feat: update to lego v5

api/certificate.go

@@ -15,7 +15,7 @@ import (
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"
 
-	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v5/certcrypto"
 
 	"github.com/fgouteroux/acme-manager/certstore"
 	"github.com/fgouteroux/acme-manager/config"

certstore/account.go

@@ -17,13 +17,13 @@ import (
 
 	"github.com/hashicorp/go-retryablehttp"
 
-	"github.com/go-acme/lego/v4/certcrypto"
-	"github.com/go-acme/lego/v4/challenge"
-	"github.com/go-acme/lego/v4/lego"
-	"github.com/go-acme/lego/v4/providers/http/memcached"
-	"github.com/go-acme/lego/v4/providers/http/s3"
-	"github.com/go-acme/lego/v4/providers/http/webroot"
-	"github.com/go-acme/lego/v4/registration"
+	"github.com/go-acme/lego/v5/certcrypto"
+	"github.com/go-acme/lego/v5/challenge"
+	"github.com/go-acme/lego/v5/lego"
+	"github.com/go-acme/lego/v5/providers/http/memcached"
+	"github.com/go-acme/lego/v5/providers/http/s3"
+	"github.com/go-acme/lego/v5/providers/http/webroot"
+	"github.com/go-acme/lego/v5/registration"
 
 	"github.com/fgouteroux/acme-manager/config"
 	"github.com/fgouteroux/acme-manager/metrics"
@@ -90,7 +90,7 @@ func tryRecoverRegistration(customLogger *logrus.Logger, cfg config.Config, priv
 		return client, nil, err
 	}
 
-	reg, err := client.Registration.ResolveAccountByKey()
+	reg, err := client.Registration.ResolveAccountByKey(context.Background())
 	if err != nil {
 		return client, nil, err
 	}
@@ -153,7 +153,7 @@ func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, ve
 
 			if reg == nil {
 				if issuerConf.EAB {
-					reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+					reg, err = client.Registration.RegisterWithExternalAccountBinding(context.Background(), registration.RegisterEABOptions{
 						TermsOfServiceAgreed: true,
 						Kid:                  issuerConf.KID,
 						HmacEncoded:          issuerConf.HMAC,
@@ -163,7 +163,7 @@ func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, ve
 						continue
 					}
 				} else {
-					reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+					reg, err = client.Registration.Register(context.Background(), registration.RegisterOptions{TermsOfServiceAgreed: true})
 					if err != nil {
 						_ = level.Error(logger).Log("msg", "failed to register account", "issuer", issuer, "err", err)
 						continue
@@ -185,7 +185,7 @@ func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, ve
 						continue
 					}
 
-					reg, err = client.Registration.UpdateRegistration(registration.RegisterOptions{TermsOfServiceAgreed: true})
+					reg, err = client.Registration.UpdateRegistration(context.Background(), registration.RegisterOptions{TermsOfServiceAgreed: true})
 					if err != nil {
 						_ = level.Error(logger).Log("msg", "failed to update registration", "issuer", issuer, "err", err)
 						continue
@@ -217,7 +217,7 @@ func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, ve
 				_ = level.Error(logger).Log("msg", "failed to create lego client", "issuer", issuer, "err", err)
 				continue
 			}
-			reg, err := client.Registration.UpdateRegistration(registration.RegisterOptions{TermsOfServiceAgreed: true})
+			reg, err := client.Registration.UpdateRegistration(context.Background(), registration.RegisterOptions{TermsOfServiceAgreed: true})
 			if err != nil {
 				_ = level.Error(logger).Log("msg", "failed to update registration", "issuer", issuer, "err", err)
 				continue
@@ -247,7 +247,7 @@ func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, ve
 				continue
 			}
 
-			err = client.Registration.DeleteRegistration()
+			err = client.Registration.DeleteRegistration(context.Background())
 			if err != nil {
 				_ = level.Error(logger).Log("msg", "unable to unregister issuer account", "issuer", issuer, "err", err)
 				continue

certstore/certstore.go

@@ -8,6 +8,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"slices"
@@ -18,12 +19,12 @@ import (
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"
 
-	"github.com/go-acme/lego/v4/certcrypto"
-	"github.com/go-acme/lego/v4/certificate"
-	"github.com/go-acme/lego/v4/challenge/dns01"
-	"github.com/go-acme/lego/v4/lego"
-	"github.com/go-acme/lego/v4/platform/config/env"
-	"github.com/go-acme/lego/v4/providers/dns"
+	"github.com/go-acme/lego/v5/certcrypto"
+	"github.com/go-acme/lego/v5/certificate"
+	"github.com/go-acme/lego/v5/challenge/dns01"
+	"github.com/go-acme/lego/v5/lego"
+	"github.com/go-acme/lego/v5/platform/config/env"
+	"github.com/go-acme/lego/v5/providers/dns"
 
 	"github.com/fgouteroux/acme-manager/config"
 	"github.com/fgouteroux/acme-manager/metrics"
@@ -56,7 +57,7 @@ func RevokeCertificateWithVerification(logger log.Logger, issuerAcmeClient *lego
 		versionStr = fmt.Sprintf(", version=%d", *version)
 	}
 
-	err := issuerAcmeClient.Certificate.Revoke(certBytes)
+	err := issuerAcmeClient.Certificate.Revoke(context.Background(), certBytes)
 	switch {
 	case err == nil:
 		_ = level.Info(logger).Log("msg", "certificate revoked successfully, will destroy in next cleanup cycle"+versionStr, "domain", domain, "issuer", issuer, "owner", owner)
@@ -191,10 +192,16 @@ func CreateRemoteCertificateResource(certData *models.Certificate, logger log.Lo
 			return certData, err
 		}
 
+		// Configure DNS client options (nameservers and timeout)
+		dnsClientOpts := &dns01.Options{
+			Timeout: time.Duration(dnsTimeout) * time.Second,
+		}
+		if dnsResolvers != "" {
+			dnsClientOpts.RecursiveNameservers = parseNameservers(strings.Split(dnsResolvers, ","))
+		}
+		dns01.SetDefaultClient(dns01.NewClient(dnsClientOpts))
+
 		err = issuerAcmeClient.Challenge.SetDNS01Provider(dnsProvider,
-			dns01.CondOption(dnsResolvers != "",
-				dns01.AddRecursiveNameservers(dns01.ParseNameservers(strings.Split(dnsResolvers, ","))),
-			),
 			dns01.CondOption(dnsPropagationDisableANS,
 				dns01.DisableAuthoritativeNssPropagationRequirement(),
 			),
@@ -204,9 +211,6 @@ func CreateRemoteCertificateResource(certData *models.Certificate, logger log.Lo
 			dns01.CondOption(dnsPropagationRNS,
 				dns01.RecursiveNSsPropagationRequirement(),
 			),
-			dns01.CondOption(dnsTimeout > 0,
-				dns01.AddDNSTimeout(time.Duration(dnsTimeout)*time.Second),
-			),
 		)
 		if err != nil {
 			_ = level.Error(logger).Log("msg", "failed to set DNS01 provider", "err", err)
@@ -247,7 +251,7 @@ func CreateRemoteCertificateResource(certData *models.Certificate, logger log.Lo
 		}
 	}
 
-	resource, err := issuerAcmeClient.Certificate.ObtainForCSR(request)
+	resource, err := issuerAcmeClient.Certificate.ObtainForCSR(context.Background(), request)
 	if err != nil {
 		_ = level.Error(logger).Log("msg", "failed to obtain certificate", "domain", certData.Domain, "issuer", certData.Issuer, "owner", certData.Owner, "err", err)
 		metrics.SetCreatedCertificate(certData.Issuer, certData.Owner, certData.Domain, 0)
@@ -450,3 +454,21 @@ func executeCommand(logger log.Logger, cmdPath string, cmdArgs []string, cmdTime
 
 	return nil
 }
+
+// parseNameservers ensures all nameservers have a port number.
+func parseNameservers(servers []string) []string {
+	var resolvers []string
+	for _, resolver := range servers {
+		resolver = strings.TrimSpace(resolver)
+		if resolver == "" {
+			continue
+		}
+		// ensure all servers have a port number
+		if _, _, err := net.SplitHostPort(resolver); err != nil {
+			resolvers = append(resolvers, net.JoinHostPort(resolver, "53"))
+		} else {
+			resolvers = append(resolvers, resolver)
+		}
+	}
+	return resolvers
+}

certstore/cleanup.go

@@ -9,7 +9,7 @@ import (
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"
 
-	"github.com/go-acme/lego/v4/lego"
+	"github.com/go-acme/lego/v5/lego"
 
 	"github.com/fgouteroux/acme-manager/ring"
 	"github.com/fgouteroux/acme-manager/storage/vault"

certstore/http_challenge.go

@@ -2,6 +2,8 @@
 package certstore
 
 import (
+	"context"
+
 	"github.com/go-kit/log"
 )
 
@@ -10,17 +12,17 @@ type HTTPProvider struct {
 	logger log.Logger
 }
 
-// NewMemcacheProvider returns a HTTPProvider instance with a configured webroot path.
+// NewKVRingProvider returns a HTTPProvider instance with a configured webroot path.
 func NewKVRingProvider(logger log.Logger) (*HTTPProvider, error) {
 	return &HTTPProvider{logger: logger}, nil
 }
 
 // Present makes the token available at `HTTP01ChallengePath(token)` by creating the key in the kvring.
-func (w *HTTPProvider) Present(_, token, keyAuth string) error {
+func (w *HTTPProvider) Present(_ context.Context, _, token, keyAuth string) error {
 	return AmStore.PutChallenge(token, keyAuth)
 }
 
 // CleanUp removes the file created for the challenge.
-func (w *HTTPProvider) CleanUp(_, token, _ string) error {
+func (w *HTTPProvider) CleanUp(_ context.Context, _, token, _ string) error {
 	return AmStore.DeleteChallenge(token)
 }

certstore/watcher.go

@@ -10,7 +10,7 @@ import (
 	"github.com/go-kit/log/level"
 	"github.com/sirupsen/logrus"
 
-	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v5/certcrypto"
 
 	"github.com/fgouteroux/acme-manager/config"
 	"github.com/fgouteroux/acme-manager/metrics"

cmd/acme-manager-client/main.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"runtime"
 	"time"
 
 	"github.com/go-kit/log"
@@ -15,8 +14,6 @@ import (
 	"github.com/prometheus/common/version"
 	"github.com/sirupsen/logrus"
 
-	legoLog "github.com/go-acme/lego/v4/log"
-
 	"github.com/fgouteroux/acme-manager/client"
 	"github.com/fgouteroux/acme-manager/restclient"
 	"github.com/fgouteroux/acme-manager/storage/vault"
@@ -91,59 +88,9 @@ func main() {
 		os.Exit(0)
 	}
 
-	// set custom logger
-	logrusLogger := logrus.New()
-	logrusLogger.SetReportCaller(true)
-
-	parsedLogLevel, err := logrus.ParseLevel(*logLevel)
-	if err != nil {
-		parsedLogLevel = logrus.InfoLevel
-	}
-	logrusLogger.SetLevel(parsedLogLevel)
-
-	if *logFormat == "json" {
-		logrusLogger.SetFormatter(utils.UTCFormatter{Formatter: &logrus.JSONFormatter{
-			TimestampFormat: "2006-01-02T15:04:05.000Z",
-			FieldMap: logrus.FieldMap{
-				logrus.FieldKeyTime: "ts",
-				logrus.FieldKeyFile: "caller",
-			},
-			CallerPrettyfier: func(f *runtime.Frame) (string, string) {
-				return "", fmt.Sprintf("%s:%d", utils.FormatFilePath(f.File), f.Line)
-			},
-		}})
-	} else {
-		logrusLogger.SetFormatter(&utils.CustomTextFormatter{
-			TimestampFormat: "2006-01-02T15:04:05.000Z",
-		})
-	}
-
-	logrusLogger.SetOutput(&utils.CustomWriter{Writer: os.Stdout})
-	logrusLogger.AddHook(&utils.DebugLevelHook{Logger: logrusLogger})
-
-	// Override lego logger
-	legoLog.Logger = logrusLogger
-
-	// Create go-kit logger
-	logger = log.NewLogfmtLogger(log.NewSyncWriter(os.Stdout))
-	if *logFormat == "json" {
-		logger = log.NewJSONLogger(log.NewSyncWriter(os.Stdout))
-	}
-	logger = log.With(logger, "ts", log.DefaultTimestampUTC, "caller", log.Caller(5))
-
-	// Set log level for go-kit logger
-	switch *logLevel {
-	case "debug":
-		logger = level.NewFilter(logger, level.AllowDebug())
-	case "info":
-		logger = level.NewFilter(logger, level.AllowInfo())
-	case "warn":
-		logger = level.NewFilter(logger, level.AllowWarn())
-	case "error":
-		logger = level.NewFilter(logger, level.AllowError())
-	default:
-		logger = level.NewFilter(logger, level.AllowInfo())
-	}
+	// Setup all loggers (go-kit, logrus, and lego slog)
+	var logrusLogger *logrus.Logger
+	logger, logrusLogger = utils.SetupLoggers(*logLevel, *logFormat)
 
 	configBytes, err := os.ReadFile(*clientConfigPath)
 	if err != nil {

cmd/acme-manager-server/main.go

@@ -8,7 +8,6 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
-	"runtime"
 	"strings"
 	"syscall"
 	"time"
@@ -27,8 +26,6 @@ import (
 
 	httpSwagger "github.com/swaggo/http-swagger"
 
-	legoLog "github.com/go-acme/lego/v4/log"
-
 	"github.com/fgouteroux/acme-manager/api"
 	"github.com/fgouteroux/acme-manager/certstore"
 	"github.com/fgouteroux/acme-manager/config"
@@ -203,62 +200,12 @@ func main() {
 		os.Exit(0)
 	}
 
-	// set custom logger
-	logrusLogger := logrus.New()
-	logrusLogger.SetReportCaller(true)
-
-	parsedLogLevel, err := logrus.ParseLevel(*logLevel)
-	if err != nil {
-		parsedLogLevel = logrus.InfoLevel
-	}
-	logrusLogger.SetLevel(parsedLogLevel)
-
-	if *logFormat == "json" {
-		logrusLogger.SetFormatter(utils.UTCFormatter{Formatter: &logrus.JSONFormatter{
-			TimestampFormat: "2006-01-02T15:04:05.000Z",
-			FieldMap: logrus.FieldMap{
-				logrus.FieldKeyTime: "ts",
-				logrus.FieldKeyFile: "caller",
-			},
-			CallerPrettyfier: func(f *runtime.Frame) (string, string) {
-				return "", fmt.Sprintf("%s:%d", utils.FormatFilePath(f.File), f.Line)
-			},
-		}})
-	} else {
-		logrusLogger.SetFormatter(&utils.CustomTextFormatter{
-			TimestampFormat: "2006-01-02T15:04:05.000Z",
-		})
-	}
-
-	logrusLogger.SetOutput(&utils.CustomWriter{Writer: os.Stdout})
-	logrusLogger.AddHook(&utils.DebugLevelHook{Logger: logrusLogger})
-
-	// Override lego logger
-	legoLog.Logger = logrusLogger
-
-	// Create go-kit logger
-	logger = log.NewLogfmtLogger(log.NewSyncWriter(os.Stdout))
-	if *logFormat == "json" {
-		logger = log.NewJSONLogger(log.NewSyncWriter(os.Stdout))
-	}
-	logger = log.With(logger, "ts", log.DefaultTimestampUTC, "caller", log.Caller(5))
-
-	// Set log level for go-kit logger
-	switch *logLevel {
-	case "debug":
-		logger = level.NewFilter(logger, level.AllowDebug())
-	case "info":
-		logger = level.NewFilter(logger, level.AllowInfo())
-	case "warn":
-		logger = level.NewFilter(logger, level.AllowWarn())
-	case "error":
-		logger = level.NewFilter(logger, level.AllowError())
-	default:
-		logger = level.NewFilter(logger, level.AllowInfo())
-	}
+	// Setup all loggers (go-kit, logrus, and lego slog)
+	var logrusLogger *logrus.Logger
+	logger, logrusLogger = utils.SetupLoggers(*logLevel, *logFormat)
 
 	// Load environment and config
-	err = godotenv.Load(*envConfigPath)
+	err := godotenv.Load(*envConfigPath)
 	if err != nil {
 		_ = level.Debug(logger).Log("msg", "env config file not found", "path", *envConfigPath)
 	}