chore: bump github.com/go-acme/lego/v4 from 4.22.2 to 4.25.2 (#224)

.github/FUNDING.yml

@@ -1 +1,4 @@
 github: ldez
+ko_fi: ldez_oss
+liberapay: ldez
+thanks_dev: u/gh/ldez

.github/workflows/go-cross.yml

@@ -3,8 +3,10 @@ name: Go Matrix
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
+    branches:
+      - main
 
 jobs:
 
@@ -16,18 +18,18 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [ '1.21', 1.x ]
+        go-version: [ stable ]
         os: [ubuntu-latest, macos-latest, windows-latest]
 
     steps:
 
       # https://github.com/marketplace/actions/checkout
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # https://github.com/marketplace/actions/setup-go-environment
       - name: Set up Go ${{ matrix.go-version }}
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
 

.github/workflows/main.yml

@@ -3,8 +3,10 @@ name: Main
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
+    branches:
+      - main
 
 jobs:
 
@@ -12,22 +14,13 @@ jobs:
     name: Main Process
     runs-on: ubuntu-latest
     env:
-      GO_VERSION: '1.21'
-      GOLANGCI_LINT_VERSION: v1.55.2
-      SEIHON_VERSION: v0.9.0
+      GO_VERSION: stable
+      GOLANGCI_LINT_VERSION: v2.0.1
       CGO_ENABLED: 0
 
     steps:
-
-      # https://github.com/marketplace/actions/checkout
-      - name: Check out code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      # https://github.com/marketplace/actions/setup-go-environment
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -41,7 +34,7 @@ jobs:
       # https://golangci-lint.run/usage/install#other-ci
       - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
           golangci-lint --version
 
       - name: Make

.github/workflows/release.yml

@@ -9,8 +9,7 @@ jobs:
     name: Release Process
     runs-on: ubuntu-latest
     env:
-      GO_VERSION: '1.21'
-      SEIHON_VERSION: v0.9.0
+      GO_VERSION: stable
       CGO_ENABLED: 0
 
     steps:
@@ -36,39 +35,36 @@ jobs:
           docker-images: true
           swap-storage: false
 
-      # https://github.com/marketplace/actions/setup-go-environment
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v4
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      # https://github.com/marketplace/actions/checkout
-      - name: Check out code
-        uses: actions/checkout@v4
+      - name: dockerhub-login
+        uses: docker/login-action@v3
         with:
-          fetch-depth: 0
-      - name: Make
-        run: make build
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: ghcr-login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v6
         with:
           version: latest
           args: release -p 1 --clean --timeout=90m
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install seihon ${{ env.SEIHON_VERSION }}
-        run: |
-          curl -sSfL https://raw.githubusercontent.com/ldez/seihon/master/godownloader.sh | sh -s -- -b $(go env GOPATH)/bin ${SEIHON_VERSION}
-          seihon --version
-
-      - name: Docker Login
-        env:
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        run: |
-          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
-
-      - name: Deploy Docker Images (seihon)
-        run: make publish-images

.golangci.yml

@@ -1,109 +1,108 @@
-run:
-  timeout: 5m
-  skip-files: []
+version: "2"
 
-linters-settings:
-  govet:
-    enable-all: true
-    disable:
-      - fieldalignment
-  gocyclo:
-    min-complexity: 12
-  goconst:
-    min-len: 3
-    min-occurrences: 3
-  misspell:
-    locale: US
-  gofumpt:
-    extra-rules: true
-  depguard:
-    rules:
-      main:
-        deny:
-          - pkg: "github.com/instana/testify"
-            desc: not allowed
-          - pkg: "github.com/pkg/errors"
-            desc: Should be replaced by standard lib errors package
-  funlen:
-    lines: -1
-    statements: 40
-  godox:
-    keywords:
-      - FIXME
-  gocritic:
-    enabled-tags:
-      - diagnostic
-      - style
-      - performance
-    disabled-checks:
-      - sloppyReassign
-      - rangeValCopy
-      - octalLiteral
-      - paramTypeCombine # already handle by gofumpt.extra-rules
-    settings:
-      hugeParam:
-        sizeThreshold: 100
-  forbidigo:
-    forbid:
-      - '^print(ln)?$'
-      - '^spew\.Print(f|ln)?$'
-      - '^spew\.Dump$'
-  gomoddirectives:
-    replace-allow-list:
-      - github.com/abbot/go-http-auth
-      - github.com/go-check/check
-      - github.com/gorilla/mux
-      - github.com/mailgun/minheap
-      - github.com/mailgun/multibuf
-      - github.com/jaguilar/vt100
-  gosec:
-    excludes:
-      - G204 # Subprocess launched with a potential tainted input or cmd arguments
-      - G301 # Expect directory permissions to be 0750 or less
-      - G306 # Expect WriteFile permissions to be 0600 or less
+formatters:
+  enable:
+    - gci
+    - gofumpt
+  settings:
+    gofumpt:
+      extra-rules: true
 
 linters:
-  enable-all: true
+  default: all
   disable:
-    - scopelint # deprecated
-    - interfacer # deprecated
-    - maligned # deprecated
-    - golint # deprecated
-    - exhaustivestruct # deprecated
-    - scopelint # deprecated
-    - varcheck # deprecated
-    - structcheck # deprecated
-    - nosnakecase # deprecated
-    - deadcode # deprecated
-    - ifshort # deprecated
-    - sqlclosecheck # not relevant (SQL)
-    - rowserrcheck # not relevant (SQL)
     - cyclop # duplicate of gocyclo
-    - lll
     - dupl
-    - prealloc
-    - wsl
-    - nlreturn
-    - gomnd
-    - testpackage
-    - paralleltest
-    - tparallel
-    - goerr113
-    - wrapcheck
+    - err113
     - exhaustive
     - exhaustruct
-    - varnamelen
+    - lll
+    - mnd
     - nilnil
+    - nlreturn
+    - paralleltest
+    - prealloc
+    - rowserrcheck # not relevant (SQL)
+    - sqlclosecheck # not relevant (SQL)
+    - testpackage
+    - tparallel
+    - varnamelen
+    - wrapcheck
+    - wsl
+  settings:
+    depguard:
+      rules:
+        main:
+          deny:
+            - pkg: github.com/instana/testify
+              desc: not allowed
+            - pkg: github.com/pkg/errors
+              desc: Should be replaced by standard lib errors package
+    forbidigo:
+      forbid:
+        - pattern: ^print(ln)?$
+        - pattern: ^spew\.Print(f|ln)?$
+        - pattern: ^spew\.Dump$
+    funlen:
+      lines: -1
+      statements: 40
+    goconst:
+      min-len: 3
+      min-occurrences: 3
+    gocritic:
+      disabled-checks:
+        - sloppyReassign
+        - rangeValCopy
+        - octalLiteral
+        - paramTypeCombine # already handle by gofumpt.extra-rules
+      enabled-tags:
+        - diagnostic
+        - style
+        - performance
+      settings:
+        hugeParam:
+          sizeThreshold: 100
+    gocyclo:
+      min-complexity: 12
+    godox:
+      keywords:
+        - FIXME
+    gomoddirectives:
+      replace-allow-list:
+        - github.com/abbot/go-http-auth
+        - github.com/go-check/check
+        - github.com/gorilla/mux
+        - github.com/mailgun/minheap
+        - github.com/mailgun/multibuf
+        - github.com/jaguilar/vt100
+    gosec:
+      excludes:
+        - G204 # Subprocess launched with a potential tainted input or cmd arguments
+        - G301 # Expect directory permissions to be 0750 or less
+        - G306 # Expect WriteFile permissions to be 0600 or less
+    govet:
+      disable:
+        - fieldalignment
+      enable-all: true
+    misspell:
+      locale: US
+
+  exclusions:
+    presets:
+      - comments
+    rules:
+      - linters:
+          - gochecknoglobals
+          - gochecknoinits
+        path: cmd/
+      - linters:
+          - tagalign
+        path: internal/traefikv[1-3]/
+      - path: (.+)\.go$
+        text: 'ST1000: at least one file in a package should have a package comment'
+      - path: (.+)\.go$
+        text: 'package-comments: should have a package comment'
 
 issues:
-  exclude-use-default: false
-  max-per-linter: 0
+  max-issues-per-linter: 0
   max-same-issues: 0
-  exclude:
-    - 'ST1000: at least one file in a package should have a package comment'
-    - 'package-comments: should have a package comment'
-  exclude-rules:
-    - path: cmd/
-      linters:
-        - gochecknoglobals
-        - gochecknoinits

.goreleaser.yml

@@ -1,3 +1,4 @@
+version: 2
 project_name: traefik-certs-dumper
 
 builds:
@@ -5,7 +6,7 @@ builds:
     ldflags:
       - -s -w -X github.com/ldez/traefik-certs-dumper/cmd.version={{.Version}} -X github.com/ldez/traefik-certs-dumper/cmd.commit={{.ShortCommit}} -X github.com/ldez/traefik-certs-dumper/cmd.date={{.Date}}
     env:
-      - GO111MODULE=on
+      - CGO_ENABLED=0
     goos:
       - linux
       - darwin
@@ -40,9 +41,182 @@ changelog:
 archives:
   - id: tcd
     name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
-    format: tar.gz
+    formats: [ 'tar.gz' ]
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [ 'zip' ]
     files:
       - LICENSE
+
+docker_manifests:
+  - name_template: 'ldez/traefik-certs-dumper:{{ .Tag }}'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ldez/traefik-certs-dumper:latest'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:latest'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+
+dockers:
+  - use: buildx
+    goos: linux
+    goarch: amd64
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/amd64'
+
+  - use: buildx
+    goos: linux
+    goarch: arm64
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-arm64'
+      - 'ldez/traefik-certs-dumper:latest-arm.v8' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v8' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm64'
+
+  - use: buildx
+    goos: linux
+    goarch: arm
+    goarm: '7'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-armv7'
+      - 'ldez/traefik-certs-dumper:latest-arm.v7' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v7' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm/v7'
+
+  - use: buildx
+    goos: linux
+    goarch: arm
+    goarm: '6'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-armv6'
+      - 'ldez/traefik-certs-dumper:latest-arm.v6' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v6' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm/v6'
+
+  - use: buildx
+    goos: linux
+    goarch: '386'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-386'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/386'

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2023 Fernandez Ludovic
+Copyright 2019-2024 Fernandez Ludovic
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

Makefile

@@ -25,6 +25,3 @@ checks:
 
 doc:
 	go run . doc
-
-publish-images:
-	seihon publish -v "$(TAG_NAME)" -v "latest" --image-name ldez/traefik-certs-dumper --dry-run=false

buildx.Dockerfile

@@ -0,0 +1,9 @@
+# syntax=docker/dockerfile:1.4
+FROM alpine:3
+
+RUN apk --no-cache --no-progress add git ca-certificates tzdata jq \
+    && rm -rf /var/cache/apk/*
+
+COPY traefik-certs-dumper /usr/bin/traefik-certs-dumper
+
+ENTRYPOINT ["/usr/bin/traefik-certs-dumper"]

cmd/doc.go

@@ -10,7 +10,7 @@ var docCmd = &cobra.Command{
 	Use:    "doc",
 	Short:  "Generate documentation",
 	Hidden: true,
-	RunE: func(cmd *cobra.Command, args []string) error {
+	RunE: func(_ *cobra.Command, _ []string) error {
 		return doc.GenMarkdownTree(rootCmd, "./docs")
 	},
 }

cmd/file.go

@@ -25,5 +25,5 @@ func init() {
 	rootCmd.AddCommand(fileCmd)
 
 	fileCmd.Flags().String("source", "./acme.json", "Path to 'acme.json' file.")
-	fileCmd.Flags().String("version", "", "Traefik version. If empty use v1. Possible values: 'v2'.")
+	fileCmd.Flags().String("version", "", "Traefik version. If empty use v1. Possible values: 'v2', 'v3'.")
 }

cmd/kv.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -69,7 +70,7 @@ func createTLSConfig(cmd *cobra.Command) (*tls.Config, error) {
 	certContent := cmd.Flag("tls.cert").Value.String()
 
 	if !insecureSkipVerify && (certContent == "" || privateKey == "") {
-		return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
+		return nil, errors.New("TLS Certificate or Key file must be set when TLS configuration is created")
 	}
 
 	cert, err := getCertificate(privateKey, certContent)
@@ -95,7 +96,7 @@ func getCertPool(ca string) (*x509.CertPool, error) {
 		}
 
 		if !caPool.AppendCertsFromPEM(caContent) {
-			return nil, fmt.Errorf("failed to parse CA")
+			return nil, errors.New("failed to parse CA")
 		}
 	}
 
@@ -137,11 +138,11 @@ func getCertificate(privateKey, certContent string) (tls.Certificate, error) {
 	_, errCertIsFile := os.Stat(certContent)
 
 	if errCertIsFile == nil && os.IsNotExist(errKeyIsFile) {
-		return tls.Certificate{}, fmt.Errorf("tls cert is a file, but tls key is not")
+		return tls.Certificate{}, errors.New("tls cert is a file, but tls key is not")
 	}
 
 	if os.IsNotExist(errCertIsFile) && errKeyIsFile == nil {
-		return tls.Certificate{}, fmt.Errorf("TLS key is a file, but tls cert is not")
+		return tls.Certificate{}, errors.New("TLS key is a file, but tls cert is not")
 	}
 
 	// string

cmd/root.go

@@ -1,12 +1,16 @@
 package cmd
 
 import (
+	"crypto/rand"
 	"fmt"
 	"log"
+	"math/big"
 	"os"
 	"path/filepath"
 	"strconv"
+	"time"
 
+	"github.com/charmbracelet/lipgloss"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
@@ -20,7 +24,7 @@ var rootCmd = &cobra.Command{
 	Use:   "traefik-certs-dumper",
 	Short: "Dump Let's Encrypt certificates from Traefik.",
 	Long:  `Dump Let's Encrypt certificates from Traefik.`,
-	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+	PersistentPreRunE: func(cmd *cobra.Command, _ []string) error {
 		if cmd.Name() == "version" {
 			return nil
 		}
@@ -34,6 +38,7 @@ var rootCmd = &cobra.Command{
 				return fmt.Errorf("--crt-ext (%q) and --key-ext (%q) are identical, in this case --domain-subdir is required", crtExt, keyExt)
 			}
 		}
+
 		return nil
 	},
 }
@@ -45,6 +50,8 @@ func Execute() {
 		log.Println(err)
 		os.Exit(1)
 	}
+
+	help()
 }
 
 func init() {
@@ -131,10 +138,10 @@ func tree(root, indent string) error {
 	for i, name := range names {
 		add := "│  "
 		if i == len(names)-1 {
-			fmt.Printf(indent + "└──")
+			fmt.Print(indent + "└──")
 			add = "   "
 		} else {
-			fmt.Printf(indent + "├──")
+			fmt.Print(indent + "├──")
 		}
 
 		if err := tree(filepath.Join(root, name), indent+add); err != nil {
@@ -177,3 +184,34 @@ func getBaseConfig(cmd *cobra.Command) (*dumper.BaseConfig, error) {
 		Hook:         cmd.Flag("post-hook").Value.String(),
 	}, nil
 }
+
+func help() {
+	var maxInt int64 = 2 // -> 50%
+	if time.Now().Month() == time.December {
+		maxInt = 1 // -> 100%
+	}
+
+	n, _ := rand.Int(rand.Reader, big.NewInt(maxInt))
+	if n.Cmp(big.NewInt(0)) != 0 {
+		return
+	}
+
+	log.SetFlags(0)
+
+	pStyle := lipgloss.NewStyle().
+		Padding(1).
+		BorderStyle(lipgloss.RoundedBorder()).
+		BorderForeground(lipgloss.Color("161")).
+		Align(lipgloss.Center)
+
+	hStyle := lipgloss.NewStyle().Bold(true)
+
+	s := fmt.Sprintln(hStyle.Render("Request for Donation."))
+	s += `
+I need your help!
+Donations fund the maintenance and development of traefik-certs-dumper.
+Click on this link to donate: https://donate.ldez.dev`
+
+	log.Println(pStyle.Render(s))
+	log.SetFlags(log.LstdFlags | log.Lshortfile)
+}

cmd/version.go

@@ -17,7 +17,7 @@ var (
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Display version",
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(_ *cobra.Command, _ []string) {
 		displayVersion(rootCmd.Name())
 	},
 }

docs/docker-compose-traefik-v1.yml

@@ -1,5 +1,3 @@
-version: '3.7'
-
 services:
   traefik:
     image: traefik:v1.7
@@ -25,10 +23,9 @@ services:
       - ./letsencrypt:/letsencrypt
 
   traefik-certs-dumper:
-    image: ldez/traefik-certs-dumper:v2.8.1
+    image: ldez/traefik-certs-dumper:v2.9.3
     entrypoint: sh -c '
-      apk add jq
-      ; while ! [ -e /data/acme.json ]
+      while ! [ -e /data/acme.json ]
         || ! [ `jq ".Certificates | length" /data/acme.json` != 0 ]; do
           sleep 1
       ; done
@@ -36,6 +33,7 @@ services:
         --source /data/acme.json --dest /data/certs'
     volumes:
       - ./letsencrypt:/data
+    network_mode: "none"
 
   whoami:
     image: traefik/whoami:v1.8.1

docs/docker-compose-traefik-v2.yml

@@ -1,9 +1,7 @@
-version: '3.9'
-
 services:
 
   traefik:
-    image: traefik:v2.8.1
+    image: traefik:v2.11.3
     command:
       - --log.level=INFO
       - --entrypoints.web.address=:80
@@ -18,24 +16,24 @@ services:
       - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
       - --certificatesresolvers.le.acme.tlsChallenge=true
     ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./letsencrypt/:/letsencrypt
 
   traefik-certs-dumper:
-    image: ldez/traefik-certs-dumper:v2.8.1
+    image: ldez/traefik-certs-dumper:v2.9.3
     entrypoint: sh -c '
-      apk add jq
-      ; while ! [ -e /data/acme.json ]
-      || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do
+      while ! [ -e /data/acme.json ]
+      || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
       sleep 1
       ; done
       && traefik-certs-dumper file --version v2 --watch
       --source /data/acme.json --dest /data/certs'
     volumes:
       - ./letsencrypt:/data
+    network_mode: "none"
     
   whoami:
     image: traefik/whoami:v1.8.1

docs/traefik-certs-dumper.md

@@ -24,8 +24,9 @@ Dump Let's Encrypt certificates from Traefik.
 
 ### SEE ALSO
 
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
 * [traefik-certs-dumper file](traefik-certs-dumper_file.md)	 - Dump the content of the "acme.json" file.
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 * [traefik-certs-dumper version](traefik-certs-dumper_version.md)	 - Display version
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion.md

@@ -0,0 +1,40 @@
+## traefik-certs-dumper completion
+
+Generate the autocompletion script for the specified shell
+
+### Synopsis
+
+Generate the autocompletion script for traefik-certs-dumper for the specified shell.
+See each sub-command's help for details on how to use the generated script.
+
+
+### Options
+
+```
+  -h, --help   help for completion
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
+* [traefik-certs-dumper completion bash](traefik-certs-dumper_completion_bash.md)	 - Generate the autocompletion script for bash
+* [traefik-certs-dumper completion fish](traefik-certs-dumper_completion_fish.md)	 - Generate the autocompletion script for fish
+* [traefik-certs-dumper completion powershell](traefik-certs-dumper_completion_powershell.md)	 - Generate the autocompletion script for powershell
+* [traefik-certs-dumper completion zsh](traefik-certs-dumper_completion_zsh.md)	 - Generate the autocompletion script for zsh
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_bash.md

@@ -0,0 +1,59 @@
+## traefik-certs-dumper completion bash
+
+Generate the autocompletion script for bash
+
+### Synopsis
+
+Generate the autocompletion script for the bash shell.
+
+This script depends on the 'bash-completion' package.
+If it is not installed already, you can install it via your OS's package manager.
+
+To load completions in your current shell session:
+
+	source <(traefik-certs-dumper completion bash)
+
+To load completions for every new session, execute once:
+
+#### Linux:
+
+	traefik-certs-dumper completion bash > /etc/bash_completion.d/traefik-certs-dumper
+
+#### macOS:
+
+	traefik-certs-dumper completion bash > $(brew --prefix)/etc/bash_completion.d/traefik-certs-dumper
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion bash
+```
+
+### Options
+
+```
+  -h, --help              help for bash
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_fish.md

@@ -0,0 +1,50 @@
+## traefik-certs-dumper completion fish
+
+Generate the autocompletion script for fish
+
+### Synopsis
+
+Generate the autocompletion script for the fish shell.
+
+To load completions in your current shell session:
+
+	traefik-certs-dumper completion fish | source
+
+To load completions for every new session, execute once:
+
+	traefik-certs-dumper completion fish > ~/.config/fish/completions/traefik-certs-dumper.fish
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion fish [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for fish
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_powershell.md

@@ -0,0 +1,47 @@
+## traefik-certs-dumper completion powershell
+
+Generate the autocompletion script for powershell
+
+### Synopsis
+
+Generate the autocompletion script for powershell.
+
+To load completions in your current shell session:
+
+	traefik-certs-dumper completion powershell | Out-String | Invoke-Expression
+
+To load completions for every new session, add the output of the above command
+to your powershell profile.
+
+
+```
+traefik-certs-dumper completion powershell [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for powershell
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_zsh.md

@@ -0,0 +1,61 @@
+## traefik-certs-dumper completion zsh
+
+Generate the autocompletion script for zsh
+
+### Synopsis
+
+Generate the autocompletion script for the zsh shell.
+
+If shell completion is not already enabled in your environment you will need
+to enable it.  You can execute the following once:
+
+	echo "autoload -U compinit; compinit" >> ~/.zshrc
+
+To load completions in your current shell session:
+
+	source <(traefik-certs-dumper completion zsh)
+
+To load completions for every new session, execute once:
+
+#### Linux:
+
+	traefik-certs-dumper completion zsh > "${fpath[1]}/_traefik-certs-dumper"
+
+#### macOS:
+
+	traefik-certs-dumper completion zsh > $(brew --prefix)/share/zsh/site-functions/_traefik-certs-dumper
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion zsh [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for zsh
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_file.md

@@ -15,7 +15,7 @@ traefik-certs-dumper file [flags]
 ```
   -h, --help             help for file
       --source string    Path to 'acme.json' file. (default "./acme.json")
-      --version string   Traefik version. If empty use v1. Possible values: 'v2'.
+      --version string   Traefik version. If empty use v1. Possible values: 'v2', 'v3'.
 ```
 
 ### Options inherited from parent commands
@@ -37,4 +37,4 @@ traefik-certs-dumper file [flags]
 
 * [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv.md

@@ -47,4 +47,4 @@ Dump the content of a KV store.
 * [traefik-certs-dumper kv etcd](traefik-certs-dumper_kv_etcd.md)	 - Dump the content of etcd.
 * [traefik-certs-dumper kv zookeeper](traefik-certs-dumper_kv_zookeeper.md)	 - Dump the content of zookeeper.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_boltdb.md

@@ -49,4 +49,4 @@ traefik-certs-dumper kv boltdb [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_consul.md

@@ -48,4 +48,4 @@ traefik-certs-dumper kv consul [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_etcd.md

@@ -49,4 +49,4 @@ traefik-certs-dumper kv etcd [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_zookeeper.md

@@ -47,4 +47,4 @@ traefik-certs-dumper kv zookeeper [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_version.md

@@ -2,10 +2,6 @@
 
 Display version
 
-### Synopsis
-
-Display version
-
 ```
 traefik-certs-dumper version [flags]
 ```
@@ -35,4 +31,4 @@ traefik-certs-dumper version [flags]
 
 * [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

dumper/file/file.go

@@ -15,10 +15,13 @@ import (
 
 	"github.com/fsnotify/fsnotify"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
-	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
-	v2 "github.com/ldez/traefik-certs-dumper/v2/dumper/v2"
+	dumperv1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
+	dumperv2 "github.com/ldez/traefik-certs-dumper/v2/dumper/v2"
+	dumperv3 "github.com/ldez/traefik-certs-dumper/v2/dumper/v3"
 	"github.com/ldez/traefik-certs-dumper/v2/hook"
-	"github.com/traefik/traefik/v2/pkg/provider/acme"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv2"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv3"
 )
 
 // Dump Dumps "acme.json" file to certificates.
@@ -33,43 +36,74 @@ func Dump(ctx context.Context, acmeFile string, baseConfig *dumper.BaseConfig) e
 
 		return watch(ctx, acmeFile, baseConfig)
 	}
+
 	return nil
 }
 
 func dump(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	if baseConfig.Version == "v2" {
+	switch baseConfig.Version {
+	case "v3":
+		err := dumpV3(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v3: dump failed: %w", err)
+		}
+
+		return nil
+
+	case "v2":
 		err := dumpV2(acmeFile, baseConfig)
 		if err != nil {
 			return fmt.Errorf("v2: dump failed: %w", err)
 		}
+
+		return nil
+
+	case "v1":
+		err := dumpV1(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v1: dump failed: %w", err)
+		}
+
+		return nil
+
+	default:
+		err := dumpV1(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v1: dump failed: %w", err)
+		}
+
 		return nil
 	}
-
-	err := dumpV1(acmeFile, baseConfig)
-	if err != nil {
-		return fmt.Errorf("v1: dump failed: %w", err)
-	}
-	return nil
 }
 
 func dumpV1(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	data := &v1.StoredData{}
+	data := &traefikv1.StoredData{}
 	err := readJSONFile(acmeFile, data)
 	if err != nil {
 		return err
 	}
 
-	return v1.Dump(data, baseConfig)
+	return dumperv1.Dump(data, baseConfig)
 }
 
 func dumpV2(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	data := map[string]*acme.StoredData{}
+	data := map[string]*traefikv2.StoredData{}
 	err := readJSONFile(acmeFile, &data)
 	if err != nil {
 		return err
 	}
 
-	return v2.Dump(data, baseConfig)
+	return dumperv2.Dump(data, baseConfig)
+}
+
+func dumpV3(acmeFile string, baseConfig *dumper.BaseConfig) error {
+	data := map[string]*traefikv3.StoredData{}
+	err := readJSONFile(acmeFile, &data)
+	if err != nil {
+		return err
+	}
+
+	return dumperv3.Dump(data, baseConfig)
 }
 
 func readJSONFile(acmeFile string, data interface{}) error {

dumper/file/file_test.go

@@ -1,7 +1,6 @@
 package file
 
 import (
-	"context"
 	"testing"
 
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
@@ -27,10 +26,14 @@ func TestDump(t *testing.T) {
 			acmeFile: "./fixtures/acme-v2.json",
 			version:  "v2",
 		},
+		{
+			desc:     "should dump traefik v3 file content",
+			acmeFile: "./fixtures/acme-v3.json",
+			version:  "v3",
+		},
 	}
 
 	for _, test := range testCases {
-		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
 
@@ -50,7 +53,7 @@ func TestDump(t *testing.T) {
 				Version: test.version,
 			}
 
-			err := Dump(context.Background(), test.acmeFile, cfg)
+			err := Dump(t.Context(), test.acmeFile, cfg)
 			require.NoError(t, err)
 		})
 	}

dumper/file/fixtures/acme-v3.json

@@ -0,0 +1,36 @@
+{
+  "default": {
+    "Account": {
+      "Email": "test@email.com",
+      "Registration": {
+        "body": {
+          "status": "valid",
+          "contact": [
+            "mailto:test@email.com"
+          ]
+        },
+        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/12345678"
+      },
+      "PrivateKey": "Q2VydGlmaWNhdGUgS2V5",
+      "KeyType": "4096"
+    },
+    "Certificates": [
+      {
+        "domain": {
+          "main": "my.domain.com"
+        },
+        "certificate": "Q2VydGlmaWNhdGU=",
+        "key": "Q2VydGlmaWNhdGUgS2V5",
+        "Store": "default"
+      },
+      {
+        "domain": {
+          "main": "my.domain2.com"
+        },
+        "certificate": "Q2VydGlmaWNhdGU=",
+        "key": "Q2VydGlmaWNhdGUgS2V5",
+        "Store": "default"
+      }
+    ]
+  }
+}

dumper/kv/convert.go

@@ -3,7 +3,7 @@ package kv
 import (
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/registration"
-	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
 // CertificateOld is used to store certificate info.
@@ -16,8 +16,6 @@ type CertificateOld struct {
 }
 
 // AccountOld is used to store lets encrypt registration info.
-//
-//nolint:musttag // tag are useless here.
 type AccountOld struct {
 	Email              string
 	Registration       *registration.Resource
@@ -41,14 +39,14 @@ type ChallengeCert struct {
 
 // DomainsCertificate contains a certificate for multiple domains.
 type DomainsCertificate struct {
-	Domains     v1.Domain
+	Domains     traefikv1.Domain
 	Certificate *CertificateOld
 }
 
 // convertOldAccount converts account information from old account format.
-func convertOldAccount(account *AccountOld) *v1.StoredData {
-	storedData := &v1.StoredData{
-		Account: &v1.Account{
+func convertOldAccount(account *AccountOld) *traefikv1.StoredData {
+	storedData := &traefikv1.StoredData{
+		Account: &traefikv1.Account{
 			PrivateKey:   account.PrivateKey,
 			Registration: account.Registration,
 			Email:        account.Email,
@@ -56,9 +54,9 @@ func convertOldAccount(account *AccountOld) *v1.StoredData {
 		},
 	}
 
-	var certs []*v1.Certificate
+	var certs []*traefikv1.Certificate
 	for _, oldCert := range account.DomainsCertificate.Certs {
-		certs = append(certs, &v1.Certificate{
+		certs = append(certs, &traefikv1.Certificate{
 			Certificate: oldCert.Certificate.Certificate,
 			Domain:      oldCert.Domains,
 			Key:         oldCert.Certificate.PrivateKey,

dumper/kv/kv.go

@@ -16,6 +16,7 @@ import (
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
 	"github.com/ldez/traefik-certs-dumper/v2/hook"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
 // DefaultStoreKeySuffix is the default suffix/storage.
@@ -76,7 +77,7 @@ func dumpPair(pair *store.KVPair, baseConfig *dumper.BaseConfig) error {
 	return v1.Dump(data, baseConfig)
 }
 
-func getStoredDataFromGzip(pair *store.KVPair) (*v1.StoredData, error) {
+func getStoredDataFromGzip(pair *store.KVPair) (*traefikv1.StoredData, error) {
 	reader, err := gzip.NewReader(bytes.NewBuffer(pair.Value))
 	if err != nil {
 		return nil, fmt.Errorf("fail to create GZip reader: %w", err)
@@ -88,6 +89,7 @@ func getStoredDataFromGzip(pair *store.KVPair) (*v1.StoredData, error) {
 	}
 
 	account := &AccountOld{}
+	//nolint:musttag // old format
 	if err := json.Unmarshal(acmeData, &account); err != nil {
 		return nil, fmt.Errorf("unable marshal AccountOld: %w", err)
 	}

dumper/v1/dumper.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
 const (
@@ -16,7 +17,7 @@ const (
 )
 
 // Dump Dumps data to certificates.
-func Dump(data *StoredData, baseConfig *dumper.BaseConfig) error {
+func Dump(data *traefikv1.StoredData, baseConfig *dumper.BaseConfig) error {
 	if baseConfig.Clean {
 		err := cleanDir(baseConfig.DumpPath)
 		if err != nil {
@@ -54,7 +55,7 @@ func Dump(data *StoredData, baseConfig *dumper.BaseConfig) error {
 	return os.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0o600)
 }
 
-func writeCert(dumpPath string, cert *Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeCert(dumpPath string, cert *traefikv1.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
@@ -66,7 +67,7 @@ func writeCert(dumpPath string, cert *Certificate, info dumper.FileInfo, domainS
 	return os.WriteFile(certPath, cert.Certificate, 0o666)
 }
 
-func writeKey(dumpPath string, cert *Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeKey(dumpPath string, cert *traefikv1.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
@@ -78,7 +79,7 @@ func writeKey(dumpPath string, cert *Certificate, info dumper.FileInfo, domainSu
 	return os.WriteFile(keyPath, cert.Key, 0o600)
 }
 
-func extractPEMPrivateKey(account *Account) []byte {
+func extractPEMPrivateKey(account *traefikv1.Account) []byte {
 	var block *pem.Block
 	switch account.KeyType {
 	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:

dumper/v2/dumper.go

@@ -8,7 +8,7 @@ import (
 
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
-	"github.com/traefik/traefik/v2/pkg/provider/acme"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv2"
 )
 
 const (
@@ -17,7 +17,7 @@ const (
 )
 
 // Dump Dumps data to certificates.
-func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error {
+func Dump(data map[string]*traefikv2.StoredData, baseConfig *dumper.BaseConfig) error {
 	if baseConfig.Clean {
 		err := cleanDir(baseConfig.DumpPath)
 		if err != nil {
@@ -63,7 +63,7 @@ func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error
 	return nil
 }
 
-func writeCert(dumpPath string, cert acme.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeCert(dumpPath string, cert traefikv2.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
@@ -75,7 +75,7 @@ func writeCert(dumpPath string, cert acme.Certificate, info dumper.FileInfo, dom
 	return os.WriteFile(certPath, cert.Certificate, 0o666)
 }
 
-func writeKey(dumpPath string, cert acme.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeKey(dumpPath string, cert traefikv2.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
@@ -87,7 +87,7 @@ func writeKey(dumpPath string, cert acme.Certificate, info dumper.FileInfo, doma
 	return os.WriteFile(keyPath, cert.Key, 0o600)
 }
 
-func extractPEMPrivateKey(account *acme.Account) []byte {
+func extractPEMPrivateKey(account *traefikv2.Account) []byte {
 	var block *pem.Block
 	switch account.KeyType {
 	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:

dumper/v3/dumper.go

@@ -0,0 +1,132 @@
+package v3
+
+import (
+	"encoding/pem"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/ldez/traefik-certs-dumper/v2/dumper"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv3"
+)
+
+const (
+	certsSubDir = "certs"
+	keysSubDir  = "private"
+)
+
+// Dump Dumps data to certificates.
+func Dump(data map[string]*traefikv3.StoredData, baseConfig *dumper.BaseConfig) error {
+	if baseConfig.Clean {
+		err := cleanDir(baseConfig.DumpPath)
+		if err != nil {
+			return fmt.Errorf("folder cleaning failed: %w", err)
+		}
+	}
+
+	if !baseConfig.DomainSubDir {
+		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0o755); err != nil {
+			return fmt.Errorf("certs folder creation failure: %w", err)
+		}
+	}
+
+	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0o755); err != nil {
+		return fmt.Errorf("keys folder creation failure: %w", err)
+	}
+
+	for _, store := range data {
+		for _, cert := range store.Certificates {
+			err := writeCert(baseConfig.DumpPath, cert.Certificate, baseConfig.CrtInfo, baseConfig.DomainSubDir)
+			if err != nil {
+				return fmt.Errorf("failed to write certificates: %w", err)
+			}
+
+			err = writeKey(baseConfig.DumpPath, cert.Certificate, baseConfig.KeyInfo, baseConfig.DomainSubDir)
+			if err != nil {
+				return fmt.Errorf("failed to write certificate keys: %w", err)
+			}
+		}
+
+		if store.Account == nil {
+			continue
+		}
+
+		privateKeyPem := extractPEMPrivateKey(store.Account)
+
+		err := os.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0o600)
+		if err != nil {
+			return fmt.Errorf("failed to write private key: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func writeCert(dumpPath string, cert traefikv3.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
+	if domainSubDir {
+		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
+			return err
+		}
+	}
+
+	return os.WriteFile(certPath, cert.Certificate, 0o666)
+}
+
+func writeKey(dumpPath string, cert traefikv3.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
+	if domainSubDir {
+		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
+			return err
+		}
+	}
+
+	return os.WriteFile(keyPath, cert.Key, 0o600)
+}
+
+func extractPEMPrivateKey(account *traefikv3.Account) []byte {
+	var block *pem.Block
+	switch account.KeyType {
+	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:
+		block = &pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: account.PrivateKey,
+		}
+	case certcrypto.EC256, certcrypto.EC384:
+		block = &pem.Block{
+			Type:  "EC PRIVATE KEY",
+			Bytes: account.PrivateKey,
+		}
+	default:
+		panic(fmt.Sprintf("unsupported key type: '%v'", account.KeyType))
+	}
+
+	return pem.EncodeToMemory(block)
+}
+
+func cleanDir(dumpPath string) error {
+	_, errExists := os.Stat(dumpPath)
+	if os.IsNotExist(errExists) {
+		return nil
+	}
+
+	if errExists != nil {
+		return errExists
+	}
+
+	dir, err := os.ReadDir(dumpPath)
+	if err != nil {
+		return err
+	}
+
+	for _, f := range dir {
+		if err := os.RemoveAll(filepath.Join(dumpPath, f.Name())); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

dumper/v3/filename.go

@@ -0,0 +1,8 @@
+//go:build !windows
+// +build !windows
+
+package v3
+
+func safeName(filename string) string {
+	return filename
+}

dumper/v3/filename_windows.go

@@ -0,0 +1,10 @@
+//go:build windows
+// +build windows
+
+package v3
+
+import "strings"
+
+func safeName(filename string) string {
+	return strings.ReplaceAll(filename, "*", "_")
+}

go.mod

@@ -1,10 +1,11 @@
 module github.com/ldez/traefik-certs-dumper/v2
 
-go 1.21
+go 1.24.0
 
 require (
-	github.com/fsnotify/fsnotify v1.6.0
-	github.com/go-acme/lego/v4 v4.14.0
+	github.com/charmbracelet/lipgloss v1.0.0
+	github.com/fsnotify/fsnotify v1.9.0
+	github.com/go-acme/lego/v4 v4.25.2
 	github.com/kvtools/boltdb v1.0.2
 	github.com/kvtools/consul v1.0.2
 	github.com/kvtools/etcdv2 v1.0.2
@@ -12,209 +13,78 @@ require (
 	github.com/kvtools/valkeyrie v1.0.0
 	github.com/kvtools/zookeeper v1.0.2
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/spf13/cobra v1.7.0
-	github.com/spf13/viper v1.16.0
-	github.com/stretchr/testify v1.8.4
-	github.com/traefik/traefik/v2 v2.10.6
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/viper v1.19.0
+	github.com/stretchr/testify v1.10.0
 )
 
 require (
-	cloud.google.com/go/compute v1.23.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 // indirect
-	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.24 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
-	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
-	github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect
-	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
-	github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.20.3 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 // indirect
-	github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect
-	github.com/aws/smithy-go v1.14.2 // indirect
-	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/civo/civogo v0.3.11 // indirect
-	github.com/cloudflare/cloudflare-go v0.70.0 // indirect
-	github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd // indirect
-	github.com/coreos/go-semver v0.3.0 // indirect
-	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
-	github.com/cpu/goacmedns v0.1.1 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/charmbracelet/x/ansi v0.4.2 // indirect
+	github.com/coreos/go-semver v0.3.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/deepmap/oapi-codegen v1.9.1 // indirect
-	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/dnsimple/dnsimple-go v1.2.0 // indirect
-	github.com/exoscale/egoscale v0.100.1 // indirect
-	github.com/fatih/color v1.15.0 // indirect
-	github.com/fatih/structs v1.1.0 // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
-	github.com/go-errors/errors v1.0.1 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-resty/resty/v2 v2.7.0 // indirect
-	github.com/go-zookeeper/zk v1.0.3 // indirect
-	github.com/gofrs/uuid v4.0.0+incompatible // indirect
+	github.com/fatih/color v1.18.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.1 // indirect
+	github.com/go-zookeeper/zk v1.0.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-github/v28 v28.1.1 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/s2a-go v0.1.5 // indirect
-	github.com/google/uuid v1.3.1 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
-	github.com/gophercloud/gophercloud v1.0.0 // indirect
-	github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
-	github.com/hashicorp/consul/api v1.26.1 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/hashicorp/consul/api v1.28.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-metrics v0.5.4 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/serf v0.10.1 // indirect
-	github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/serf v0.10.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/infobloxopen/infoblox-go-client v1.1.1 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 // indirect
-	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
-	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect
-	github.com/labbsr0x/goh v1.0.1 // indirect
-	github.com/linode/linodego v1.17.2 // indirect
-	github.com/liquidweb/go-lwApi v0.0.5 // indirect
-	github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
-	github.com/liquidweb/liquidweb-go v1.6.3 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.55 // indirect
-	github.com/mimuret/golang-iij-dpf v0.9.1 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
-	github.com/nrdcg/auroradns v1.1.0 // indirect
-	github.com/nrdcg/desec v0.7.0 // indirect
-	github.com/nrdcg/dnspod-go v0.4.0 // indirect
-	github.com/nrdcg/freemyip v0.2.0 // indirect
-	github.com/nrdcg/goinwx v0.8.2 // indirect
-	github.com/nrdcg/namesilo v0.2.1 // indirect
-	github.com/nrdcg/nodion v0.1.0 // indirect
-	github.com/nrdcg/porkbun v0.2.0 // indirect
-	github.com/nzdjb/go-metaname v1.0.0 // indirect
-	github.com/onsi/gomega v1.23.0 // indirect
-	github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
-	github.com/ovh/go-ovh v1.4.1 // indirect
-	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
-	github.com/pires/go-proxyproto v0.6.1 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pquerna/otp v1.4.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/sacloud/api-client-go v0.2.8 // indirect
-	github.com/sacloud/go-http v0.1.6 // indirect
-	github.com/sacloud/iaas-api-go v1.11.1 // indirect
-	github.com/sacloud/packages-go v0.0.9 // indirect
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 // indirect
-	github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect
-	github.com/softlayer/softlayer-go v1.1.2 // indirect
-	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
-	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.1 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect
-	github.com/traefik/paerser v0.2.0 // indirect
-	github.com/transip/gotransip/v6 v6.20.0 // indirect
-	github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c // indirect
-	github.com/unrolled/render v1.0.2 // indirect
-	github.com/vinyldns/go-vinyldns v0.9.16 // indirect
-	github.com/vulcand/predicate v1.2.0 // indirect
-	github.com/vultr/govultr/v2 v2.17.2 // indirect
-	github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect
-	github.com/yandex-cloud/go-sdk v0.0.0-20220805164847-cf028e604997 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.9 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.9 // indirect
-	go.etcd.io/etcd/client/v2 v2.305.7 // indirect
-	go.etcd.io/etcd/client/v3 v3.5.9 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	go.uber.org/ratelimit v0.2.0 // indirect
-	go.uber.org/zap v1.21.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.10.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
-	google.golang.org/api v0.128.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
-	google.golang.org/grpc v1.58.3 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/v2 v2.305.12 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.14 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.40.0 // indirect
+	golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/grpc v1.73.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/ns1/ns1-go.v2 v2.7.6 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-// Containous forks
-replace (
-	github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e
-	github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
-	github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f
-	github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
-)
-
 exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible

hook/hook_test.go

@@ -1,7 +1,6 @@
 package hook
 
 import (
-	"context"
 	"testing"
 )
 
@@ -22,7 +21,7 @@ func Test_execute(t *testing.T) {
 
 	for _, test := range testCases {
 		t.Run(test.desc, func(t *testing.T) {
-			err := execute(context.Background(), test.command)
+			err := execute(t.Context(), test.command)
 			if err != nil {
 				t.Fatal(err)
 			}

internal/traefikv1/acme.go

@@ -1,4 +1,4 @@
-package v1
+package traefikv1
 
 import (
 	"github.com/go-acme/lego/v4/certcrypto"

internal/traefikv2/acme.go

@@ -0,0 +1,101 @@
+package traefikv2
+
+import (
+	"crypto"
+	"crypto/x509"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+// StoredData represents the data managed by Store.
+type StoredData struct {
+	Account      *Account
+	Certificates []*CertAndStore
+}
+
+// Account is used to store lets encrypt registration info.
+type Account struct {
+	Email        string
+	Registration *registration.Resource
+	PrivateKey   []byte
+	KeyType      certcrypto.KeyType
+}
+
+// GetEmail returns email.
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource.
+func (a *Account) GetRegistration() *registration.Resource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key.
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
+	if err != nil {
+		return nil
+	}
+
+	return privateKey
+}
+
+// CertAndStore allows mapping a TLS certificate to a TLS store.
+type CertAndStore struct {
+	Certificate
+	Store string
+}
+
+// Certificate is a struct which contains all data needed from an ACME certificate.
+type Certificate struct {
+	Domain      Domain `json:"domain,omitempty" toml:"domain,omitempty" yaml:"domain,omitempty"`
+	Certificate []byte `json:"certificate,omitempty" toml:"certificate,omitempty" yaml:"certificate,omitempty"`
+	Key         []byte `json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty"`
+}
+
+// Domain holds a domain name with SANs.
+type Domain struct {
+	// Main defines the main domain name.
+	Main string `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// SANs defines the subject alternative domain names.
+	SANs []string `description:"Subject alternative names." json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty"`
+}
+
+// ToStrArray convert a domain into an array of strings.
+func (d *Domain) ToStrArray() []string {
+	var domains []string
+	if d.Main != "" {
+		domains = []string{d.Main}
+	}
+	return append(domains, d.SANs...)
+}
+
+// Set sets a domains from an array of strings.
+func (d *Domain) Set(domains []string) {
+	if len(domains) > 0 {
+		d.Main = domains[0]
+		d.SANs = domains[1:]
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (d *Domain) DeepCopyInto(out *Domain) {
+	*out = *d
+	if d.SANs != nil {
+		in, out := &d.SANs, &out.SANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Domain.
+func (d *Domain) DeepCopy() *Domain {
+	if d == nil {
+		return nil
+	}
+	out := new(Domain)
+	d.DeepCopyInto(out)
+	return out
+}

internal/traefikv3/acme.go

@@ -0,0 +1,101 @@
+package traefikv3
+
+import (
+	"crypto"
+	"crypto/x509"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+// StoredData represents the data managed by Store.
+type StoredData struct {
+	Account      *Account
+	Certificates []*CertAndStore
+}
+
+// Account is used to store lets encrypt registration info.
+type Account struct {
+	Email        string
+	Registration *registration.Resource
+	PrivateKey   []byte
+	KeyType      certcrypto.KeyType
+}
+
+// GetEmail returns email.
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource.
+func (a *Account) GetRegistration() *registration.Resource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key.
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
+	if err != nil {
+		return nil
+	}
+
+	return privateKey
+}
+
+// CertAndStore allows mapping a TLS certificate to a TLS store.
+type CertAndStore struct {
+	Certificate
+	Store string
+}
+
+// Certificate is a struct which contains all data needed from an ACME certificate.
+type Certificate struct {
+	Domain      Domain `json:"domain,omitempty" toml:"domain,omitempty" yaml:"domain,omitempty"`
+	Certificate []byte `json:"certificate,omitempty" toml:"certificate,omitempty" yaml:"certificate,omitempty"`
+	Key         []byte `json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty"`
+}
+
+// Domain holds a domain name with SANs.
+type Domain struct {
+	// Main defines the main domain name.
+	Main string `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// SANs defines the subject alternative domain names.
+	SANs []string `description:"Subject alternative names." json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty"`
+}
+
+// ToStrArray convert a domain into an array of strings.
+func (d *Domain) ToStrArray() []string {
+	var domains []string
+	if d.Main != "" {
+		domains = []string{d.Main}
+	}
+	return append(domains, d.SANs...)
+}
+
+// Set sets a domains from an array of strings.
+func (d *Domain) Set(domains []string) {
+	if len(domains) > 0 {
+		d.Main = domains[0]
+		d.SANs = domains[1:]
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (d *Domain) DeepCopyInto(out *Domain) {
+	*out = *d
+	if d.SANs != nil {
+		in, out := &d.SANs, &out.SANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Domain.
+func (d *Domain) DeepCopy() *Domain {
+	if d == nil {
+		return nil
+	}
+	out := new(Domain)
+	d.DeepCopyInto(out)
+	return out
+}

readme.md

@@ -18,16 +18,17 @@ If you appreciate this project:
     - from file ("acme.json")
     - from KV stores (Consul, Etcd, Zookeeper)
 - Output formats:
-    - use domain as sub-directory (allow custom names and extensions)
+    - use domain as subdirectory (allow custom names and extensions)
     - flat (domain as filename)
 - Hook (only with watch mode and if the data source changes)
+- Support Traefik v1, v2, and v3.
 
 ## Installation
 
 ### Download / CI Integration
 
 ```bash
-curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $(go env GOPATH)/bin v2.8.1
+curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $(go env GOPATH)/bin v2.9.3
 ```
 
 <!--
@@ -60,6 +61,7 @@ Examples:
 
 - Traefik v1: [docker-compose](docs/docker-compose-traefik-v1.yml)
 - Traefik v2: [docker-compose](docs/docker-compose-traefik-v2.yml)
+- Traefik v3: TODO
 
 ## Usage
 
@@ -69,12 +71,10 @@ Examples:
 
 ## Examples
 
-**Note:** to dump data from Traefik v2, the CLI flag `--version v2` must be added.
-
 ### Simple Dump
 
 ```console
-$ traefik-certs-dumper file
+$ traefik-certs-dumper file --version v3
 dump
 ├──certs
 │  └──my.domain.com.key
@@ -86,7 +86,7 @@ dump
 ### Change source and destination
 
 ```console
-$ traefik-certs-dumper file --source ./acme.json --dest ./dump/test
+$ traefik-certs-dumper file --version v3 --source ./acme.json --dest ./dump/test
 test
 ├──certs
 │  └──my.domain.com.key
@@ -98,7 +98,7 @@ test
 ### Use domain as sub-directory
 
 ```console
-$ traefik-certs-dumper file --domain-subdir=true
+$ traefik-certs-dumper file --version v3 --domain-subdir=true
 dump
 ├──my.domain.com
 │  ├──certificate.crt
@@ -110,7 +110,7 @@ dump
 #### Change file extension
 
 ```console
-$ traefik-certs-dumper file --domain-subdir --crt-ext=.pem --key-ext=.pem
+$ traefik-certs-dumper file --version v3 --domain-subdir --crt-ext=.pem --key-ext=.pem
 dump
 ├──my.domain.com
 │  ├──certificate.pem
@@ -122,7 +122,7 @@ dump
 #### Change file name
 
 ```console
-$ traefik-certs-dumper file --domain-subdir --crt-name=fullchain --key-name=privkey
+$ traefik-certs-dumper file --version v3 --domain-subdir --crt-name=fullchain --key-name=privkey
 dump
 ├──my.domain.com
 │  ├──fullchain.crt
@@ -133,24 +133,21 @@ dump
 
 ## Hook
 
-Hook can be a one liner passed as a string, or a file for more complex post-hook scenarios.
+Hook can be a one-liner passed as a string, or a file for more complex post-hook scenarios.
 For the former, create a file (ex: `hook.sh`) and mount it, then pass `sh hooksh` as a parameter to `--post-hook`.
 
 Here is a docker-compose example:
 
 ```yml
-version: '3.9'
-
 services:
 # ...
 
   traefik-certs-dumper:
-    image: ldez/traefik-certs-dumper:v2.8.1
+    image: ldez/traefik-certs-dumper:v2.9.3
     container_name: traefik-certs-dumper
     entrypoint: sh -c '
-      apk add jq
-      ; while ! [ -e /data/acme.json ]
-      || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do
+      while ! [ -e /data/acme.json ]
+      || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
       sleep 1
       ; done
       && traefik-certs-dumper file --version v2 --watch

tmpl.Dockerfile

@@ -1,24 +0,0 @@
-FROM golang:1-alpine as builder
-
-RUN apk --update upgrade \
-    && apk --no-cache --no-progress add git make gcc musl-dev ca-certificates tzdata
-
-WORKDIR /go/src/github.com/ldez/traefik-certs-dumper
-
-ENV GO111MODULE on
-COPY go.mod go.sum ./
-RUN go mod download
-
-COPY . .
-RUN GOARCH={{ .GoARCH }} GOARM={{ .GoARM }} make build
-
-FROM {{ .RuntimeImage }}
-
-# Not supported for multi-arch without Buildkit or QEMU
-#RUN apk --update upgrade \
-#    && apk --no-cache --no-progress add ca-certificates
-
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /go/src/github.com/ldez/traefik-certs-dumper/traefik-certs-dumper /usr/bin/traefik-certs-dumper
-
-ENTRYPOINT ["/usr/bin/traefik-certs-dumper"]