- Packages
- Isolate code used by the CLI into the package `cmd`
- (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv)
- Support non-ascii domain name (punnycode)
- Check all challenges in a predictable order
- No more global exported variables
- Archive revoked certificates
- Fixes revocation for subdomains and non-ascii domains
- Disable pending authorizations
- use pointer for RemoteError/ProblemDetails
- Poll authz URL instead of challenge URL
- The ability for a DNS provider to solve the challenge sequentially
- Check all nameservers in a predictable order
- Option to disable the complete propagation Requirement
- CLI, support for renew with CSR
- CLI, add SAN on renew
- Add command to list certificates.
- Logs every iteration of waiting for the propagation
- update DNSimple client
- update github.com/miekg/dns
This commit adds a new DNS provider for
[acme-dns](https://github.com/joohoi/acme-dns) to allow Lego to set
DNS-01 challenge response TXT with an ACME-DNS server automatically.
ACME-DNS allows ceding minimal zone editing permissions to the ACME
client and can be useful when the primary DNS provider for the zone does
not allow scripting/API access but can set a CNAME to an ACME-DNS
server.
Lower level ACME-DNS API calls & account loading/storing is handled by
the `github.com/cpu/goacmedns` library.
The provider loads existing ACME-DNS accounts from the specified JSON
file on disk. Any accounts the provider registers on behalf of the user
will also be saved to this JSON file.
When required, the provider handles registering accounts with the
ACME-DNS server domains that do not already have an ACME-DNS account.
This will halt issuance with an error prompting the user to set the
one-time manual CNAME required to delegate the DNS-01 challenge record
to the ACME-DNS server. Subsequent runs will use the account from disk
and assume the CNAME is in-place.
* Add dns provider duckdns see http://www.duckdns.org/spec.jsp for more info
* Add DNS challenge provider 'exec' (#508)
As discussed in #505, this commits adds a very simple DNS provider which
calls out to an external program which must then add or remove the DNS
record.
* Update duckdns to support caddy, and cleanup some comments
As discussed in #505, this commits adds a very simple DNS provider which
calls out to an external program which must then add or remove the DNS
record.
* Add otc provider.
* Added tests for provider otc.
* Format dns_providers
* fix getZoneId
* Add for tests for provider otc.
* Add proxy to transport in otc provider.
* Use DefaultTransport in otc provider.
* Make loginRequest private in provider otc.
* better error handling in provider otc.
* add more tests for provider otc.
* dns/route53: Allow specifying hosted zone ID
This commit adds support for specifying hosted zone ID via the
environment variable AWS_HOSTED_ZONE_ID. If this is not specified, the
previous discovery process is used.
This is useful in environments where multiple hosted zones for the same
domain name are present in an account.
* dns/route53: Fix up getHostedZoneID method params
Now that getHostedZoneID is a method on the DNSProvider struct, there is
no reason for it to take the Route53 client as a parameter - we can
simply use the reference stored in the struct.
The help documentation still points to the old environment variable
(DNSIMPLE_API_KEY) so attempts that use that fail with: `DNSimple OAuth token is missing`.
This updates it with the correct key `DNSIMPLE_OAUTH_TOKEN`.