Commit graph

910 commits

Author SHA1 Message Date
Unknown
eb711d3665 Merge branch 'authz-cleanup' 2017-05-03 16:13:45 +02:00
Unknown
f3fc555a98 Add explicit calls to disable authz on errors 2017-04-27 01:46:52 +02:00
jraby
b1fd84c6ff Add description for RFC2136 env vars (#385) 2017-04-25 20:01:22 -06:00
Makis Otman
5dfe609afb Update DNSimple instructions to use new env key (#374)
The help documentation still points to the old environment variable
(DNSIMPLE_API_KEY) so attempts that use that fail with: `DNSimple OAuth token is missing`.
This updates it with the correct key `DNSIMPLE_OAUTH_TOKEN`.
2017-04-05 12:28:06 -06:00
Luca Guidi
7668fe9274 Update error messages for DNSimple provider (#373) 2017-04-04 01:41:49 +02:00
Unknown
1293a4a35b Fix breaking change in azure SDK
Fixes #372
2017-04-04 00:33:46 +02:00
Manuel Valls Fernández
a111d61d85 Move nonce retry from jws to http (#367)
* Move nonce retry from jws to http

The error raised by an "invalid nonce" response never appeared
inside jws.go, but instead it was handled at http.go, so it makes
sense to move the retry logic to that file. The previous code from
jws.go had no effect and did not solve issues related to invalid
nonces.

* Rename retry response variable name for clarity
2017-03-30 02:25:34 +02:00
Unknown
ee0018c855 Remove conditional around rate limiting
Always limit LE requests to ~18 per second, no matter how many domains are being validated.
2017-03-30 02:06:43 +02:00
Mahmoud Abdelsalam
0e2937900b Add error checking for the jws httpPost (#360)
https://github.com/xenolf/lego/issues/359
2017-03-17 19:58:44 +01:00
Luca Guidi
e526fb5a1a Use DNSimple official Go client (#363) 2017-03-17 19:40:51 +01:00
Etienne
45beff7ed3 Add workaround for new-authz rate limits (#357) 2017-03-13 22:41:19 +01:00
Emilien Devos
6cac0ea7d8 Add lego installation via package manager for ArchLinux (#344) 2017-02-19 05:51:39 +01:00
xenolf
66d8acbf89 Add some better error messages to http and jws 2017-02-19 05:50:21 +01:00
Pavel Forkert
0c0d57a545 Log authorization urls (#350)
https://letsencrypt.org/docs/rate-limits/ says:
> The pending authorization objects are represented by URLs of the form https://acme-v01.api.letsencrypt.org/acme/authz/XYZ, and should show up in your client logs.
2017-02-19 05:30:33 +01:00
Pavel Forkert
661e5e690c Do not get stuck when server accidentally starts responding with bad data (#349)
If `links["next"] == ""` the early return does not send neither success, nor failure to outer code,
which leads to whole `getChallenges` method being stuck forever, cause it waits for either `resc` or `errc` to receive message.
2017-02-19 05:17:22 +01:00
xenolf
9f94aabbd2 Fix nonce error (#354)
* Adding a NonceError type to detect nonce errors

* Implement a one off retry on a nonce error.
2017-02-19 05:12:14 +01:00
Pavel Forkert
09d8a49bf2 Reduce nonce locking (#340)
* [reduce-locking] Prepare for change

* [reduce-locking] Do not lock on http request

* [reduce-locking] Move getNonce and getNonceFromResponse from jws struct cause they do not need access to it

* [reduce-locking] Extract nonceManager

* [reduce-locking] Add test that tries to show locking on http requests problem
2017-02-19 04:48:45 +01:00
Simone Carletti
be23e242c1 Fix invalid package name (#342) 2017-02-10 23:53:49 -07:00
Matt Holt
f5d538caab Close response body in error case and close first one (#341)
* Close response body in error case

* Ensure the body of both responses is closed when polling for cert

Also make a new const of maxBodySize, and cap the number of polls
to a maximum of 1000.

* More correct placement for polling limit

* Move const to the top
2017-01-15 16:54:49 +01:00
Fabio Berchtold
ce8fb060cb fix Vultr API calls (#335)
* fix Vultr API calls

Signed-off-by: Fabio Berchtold <jamesclonk@jamesclonk.ch>

* rename Vultr DNS structs

Signed-off-by: Fabio Berchtold <jamesclonk@jamesclonk.ch>
2016-12-27 00:46:13 +01:00
Jacob Hoffman-Andrews
ca19ea1c19 Fix example call to ObtainCertificate (#333)
The previous example left out the MustStaple argument.
2016-12-27 00:41:19 +01:00
Joe Shaw
e9c3078492 add issuer certificate to CertificateResource (#325)
* add issuer certificate to CertificateResource

Also write it out to the file system when running "lego run"

Removed caching of the issuer certificate inside the acme client, since
it didn't appear to be used.

* only append issuerCert to issuedCert in case of success

Effectively a no-op since issuerCert will be nil on error, but it seems
more correct to only do it if fetching the issuer succeeds.
2016-12-14 00:22:48 +01:00
Pavel Forkert
d149f14b6b Properly lock jws.nonces (#319)
Before read access to `nonces` field in jws structure (in `Nonces` method) was not synchronized and we were still able
to get `slice bounds out of range` panic when trying to "pop" value in `Nonces` method.

The race can be actually observed by running `Nonce` method multiple times in separate goroutines with th precondition is `len(jws.nonces) == 1`.
2016-12-13 09:49:37 +01:00
xenolf
cbd5d04c89 Fix OCSP must staple.
Fixes #327
2016-12-06 08:41:28 +01:00
Pavel Borzenkov
cc94601612 Fix build with azure-sdk v7.0.0-beta (#323)
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2016-11-30 23:05:55 +01:00
Gabe Rosenhouse
0abbd738a4 fix typo in help text (#320) 2016-11-20 02:40:51 +01:00
Thomas Recloux
0792ce9a9f Extract from CLI the name -> DNS provider mapping (#313)
* Extract from CLI the name -> DNS provider mapping

This avoids duplication in lib usage 
Ex : https://github.com/containous/traefik/pull/738#issuecomment-258810469

* Verify that we retrieve the good provider
2016-11-18 14:12:13 +01:00
decker
9f86882f77 Add dns provider for dnspod (#312) 2016-11-14 11:41:37 +01:00
xenolf
3db48c9e13 Fix HTTP-01 and TLS-SNI invalid port tests for go 1.8 2016-11-14 11:08:33 +01:00
xenolf
2abbe6d836 Tweak log message for a wrong host in HTTP-01
Fixes #314
2016-11-10 08:24:06 +01:00
Thomas Recloux
7615653a08 Add Exoscale DNS provider (#311) 2016-11-07 08:37:57 +01:00
Luke Hanley
800538520e Adds support for Rackspace DNS (#309)
* Working Rackspace Provider

* Finalize Rackspace DNS provider

Closes out #208. Adds mock API and testing.
2016-11-04 10:29:14 +01:00
Woz
306f5c06fa Dns from resolv.conf (#293)
* Get better dns server defaults if available

if an /etc/resolv.conf file exists, then get the dns servers from there

* fix handwritten code...

* Make discovering system dns servers more testable

Allow specifying path to resolv.conf file to allow testing logic

* add tests

* Log which resolvers we are using

* move log statement for dns resolvers used
2016-11-03 19:37:15 +01:00
Matthew Buckett
501b7b6e0f Remove existing records in gcloud (#308)
When record already exists in gcloud we can't add a new record without removing the other one first. This is a simple fix that doesn't attempt to create multiple entries for the record but just removes the previous data.

fixes #218
2016-11-02 15:47:17 +01:00
Matthew Buckett
85200a157c Azure DNS Provider (#307)
This is a first attempt at a working Azure DNS challenge provider.

Fixes #180
2016-11-02 15:33:57 +01:00
xenolf
72914df00f Add OCSP must staple support
Introduces a new command line switch `--must-staple` to `run` and `renew`.
Using this switch will add the must staple TLS extension to the CSR generated by lego and thus also to the generated certificate.
This does not work with user specified CSRs!

Fixes #270
2016-10-27 11:22:10 +02:00
Clint Armstrong
4bb8bea031 add memcached provider (#296)
* add memcached provider

* add testing
2016-10-24 11:03:18 +02:00
xenolf
e953bbc8b9 Leave ca-certificates in the docker image
Fixes #288
2016-10-18 22:55:27 +02:00
xenolf
bb51288200 Merge pull request #299 from edeckers/add-auroradns
Add AuroraDNS support
2016-10-18 10:26:37 +02:00
David Calavera
5f9a041680 Add NS1 DNS provider. (#295)
* Add NS1 DNS provider.

Integrates Lego with NS1 using their rest API.
It uses NS1's official Go package as client:

https://github.com/ns1/ns1-go

Signed-off-by: David Calavera <david.calavera@gmail.com>

* Add NS1 to the cli handlers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-10-18 10:20:15 +02:00
xenolf
85eddfa347 Remove check for auto renewed cert from . This is no longer part of the spec 2016-10-17 11:12:54 +02:00
xenolf
3690d6ecaa Merge pull request #301 from edeckers/bugfix/vet_json_tag_remove_unused_type
Fix duplicate json tag in recoveryKeyMessage
2016-10-17 09:37:24 +02:00
Ely Deckers
9058a3fa02 Add AuroraDNS-provider 2016-10-16 16:05:54 +02:00
Ely Deckers
4083ff8bc3 Fix duplicate json tag in recoveryKeyMessage
Fixed issue by removing unused recoveryKeyMessage struct

Issue appears in Go 1.8+ due to this improvement to vet:
https://go-review.googlesource.com/#/c/16704/
2016-10-15 19:32:28 +02:00
xenolf
96d81ae561 Fix integer overflow in gandi provider tests
Fixes #289
2016-10-04 23:08:24 +02:00
xenolf
f3cd0bfdee Merge pull request #292 from xenolf/provaddrfix
Document that challenge providers get replaced
2016-09-30 13:51:00 +02:00
Matthew Holt
70a2b229e2 Document that challenge providers get replaced on these calls 2016-09-28 18:19:52 -06:00
xenolf
ca0bd606b2 Merge pull request #280 from timewasted/dns-provider-linode
Add support for Linode as a DNS provider.
2016-09-26 10:46:22 +02:00
xenolf
82ac43327b Update version to 0.3.1 in readme and cli. Fixes #285 2016-09-12 09:50:14 +02:00
xenolf
bbfdc399bb Update docker image alpine version
#284
2016-09-09 14:51:32 +02:00