Commit graph

58 commits

Author SHA1 Message Date
Ludovic Fernandez
fe7a60ee0e
Uses a jittered exponential backoff (#794) 2019-02-09 05:40:45 +01:00
Matthew Horan
348b6f3721 Resolve CNAME when creating dns-01 challenge (#791)
* Resolve CNAME when creating dns-01 challenge

It may be desirable to host the dns-01 challenge in a zone other than
the one where the challenge is presented. For example, when validating
a.example.com, the challenge may need to live on example.org.

This change resolves CNAMEs encountered when determining the FQDN of the
challenge, and replaces them with the alias.

This PR is based on the original work in #584.

Co-authored-by: Gurvinder Singh <gurvinder.singh@uninett.no>

* review: feature-flip.

* review: restore acmedns test.
2019-02-09 05:02:58 +01:00
Danek Duvall
68568b7ded Log wildcard domain correctly in validation (#773) 2019-01-26 01:11:45 +01:00
Ludovic Fernandez
38f335dbe1
chore: update golangci-lint. (#757) 2019-01-11 19:23:27 +01:00
Ludovic Fernandez
43401f2475
New challenges management. (#741) 2019-01-03 16:59:53 +01:00
Ludovic Fernandez
820c2b7531
gcloud: fix for wildcard (#740) 2018-12-22 00:53:05 +01:00
Ludovic Fernandez
15764a17b6
fix: errors management in the prober. (#736) 2018-12-19 21:06:16 +01:00
Ludovic Fernandez
42941ccea6
Refactor the core of the lib (#700)
- Packages
- Isolate code used by the CLI into the package `cmd`
- (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) 
- Support non-ascii domain name (punnycode)
- Check all challenges in a predictable order
- No more global exported variables
- Archive revoked certificates
- Fixes revocation for subdomains and non-ascii domains
- Disable pending authorizations
- use pointer for RemoteError/ProblemDetails
- Poll authz URL instead of challenge URL
- The ability for a DNS provider to solve the challenge sequentially
- Check all nameservers in a predictable order
- Option to disable the complete propagation Requirement
- CLI, support for renew with CSR
- CLI, add SAN on renew
- Add command to list certificates.
- Logs every iteration of waiting for the propagation
- update DNSimple client
- update github.com/miekg/dns
2018-12-06 22:50:17 +01:00