceptedTOS) Generates a certificate for the given domain.org.shredzone.acme4j.challenge.ChallengehttpChallenge(org.shredzone.acme4j.Authorization auth) Prepares a HTTP challenge.
Method Details
fetchCertificate
public LetsEncrypt.Reply fetchCertificate(String domain, URI acceptedTOS) throws IOException, org.shredzone.acme4j.exception.AcmeException Generates a certificate for the given domain. Also takes care for the registration process.- Parameters:
domain- Domain to get a common certificate for.acceptedTOS- The accepted Terms Of Service URI, or null if none is known.- Returns:
- The Reply.
- Throws:
IOException- For I/O errors.org.shredzone.acme4j.exception.AcmeException- For ACME errors.
httpChallenge
public org.shredzone.acme4j.challenge.Challenge httpChallenge(org.shredzone.acme4j.Authorization auth) throws org.shredzone.acme4j.exception.AcmeException, IOException Prepares a HTTP challenge.The verification of this challenge expects a file with a certain content to be reachable at a given path under the domain to be tested.
- Parameters:
auth-Authorizationto find the challenge in.- Returns:
Challengeto verify.- Throws:
org.shredzone.acme4j.exception.AcmeException- For ACME errors.IOException- For file writer errors.
dnsChallenge
public org.shredzone.acme4j.challenge.Challenge dnsChallenge(org.shredzone.acme4j.Authorization auth) throws org.shredzone.acme4j.exception.AcmeException Prepares a DNS challenge.The verification of this challenge expects a TXT record with a certain content.
This example outputs instructions that need to be executed manually. In a production environment, you would rather configure your DNS automatically.
- Parameters:
auth-Authorizationto find the challenge in.- Returns:
Challengeto verify.- Throws:
org.shredzone.acme4j.exception.AcmeException- For ACME errors.
createCertificate_HTTPChallenge
public static File createCertificate_HTTPChallenge(String root, String domain, StringBuilder tos, String alias, String password, X509Certificate[] cert) throws IOException, Exception Performs a HTTP challenge request on the running iiziServer or iiziGo instance.- Parameters:
root- The web server root directory.domain- The domain name.tos- Terms of service URI that has been accepted must be filled in (or empty for first try).alias- Alias for key store/certificate private key, null for default.password- Password to use, null for default.cert- Array of 1 to return certificate created, null for none.- Returns:
- The PKCS#12 identity file created with the certificate chain alias "iizi" and password "changeit", or null if Terms-Of-Service must be accepted.
- Throws:
IOException- For I/O errors.Exception- For ACME problems, actuallyorg.shredzone.acme4j.exception.AcmeExceptionbut in order to avoid module dependency to the acme4j package, anExceptionis specified here.