Jan Broer
d03fb496c0
Refactor CloudFlare provider to have no 3rd party dependencies
2016-02-16 15:50:24 +01:00
xenolf
9900bf675a
Merge pull request #131 from xi2/master
...
Fix small typos in error messages
2016-02-15 18:00:06 +01:00
Michael Cross
78c36ef846
Fix small typos in error messages
2016-02-15 14:18:31 +00:00
xenolf
f1a1e081c8
Merge pull request #127 from xenolf/tweaks
...
Add go vet to the CI checks, fix vet errors and set default HTTP timeout to 10 seconds.
2016-02-15 00:02:11 +01:00
Matthew Holt
971541dc0a
Use http client with timeout of 10s
...
This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.
Fix vet errors and lint warnings
Add vet to CI check
Only get issuer certificate if it would be used
No need to make a GET request if the OCSP server is not specified in leaf certificate
Fix CI tests
Make tests verbose
2016-02-14 14:33:54 -07:00
xenolf
a44384f52f
Fix tests for new naming.
2016-02-14 22:07:27 +01:00
xenolf
21de29e902
Take the magic out of defaulting to the Server implementations of HTTP-01 and TLS-SNI-01
2016-02-14 16:57:06 +01:00
xenolf
7475e7f9c2
Move the HTTP-01 and TLS-SNI-01 default solvers to a more unified layout.
...
Made the solvers exported and added New... functions to them.
2016-02-14 16:56:14 +01:00
xenolf
00f13f2da0
Merge pull request #123 from willglynn/dns_provider_implies_dns_challenge
...
--dns=foo means we specifically intend to fulfill a DNS challenge
2016-02-14 02:01:21 +01:00
Will Glynn
3bceed427a
Make the --dns help message more explicit about disabling challenges
2016-02-13 18:42:47 -06:00
Will Glynn
030ba6877a
Document that --dns=provider specifically selects the DNS challenge
2016-02-13 18:31:04 -06:00
Will Glynn
fdc05d2942
--dns=foo means we specifically intend to fulfill a DNS challenge
2016-02-13 18:24:52 -06:00
xenolf
48cf387dd5
Run tests with multiple versions of go.
2016-02-14 01:03:40 +01:00
xenolf
bf66ac9e17
Resolve issue where the route53 tests would take 30secs to complete.
...
The default AWS HTTP client retries three times with a deadline of 10 seconds in order to fetch metadata from EC2. Replaced the default HTTP client with one that does not retry and has a low timeout.
2016-02-14 00:55:03 +01:00
xenolf
01ac49f59a
Merge pull request #101 from pkern/master
...
Allow to customize the TSIG algorithm and allow to omit the DNS port
2016-02-14 00:08:38 +01:00
Philipp Kern
f00f09f19c
Allow to specify RFC2136_NAMESERVER without the port.
...
Append the default DNS port if the nameserver specification does not
contain any.
2016-02-13 18:46:32 +01:00
Philipp Kern
b3d25a9a61
Allow to specify the TSIG algorithm for RFC2136 DNS-01 authentication.
...
Add a new environment variable RFC2136_TSIG_ALGORITHM that accepts the
TSIG algorithm pseudo-domain name. Let it default to
"hmac-md5.sig-alg.reg.int." if unset.
2016-02-13 18:46:28 +01:00
xenolf
f18ec353f1
Add CONTRIBUTING.md
2016-02-12 18:42:43 +01:00
xenolf
ba64faa4e1
Merge pull request #116 from janeczku/dns-check
...
Refactor DNS check
2016-02-11 02:50:28 +01:00
Adrien Carbonne
8850ac8bba
Minor fix, forgot package name
2016-02-10 17:00:20 +01:00
Jan Broer
b594acbc2a
Validation domain may be a CNAME or delegated to another NS
2016-02-10 16:56:50 +01:00
Adrien Carbonne
9a424abdee
Using the standard provider way
...
Other providers should be used with the SetChallengeProvider function
and should supply a New function. In your case this would be
NewHTTPProviderWebroot taking the path as an argument.
2016-02-10 16:55:10 +01:00
Adrien Carbonne
fdf059fbbd
Added a --webroot option for HTTP challenge
...
When using this option, the challenge will be written in a file in
".well-known/acme-challenge/" inside the given webroot folder.
This allows lego to work without binding any port at all.
2016-02-10 12:19:29 +01:00
Jan Broer
c97b5a52a1
Refactor DNS check
...
* Gets a list of all authoritative nameservers by looking up the NS RRs for the root domain (zone apex)
* Verifies that the expected TXT record exists on all nameservers before sending off the challenge to ACME server
2016-02-09 05:23:58 +01:00
Matt Holt
0dc1b5b7bf
Merge pull request #113 from willglynn/mention_staging_endpoint
...
Mention the Let's Encrypt staging endpoint in the README
2016-02-08 15:04:02 -07:00
Will Glynn
86ba08bb9e
Mention the Let's Encrypt staging endpoint in the README
2016-02-08 15:27:06 -06:00
xenolf
614f5ea7ce
Merge pull request #108 from xi2/http01-disable-keepalives
...
http-01 challenge: disable TCP connection reuse
2016-02-08 02:15:30 +01:00
xenolf
da953623bf
Add package comments to make the library and CLI more discoverable on godoc.org
...
Fixes #106
2016-02-08 01:59:03 +01:00
Michael Cross
9350fb4aef
http-01 challenge: disable TCP connection reuse
...
If TCP connection reuse (KeepAlives) are left on then, in a sequence
of challenges arising from a multiple-domain certficate, challenges
after the 1st can fail due to reusing the now defunct tcp connection
used in the first challenge. This has been observed when using the Go
standard library reverse proxy to forward the challenges to Lego.
Fixes #107
2016-02-07 13:40:47 +00:00
xenolf
e4978657b2
Merge pull request #102 from willglynn/aws_authentication
...
Add support for additional AWS authentication sources
2016-02-07 14:28:57 +01:00
Matt Holt
4efc9abf53
Merge pull request #104 from chrismoos/fix_ocsp
...
GetOCSPForCert should fail if there are no OCSP servers in the cert.
2016-02-07 05:43:23 -07:00
Chris Moos
7bdc9e26f7
GetOCSPCert should fail if there are no OCSP servers in the cert.
2016-02-06 23:19:32 -07:00
Matt Holt
1bb7d54178
Merge pull request #103 from willglynn/compact_iam_policy
...
Compact IAM policy
2016-02-06 18:23:21 -07:00
Will Glynn
fa8214b5b8
Reduce IAM policy to a more compact version
...
`Sid` is optional and can be omitted for brevity.
Both `route53:ListHostedZones` and `route53:GetChange` are allowed for
`*`, so they can be combined into a single statement.
Actions can be combined onto the same line, since it's equivalent JSON.
2016-02-06 19:06:21 -06:00
Will Glynn
13e01e1751
Add support for additional AWS authentication sources
...
AWS client tools commonly support passing credentials via
`AWS_ACCESS_KEY_ID` + `AWS_SECRET_ACCESS_KEY`, but supporting only this is
insufficient. For example, access key IDs provided by STS require passing in
`AWS_SECURITY_TOKEN` as a third value, and EC2 instances are often provided
dynamic credentials at runtime via the EC2 metadata service.
This changeset makes `lego` attempt to find credentials in the same way that
the `aws` CLI tool attempts to find credentials. The result is even less
auth code than before because `goamz` provides all this with `aws.GetAuth()`.
2016-02-06 18:38:40 -06:00
Matt Holt
1198444908
Merge pull request #99 from jehiah/http_head_error_99
...
Handle HEAD request errors
2016-02-06 13:20:50 -07:00
Jehiah Czebotar
9dc7fa9d52
httpHead: return error before referencying resp.Body
2016-02-06 15:06:42 -05:00
xenolf
3939b9f20b
Merge pull request #98 from jimmycuadra/readme-route53
...
Add full CLI example and IAM policy for Route 53 to the README.
2016-02-06 20:39:49 +01:00
Jimmy Cuadra
e800e75b59
Add full CLI example and IAM policy for Route 53 to the README. [ci
...
skip]
2016-02-05 02:44:09 -08:00
xenolf
be4e74d1aa
Merge pull request #97 from janeczku/route53-raw-string-literals
...
Route53 provider fixes
2016-02-05 04:05:25 +01:00
Jan Broer
bae7428c08
Fixes issues with the Present() method of Route53 provider:
...
- InvalidTXTRDATA error when creating TXT record (closes #94 )
- Present() should poll and wait until the status of the record change becomes INSYNC (thanks @oov)
Adds a retry/timeout utility function to dns_challenge.go that may be used in other places
2016-02-04 00:34:52 +01:00
xenolf
031c5b522e
Update the CHANGELOG
2016-01-31 00:30:35 +01:00
xenolf
3fed18cce9
Corrected AWS_REGION env variable name
2016-01-31 00:10:46 +01:00
xenolf
29423c6293
Merge pull request #91 from weppos/log-with-name
...
Add missing domain name for consistency
2016-01-30 23:58:21 +01:00
xenolf
1ab8907f82
Merge pull request #90 from weppos/dnsimple-subdomain
...
Fix bugs with subdomains
2016-01-30 23:57:27 +01:00
xenolf
b2bdf0c809
Merge pull request #89 from denquixote/lessmagicdnsresolver
...
dns_challenge preCheckDNS: let system resolver decide IPv4 ./. IPv6.
2016-01-30 23:51:30 +01:00
Simone Carletti
ae7184b339
Add missing domain name for consistency
...
Before the change:
2016/01/30 00:23:37 [INFO][simonecarletti.com, foo1.simonecarletti.com, foo2.simonecarletti.com, foo3.simonecarletti.com] acme: Obtaining bundled SAN certificate
2016/01/30 00:23:38 [INFO][simonecarletti.com] acme: Could not find solver for: tls-sni-01
2016/01/30 00:23:38 [INFO] acme: Trying to solve DNS-01
2016/01/30 00:23:42 [INFO][simonecarletti.com] The server validated our request
2016/01/30 00:23:44 [INFO] acme: Trying to solve DNS-01
2016/01/30 00:23:47 [INFO][foo1.simonecarletti.com] The server validated our request
2016/01/30 00:23:49 [INFO][foo2.simonecarletti.com] acme: Could not find solver for: tls-sni-01
2016/01/30 00:23:49 [INFO][foo2.simonecarletti.com] acme: Could not find solver for: http-01
2016/01/30 00:23:49 [INFO] acme: Trying to solve DNS-01
2016/01/30 00:23:53 [INFO][foo3.simonecarletti.com] acme: Could not find solver for: http-01
2016/01/30 00:23:53 [INFO] acme: Trying to solve DNS-01
2016/01/30 00:23:56 [INFO][foo3.simonecarletti.com] The server validated our request
After the change:
2016/01/30 00:27:58 [INFO][simonecarletti.com, foo1.simonecarletti.com, foo2.simonecarletti.com, foo3.simonecarletti.com] acme: Obtaining bundled SAN certificate
2016/01/30 00:27:59 [INFO][simonecarletti.com] acme: Could not find solver for: http-01
2016/01/30 00:27:59 [INFO][simonecarletti.com] acme: Trying to solve DNS-01
2016/01/30 00:28:12 [INFO][simonecarletti.com] The server validated our request
2016/01/30 00:28:14 [INFO][foo1.simonecarletti.com] acme: Could not find solver for: http-01
2016/01/30 00:28:14 [INFO][foo1.simonecarletti.com] acme: Trying to solve DNS-01
2016/01/30 00:28:19 [INFO][foo2.simonecarletti.com] acme: Could not find solver for: http-01
2016/01/30 00:28:19 [INFO][foo2.simonecarletti.com] acme: Could not find solver for: tls-sni-01
2016/01/30 00:28:19 [INFO][foo2.simonecarletti.com] acme: Trying to solve DNS-01
2016/01/30 00:28:22 [INFO][foo1.simonecarletti.com] The server validated our request
2016-01-30 22:17:41 +01:00
Simone Carletti
2e32f171d2
DNSimpleProvider: Fix wrong record deletion
...
This is a very subtle bug. In some specific circumstances, when the
list of domains in the SAN was > 1, the library may delete the wrong
record (specifically the last one) instead of the matching one.
The issue is explained here
https://groups.google.com/forum/#!topic/golang-nuts/tlWzJUWJKgA
Here's the output from one of the various tests
➜ lego git:(dnsimple-subdomain) ✗ DNSIMPLE_DOMAIN=simone.io go test -v ./... --run "TestLiveDNSimpleCleanUp"
? github.com/xenolf/lego [no test files]
=== RUN TestLiveDNSimpleCleanUp
2016/01/30 01:10:45 Empty records:
2016/01/30 01:10:45 0
2016/01/30 01:10:46 Fetched records:
2016/01/30 01:10:46 [{5326536 41571 v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC} {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC} {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC} {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}]
2016/01/30 01:10:46 Record name:
2016/01/30 01:10:46 _acme-challenge
2016/01/30 01:10:46 {5326536 41571 v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC}
2016/01/30 01:10:46 {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC}
2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
2016/01/30 01:10:46 Deleted>>
2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
2016/01/30 01:10:46 >>Deleted
2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
2016/01/30 01:10:46 Record to delete:
2016/01/30 01:10:46 1
2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
2016/01/30 01:10:46 Record to delete (foos):
2016/01/30 01:10:46 [{5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}]
2016/01/30 01:10:46 Found records to delete:
2016/01/30 01:10:46 1
2016/01/30 01:10:46 [0xc8203be240]
2016/01/30 01:10:46 &{5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
--- PASS: TestLiveDNSimpleCleanUp (3.10s)
PASS
ok github.com/xenolf/lego/acme 3.121s
The record 5340655 was supposed to be deleted, but 5340677 was deleted
instead (notice how the deleted record was always the last one in the
returned record set).
And of course the validation never passed
➜ letsencrypt-dnsimple git:(master) go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,foo1.simone.io,foo2.simone.io,foo3.simone.io
2016/01/30 00:27:55 .data/users/xxx@gmail.com
2016/01/30 00:27:55 {xxx@gmail.com <nil> 0xc82009a300}
2016/01/30 00:27:56 [INFO] acme: Registering account for xxx@gmail.com
2016/01/30 00:27:57 &{{ 116016 {RSA xxx} [mailto:xxx@gmail.com] } https://acme-staging.api.letsencrypt.org/acme/reg/116016 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf }
2016/01/30 00:27:58 [INFO][simone.io, foo1.simone.io, foo2.simone.io, foo3.simone.io] acme: Obtaining bundled SAN certificate
2016/01/30 00:27:59 [INFO][simone.io] acme: Could not find solver for: http-01
2016/01/30 00:27:59 [INFO][simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:00 simone.io
2016/01/30 00:28:00 &{0 0 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT <nil> <nil>}
2016/01/30 00:28:12 [INFO][simone.io] The server validated our request
2016/01/30 00:28:14 &{5340584 41571 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT 2016-01-29 23:28:00.828 +0000 UTC 2016-01-29 23:28:00.828 +0000 UTC}
2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:15 simone.io
2016/01/30 00:28:15 &{0 0 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT <nil> <nil>}
2016/01/30 00:28:19 &{5340585 41571 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT 2016-01-29 23:28:15.996 +0000 UTC 2016-01-29 23:28:15.996 +0000 UTC}
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:20 simone.io
2016/01/30 00:28:20 &{0 0 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT <nil> <nil>}
2016/01/30 00:28:22 [INFO][foo2.simone.io] The server validated our request
2016/01/30 00:28:23 &{5340586 41571 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT 2016-01-29 23:28:21.051 +0000 UTC 2016-01-29 23:28:21.051 +0000 UTC}
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:25 simone.io
2016/01/30 00:28:25 &{0 0 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT <nil> <nil>}
2016/01/30 00:28:27 [INFO][foo3.simone.io] The server validated our request
2016/01/30 00:28:28 &{5340587 41571 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT 2016-01-29 23:28:25.616 +0000 UTC 2016-01-29 23:28:25.616 +0000 UTC}
2016/01/30 00:28:28 map[foo1.simone.io:acme: Error 0 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.foo1.simone.io
Error Detail:
]
exit status 1
This is the result of the latest (successful) run:
➜ letsencrypt-dnsimple git:(master) ✗ go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,yy.simone.io,xx.simone.io
2016/01/30 21:34:01 .data/users/xxx@gmail.com
2016/01/30 21:34:01 {xxx@gmail.com <nil> 0xc820070480}
2016/01/30 21:34:02 [INFO] acme: Registering account for xxx@gmail.com
2016/01/30 21:34:03 &{{ 116199 {RSA xxx} [mailto:xxx@gmail.com] } https://acme-staging.api.letsencrypt.org/acme/reg/116199 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf }
2016/01/30 21:34:03 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Obtaining bundled SAN certificate
2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: http-01
2016/01/30 21:34:04 [INFO][simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:13 [INFO][simone.io] The server validated our request
2016/01/30 21:34:14 Searching for
2016/01/30 21:34:14 simone.io
2016/01/30 21:34:15 To delete:
2016/01/30 21:34:15 {5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}
2016/01/30 21:34:15 Will delete:
2016/01/30 21:34:15 [{5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}]
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: http-01
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:18 [INFO][yy.simone.io] The server validated our request
2016/01/30 21:34:19 Searching for
2016/01/30 21:34:19 yy.simone.io
2016/01/30 21:34:19 To delete:
2016/01/30 21:34:19 {5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}
2016/01/30 21:34:19 Will delete:
2016/01/30 21:34:19 [{5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}]
2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:23 [INFO][xx.simone.io] The server validated our request
2016/01/30 21:34:23 Searching for
2016/01/30 21:34:23 xx.simone.io
2016/01/30 21:34:24 To delete:
2016/01/30 21:34:24 {5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}
2016/01/30 21:34:24 Will delete:
2016/01/30 21:34:24 [{5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}]
2016/01/30 21:34:25 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Validations succeeded; requesting certificates
2016/01/30 21:34:26 [INFO] acme: Requesting issuer cert from https://acme-staging.api.letsencrypt.org/acme/issuer-cert
2016/01/30 21:34:26 [INFO][simone.io] Server responded with a certificate.
[INFO][https://acme-staging.api.letsencrypt.org/acme/cert/fae971fcb1ce12 c4d3bb95a1f577786cccfe] Certificate simone.io, yy.simone.io, xx.simone.io2016/01/30 21:34:26 145 <nil>
2016/01/30 21:34:26 .data/certs/1454186041
2016/01/30 21:34:26 completed!
2016-01-30 22:14:29 +01:00
Den Quixote
0e53e51ba5
dns_challenge preCheckDNS: let system resolver decide IPv4 ./. IPv6.
...
We can ask the OS resolver for the IP of Google's public anycast DNS.
No need to "bootstrap" with literal IP address. The OS resolver knows
best about IPv4 ./. IPv6.
Mostly fixes #88 .
2016-01-30 19:39:10 +01:00
xenolf
316cb44f80
Update usage in README
2016-01-30 02:43:35 +01:00