Initial ACME Renewal Info (ARI) Implementation

[beautifulentropy]

Additions to cmd/cmd_renew.go:

• Optional flag --ari-enable to check the renewalInfo endpoint when evaluating whether a renewal is necessary and
• posting to the renewalInfo endpoint post-renewal to indicate that the certificate has been replaced.
• Optional flag --ari-hash-name to indicate the name of the hash expected by the renewalInfo endpoint (e.g. "SHA-256").
• Optional flag --ari-wait-to-renew-duration to indicate the duration you're willing to sleep for the renewal window suggested by the renewalInfo endpoint.

Additions to acme/api/certificate.go

• CertificateService.GetRenewalInfo() to support 4.1. Getting Renewal Information of draft-ietf-acme-ari-01
• CertificateService.UpdateRenewalInfo() to support 4.2. Updating Renewal Information of draft-ietf-acme-ari-01

Additions to acme/commons.go

• renewalInfo in Directory
• Various objects to support renewalInfo POST and GET

Additions to certificate/certificates.go

• Convenience methods to support renewalInfo Get and Update workflows in cmd/cmd_renew.go
• Function for deriving the CertID provided a certificate and issuer.

Fixes #1878

[ldez]

Hello,

can you fix the linting?

[beautifulentropy]

I cannot replicate this failure locally on Go 1.19.9:

=== RUN   Test_checkResponse
2023/05/16 15:17:45 [INFO] [] Server responded with a certificate.
--- PASS: Test_checkResponse (0.15s)
=== RUN   Test_checkResponse_issuerRelUp
2023/05/16 15:17:45 [INFO] [] Server responded with a certificate.
--- PASS: Test_checkResponse_issuerRelUp (0.12s)
=== RUN   Test_checkResponse_no_bundle
2023/05/16 15:17:45 [INFO] [] Server responded with a certificate.
--- PASS: Test_checkResponse_no_bundle (0.11s)
=== RUN   Test_checkResponse_alternate
2023/05/16 15:17:45 [INFO] [example.com] Server responded with a certificate for the preferred certificate chains "DST Root CA X3".
--- PASS: Test_checkResponse_alternate (0.05s)
=== RUN   Test_Get
--- PASS: Test_Get (0.05s)
=== RUN   Test_makeCertID
--- PASS: Test_makeCertID (0.00s)
=== RUN   TestGetRenewalInfo
--- PASS: TestGetRenewalInfo (0.15s)
=== RUN   TestGetRenewalInfoError
--- PASS: TestGetRenewalInfoError (0.11s)
=== RUN   TestRenewalInfo_ShouldRenew
--- PASS: TestRenewalInfo_ShouldRenew (0.00s)
=== RUN   TestUpdateRenewalInfo
--- PASS: TestUpdateRenewalInfo (0.11s)
=== RUN   TestUpdateRenewalInfoError
--- PASS: TestUpdateRenewalInfoError (0.09s)
PASS
coverage: 28.3% of statements
ok  	github.com/go-acme/lego/v4/certificate	1.106s	coverage: 28.3% of statements

I'm perfectly happy to remove this test as it's only testing one of the possible exit (in error) conditions. Please let me know what you'd like.

[beautifulentropy]

Would you be okay with adding an exclude line for:

Error: cmd/cmd_renew.go:123:1: cyclomatic complexity 16 of func `renewForDomains` is high (> 12) (gocyclo)

or do you have a way that you would otherwise like this to be refactored?

[ldez]

I will take a decision on the complexity when I will review the PR, for now, you can keep the code like that.

[ldez]

Your contribution to our project is much appreciated.
Thank you for taking the initiative to make things better!

What I have changed in your PR:

• comment format
• move code to dedicated files
• use sub-tests
• increase HTTP client timeout because Windows CI is very slow

[ldez]

@beautifulentropy I detected a variation from the RFC: the RFC says explanationURL instead of explanationUrl.

explanationURL follows the same naming rule (commons Go initialism) as certID.

https://www.ietf.org/archive/id/draft-ietf-acme-ari-01.html#section-4.1
https://www.ietf.org/archive/id/draft-ietf-acme-ari-01.html#section-4.2

I will open a PR to fix that but I wanted to inform you about that variation from the RFC.