certmagic
certmagic copied to clipboard
caddyserver
obtain a certificate without providing an email address (LetsEncrypt)
What would you like to have changed?
I'd like to be able to obtain a certificate without providing an email address.
Why is this feature a useful, necessary, and/or important addition to this project?
I'm aware that it's strongly recommended to provide an email address, but it doesn't really apply in my use case. I'm building a (lib)p2p node that automatically obtains a certificate to offer secure WebSockets. Obtaining the certificate is done in the background and on a best-effort basis, so we don't really care about any emails that LetsEncrypt might want to send to the node operator.
The docs say it's possible to obtain a certificate without providing an email address:
Although not strictly required, this is highly recommended best practice.
When I don't set certmagic.DefaultACME.Email, I'm getting an (interactive) prompt to enter my email address, which of course can't even be filled in, given that my app is designed to run in the background.
What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?
I could hardcode / generate a fake email address.
Please link to any relevant issues, pull requests, or other discussions.
The email address is optional, terms agreement is not. You can leave the email blank if you want to. Is that not the case? Make sure you're persisting terms agreement (the user/account).
This is the (stripped down) code I'm using to get the certificate
cfg := certmagic.NewDefault()
acmeManager := certmagic.NewACMEManager(
cfg,
certmagic.ACMEManager{
Agreed: true,
// Email: "[email protected]",
},
)
cfg.Issuers = []certmagic.Issuer{acmeManager}
cfg.ManageSync(ctx, []string{domain})
and as soon as I run it, I get the email prompt:
Your sites will be served over HTTPS automatically using an automated CA. By continuing, you agree to the CA's terms of service. Please enter your email address to signify agreement and to be notified in case of issues. You can leave it blank, but we don't recommend it. Email address:
When I uncomment the line setting the Email property, I'm not getting the prompt and I successfully get a cert (and yes, [email protected] is accepted as a valid email address).
Any hints what I'm doing wrong?
Ah, thanks, I see what you mean now. That prompt should only happen once though, since CertMagic should persist the account and reuse it. Is that the case, or does this prompt happen every time?
The prompt can also be avoided with ManageAsync() (but obviously that has other implications).
The prompt can also be avoided with ManageAsync() (but obviously that has other implications).
That makes sense. I guess this issue then reduces to #173. Any idea when #150 will be merged? :)
150 is merged now!
Do you still need this? IIRC, we prompt for an email address only when no account has been stored before. (And we don't do any validation of the email address.) The prompt should only appear once I think.
I have a case where I would like to set the email empty and automatically accept the terms in a non-interactive environment, this issue seems to be related to this.
Would it be possible without using ManageAsync or using a bogus email (is there any negative side effects of using bogus email) ?
I'm sure people use bogus emails all the time, but it makes them sad (and me too, kinda) -- why not use ManageAsync?