harica

command module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2025 License: Apache-2.0 Imports: 1 Imported by: 0

README

Inofficial Client for the HARICA API

Generate Cert with Auto Approval

./harica gen-cert \
    --domains "fancy.domain" \
    --requester-email "requester@fancy.domain" \
    --requester-password "password" \
    --requester-totp-seed "totp-seed" \
    --validator-email "validator@fancy.domain" \
    --validator-password "password" \
    --validator-totp-seed "totp-seed" \
    --csr "-----BEGIN CERTIFICATE REQUEST-----\nfoo-bar\n-----END CERTIFICATE REQUEST-----"

Beside using arguments you can also create a config file cert-generator.yaml:

requester_email: ""
validator_email: ""
validator_totp_seed: ""
requester_totp_seed: ""
validator_password: ""
requester_password: ""

Automatic Domain Validation using AXFR

In case you want to (re)validate several domains using DNS Challenges, you may use this module. To use this module, you must have a DNS server/provider that supports standard AXFR Updates to your zones. Right now, we consider all domains to be revalidated that expire in the next 30 days. Domains with a validity of more than 30 days get ignored by the tool.

DNS Configuration

Please create a new YAML file with the following structure.

zones:
  - domain: "domain.de."
    nameserver: "dns-server:53"    
    tsig_key_name: "hm.edu."
    tsig_secret: "tsig_key"
    tsig_secret_alg: "hmac-md5.sig-alg.reg.int."
    net: "tcp"
  - domain: "domain.eu."
    nameserver: "dns-server:53"
    tsig_key_name: "tsig_key_name."
    tsig_secret: "tsig_key"
    tsig_secret_alg: "hmac-md5.sig-alg.reg.int."
    net: "tcp"

Alternative Algorithms are:

  • hmac-sha1.
  • hmac-sha224.
  • hmac-sha256.
  • hmac-sha384.
  • hmac-sha512.
  • hmac-md5.sig-alg.reg.int.
Usage

Afterwards you can trigger the validation flow:

./harica validation \
    -u "harica-user" \
    -p "harica-password" \
    -t "harica-totp" \
    --imap-host "imap.server.com" \
    --imap-username "fancy-user" \
    --imap-password "fancy-password" \
    --domains "domain.de,domain.eu" \
    --email "fancy-user@server.com" \
    --dns "./path/to/dns-config"

[!WARNING] Please note that we do not recommend validating large batches at once since the code is not that reslient for failures or timeouts. Try to keep the batches smaller than 10 domains and start more batches sequentially.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.