diff --git a/cmd/accounts_storage.go b/cmd/accounts_storage.go index 05cd23722c..bc897522d3 100644 --- a/cmd/accounts_storage.go +++ b/cmd/accounts_storage.go @@ -58,6 +58,7 @@ const ( // │ └── root accounts directory // └── "path" option type AccountsStorage struct { + noEmail bool userID string rootPath string rootUserPath string @@ -68,8 +69,14 @@ type AccountsStorage struct { // NewAccountsStorage Creates a new AccountsStorage. func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { - // TODO: move to account struct? Currently MUST pass email. - email := getEmail(ctx) + var userID string + noEmail := ctx.IsSet("no-email") + if noEmail { + userID = "default" + } else { + // TODO: move to account struct? + userID = getEmail(ctx) + } serverURL, err := url.Parse(ctx.String("server")) if err != nil { @@ -79,10 +86,11 @@ func NewAccountsStorage(ctx *cli.Context) *AccountsStorage { rootPath := filepath.Join(ctx.String("path"), baseAccountsRootFolderName) serverPath := strings.NewReplacer(":", "_", "/", string(os.PathSeparator)).Replace(serverURL.Host) accountsPath := filepath.Join(rootPath, serverPath) - rootUserPath := filepath.Join(accountsPath, email) + rootUserPath := filepath.Join(accountsPath, userID) return &AccountsStorage{ - userID: email, + noEmail: noEmail, + userID: userID, rootPath: rootPath, rootUserPath: rootUserPath, keysPath: filepath.Join(rootUserPath, baseKeysFolderName), @@ -110,6 +118,9 @@ func (s *AccountsStorage) GetRootUserPath() string { } func (s *AccountsStorage) GetUserID() string { + if s.noEmail { + return "" + } return s.userID } diff --git a/cmd/flags.go b/cmd/flags.go index b014a1ff2d..5ec8c626ae 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -31,6 +31,12 @@ func CreateFlags(defaultPath string) []cli.Flag { Aliases: []string{"m"}, Usage: "Email used for registration and recovery contact.", }, + &cli.BoolFlag{ + Name: "no-email", + Aliases: []string{"M"}, + EnvVars: []string{"LEGO_NO_EMAIL"}, + Usage: "Create an ACME request without including an email address.", + }, &cli.StringFlag{ Name: "csr", Aliases: []string{"c"}, diff --git a/cmd/setup.go b/cmd/setup.go index e07a878003..f83325b189 100644 --- a/cmd/setup.go +++ b/cmd/setup.go @@ -84,7 +84,7 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType { func getEmail(ctx *cli.Context) string { email := ctx.String("email") if email == "" { - log.Fatal("You have to pass an account (email address) to the program using --email or -m") + log.Fatal("You have to pass an account (email address) to the program using --email or -m, or use --no-email or -M to disable including an email in the ACME request.") } return email } diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index f082a80ac1..3317060f33 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -23,6 +23,7 @@ GLOBAL OPTIONS: --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory") --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false) --email value, -m value Email used for registration and recovery contact. + --no-email, -M Create an ACME request without including an email address. (default: false) [$LEGO_NO_EMAIL] --csr value, -c value Certificate signing request filename, if an external CSR is to be used. --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB] --kid value Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID]