Commit graph

784 commits

Author SHA1 Message Date
Daniel McCarney
04e2d74406 DNS Providers: Add ACME-DNS provider. (#591)
This commit adds a new DNS provider for
[acme-dns](https://github.com/joohoi/acme-dns) to allow Lego to set
DNS-01 challenge response TXT with an ACME-DNS server automatically.
ACME-DNS allows ceding minimal zone editing permissions to the ACME
client and can be useful when the primary DNS provider for the zone does
not allow scripting/API access but can set a CNAME to an ACME-DNS
server.

Lower level ACME-DNS API calls & account loading/storing is handled by
the `github.com/cpu/goacmedns` library.

The provider loads existing ACME-DNS accounts from the specified JSON
file on disk. Any accounts the provider registers on behalf of the user
will also be saved to this JSON file.

When required, the provider handles registering accounts with the
ACME-DNS server domains that do not already have an ACME-DNS account.
This will halt issuance with an error prompting the user to set the
one-time manual CNAME required to delegate the DNS-01 challenge record
to the ACME-DNS server. Subsequent runs will use the account from disk
and assume the CNAME is in-place.
2018-07-09 19:28:01 +02:00
Area128
d30c293647 SOA-API-EDIT should be SOA-EDIT-API (#593)
according to https://doc.powerdns.com/authoritative/domainmetadata.html#soa-edit-api
2018-07-03 16:14:43 +02:00
Daniel McCarney
8c82824a83 README: Change staging URL example for ACME v2. (#592) 2018-07-01 23:54:35 +02:00
Bill Shupp
e0d512138c Fix missing issuer certificates from Let's Encrypt (#587) 2018-07-01 02:35:39 +02:00
Derek Chen
3a1c6202f6 Lightsail: Fix Domain does not exist error (#512) 2018-07-01 02:24:20 +02:00
fuku
f9c0fbd298 Add DNS Provider for NIFCLOUD DNS (#532) 2018-07-01 02:13:22 +02:00
Bill Shupp
3f09ecc0b1 Add DNS Provider for VegaDNS (#553) 2018-07-01 01:45:24 +02:00
Ludovic Fernandez
9bb5589e17
feat: CA Server Name. (#590) 2018-07-01 01:12:36 +02:00
Ludovic Fernandez
a2543a2fde
Don't trust identifiers order. (#589)
ACME draft Section 7.4 "Applying for Certificate Issuance"
https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4
says:
	Clients SHOULD NOT make any assumptions about the sort order of
	"identifiers" or "authorizations" elements in the returned order
	object.
2018-07-01 01:06:46 +02:00
Ludovic Fernandez
94e14328ab
refactor: replace Dial by DialContext. (#585) 2018-07-01 00:55:57 +02:00
Robert Kästel
54422ab226 Order polling wait (#581) 2018-06-25 23:22:42 +02:00
Kazumichi Yamamoto
05921d9810 Add DNS Provider for SAKURA Cloud (#456) 2018-06-21 21:24:45 +02:00
Ludovic Fernandez
a1585a7b9a
Review DNS providers (#580)
* refactor: create log.Infof and log.Warnf
* refactor: review DNS providers.
    - use one `http.Client` by provider instead of one client by request
    - use the same receiver name `d` for all `DNSProvider`
    - use `http.MethodXXX`
* refactor: logger init.
2018-06-21 19:06:16 +02:00
Ludovic Fernandez
57782ac3c1
tls-alpn: add a function to return PEM blocks. (#579)
* feature(tls-alpn): add function to return PEM blocks.
2018-06-18 15:44:18 +02:00
Wyatt Johnson
d457f70ae0 TLS-ALPN-01 Challenge (#572)
* feat: implemented TLS-ALPN-01 challenge
2018-06-14 01:20:56 +02:00
Ludovic Fernandez
c4bbb4b819
Review DNS providers. (#565)
* refactor: review DNS providers.
2018-06-11 17:32:50 +02:00
Daniel McCarney
8f9e90b2a0 ACME HTTP: Allow customizing HTTP client x509.CertPool (#571)
This commit updates `acme/http.go` to allow customizing the
`*x509.CertPool` used by the `HTTPClient` by specifying the filepath of
a custom CA certificate via the `CA_CERTIFICATE` environment variable.

This allows developers to easily trust a non-standard CA when
interacting with an ACME test server (e.g. Pebble):

```
CA_CERTIFICATE=~/go/src/github.com/letsencrypt/pebble/test/certs/pebble.minica.pem \
lego \
  --server https://localhost:14000/dir \
  --email foo@bar.com \
  -d example.com \
  run
```
2018-06-11 15:45:59 +02:00
AndreKR
5005315fff dns/exec: Allow passing the program to the provider directly (#573)
This adds a function NewDNSProviderProgram() to the exec provider that allows to set the program to run directly instead of via the environment variable. This is similar to how other providers allow to set their credentials.
2018-06-10 13:51:01 -06:00
Ludovic Fernandez
7fedfd1388 fix: user-agent string order. (#566) 2018-06-03 12:23:01 -06:00
xenolf
27e0f97c9d
Fix wrong repository URL (#563) 2018-05-31 19:39:33 +02:00
nelsonkram
f17b1ce516 Added 'processing' status as valid challenge status (#561) 2018-05-31 17:22:37 +02:00
Wyatt Johnson
fefeb24353
Prepare release v1.0.0 (#559)
* Prepare release v1.0.0

* review: remove infrastructure items from CHANGELOG.md

* review: updated CHANGELOG.md message

* review: added ACME v1 reference in README.md

* review: README.md updates

* review: removed experimental note
2018-05-30 18:03:08 -06:00
Ludovic Fernandez
6004e599ed Manage vendor (#557)
* feat: add dep configuration files.

* chore: add vendor folder.

* refactor: update Dockerfile.

* review: remove git from Dockerfile.

* review: remove RUN apk.

* review: dep status.

* feat: added .dockerignore
2018-05-30 16:28:41 -06:00
Ludovic Fernandez
1b12c25e43 Add linters (#556)
* feat: add linters.
* fix: lint.
2018-05-30 16:03:55 -06:00
NicoMen
517f442fa3 Add details to the cloudflare error message (#452) 2018-05-30 20:26:07 +02:00
Dan Lüdtke
0593b64674 Fix gcloud naming inconsistency; parse projectID (#425)
This commit fixes the naming inconsistency of Google Cloud DNS being
named `googlecloud` in the source and `gcloud` in the user interface.
Furthermore, improving my previous commit, I realized that the project ID
is stored in the service account file. We can save one environment variable
when using service account file (e.g. in automation applications).
2018-05-30 20:20:21 +02:00
Ludovic Fernandez
e7fd871a9c
ACME V2 support (#555) 2018-05-30 19:53:04 +02:00
Pall Valmundsson
1d9b0906b1 Update Dockerfile (#484)
This updates the Dockerfile to use multi-stage builds and enables a build argument to specify which version or SHA is built.
2018-05-30 14:01:23 +02:00
Ludovic Fernandez
86f1721281
chore: ignore gitcookies. (#554) 2018-05-30 10:02:14 +02:00
Ludovic Fernandez
084e280934
Prepare release v0.5.0 (#552) 2018-05-30 02:58:11 +02:00
Ludovic Fernandez
3cc9a19a1c Add a release system. (#550)
* feat: add release system.
* feat: goreleaser.
* review: minor changes.
2018-05-29 11:40:00 -06:00
Daniel Alan Miller
8e9c5ac3e6 Adding output of which envvars are missing in Cloudflare and Azure (#537)
* Adding output of which envvars are missing in Cloudflare dns provider

* go fmt, duh

* Fixing & adding test(s)

* Adding azure missing env vars checking

* Fixing test

* Doh, fixing up expected output
2018-04-25 09:12:41 -06:00
dajenet
5922ca9269 Fix dnsimple api (#529) 2018-04-15 07:49:13 -06:00
Johannes Ebke
b2c4f3c84e route53: Use NewSessionWithOptions instead of deprecated New. Fixes #458. (#528) 2018-04-12 07:08:23 -06:00
Jefferson Girão
3c9be22bc0 Add Akamai FastDNS as DNS provider (#522)
* Adding support to Akamai FastDNS as DNS provider

* Adding fastdns to the list of dnsproviders
2018-04-03 08:22:13 -06:00
Kirby Files
5ebb80fb44 Add Bluecat DNS provider (#483) 2018-04-02 20:50:15 -06:00
Nick Maliwacki
d7fdc8f54a Add dns provider duckdns.org (#513)
* Add dns provider duckdns see http://www.duckdns.org/spec.jsp for more info

* Add DNS challenge provider 'exec' (#508)

As discussed in #505, this commits adds a very simple DNS provider which
calls out to an external program which must then add or remove the DNS
record.

* Update duckdns to support caddy, and cleanup some comments
2018-04-02 08:02:54 -06:00
Adrian Bjugård
1028c3b190 Add DNS-01 solver using the GleSYS API (#502)
* Add GleSYS DNS-01 solver

* API url is not overridden during tests

* Use logging package

* Correct documentation for NewDNSProvider
2018-03-31 08:33:48 -06:00
Alexander Neumann
2b18d40bab Add DNS challenge provider 'exec' (#508)
As discussed in #505, this commits adds a very simple DNS provider which
calls out to an external program which must then add or remove the DNS
record.
2018-03-27 08:10:38 -06:00
Remi Broemeling
2e0e9cd68f Slightly improve Dyn provider error reporting. (#473)
If Dyn responds with a 3xx or 4xx status code, information describing exactly
what went wrong is generally included in the body of the response (as part of
the typical Dyn JSON response). On the other hand, if Dyn responds with a 5xx
status code, we very likely have extremely limited information.

This commit modifies the reporting to display the explanatory messages included
in the body of the Dyn response for 3xx and 4xx status codes. The intent is to
make it much easier to determine what might be going wrong (when something is
going wrong).
2018-03-19 10:41:57 -06:00
Pat Moroney
91b13b10b9 add Name.com provider (#480)
* add Name.com provider

* add namedotcom provider env vars to output of cli.go
2018-03-14 11:43:09 -06:00
Derek Chen
bacb545c7a Add DNS provider: Lightsail (#460)
* add lightsail dns provider

* fix lint errors

* update exoscale.go

* add the docs for lightsail provider
2018-02-18 08:27:58 -07:00
Aaryaman Vasishta
4e330710a7 providers/azure: Refactor to work with Azure SDK version 14.0.0 (#490) 2018-02-14 13:28:02 -07:00
Giuem
06a8e7c475 Add DNS Provider for CloudXNS (#415)
* Add DNS Provider for CloudXNS

* Fix package path error

* Fix typo

CloudFlare -> CloudXNS

* Fix typo

makeReauest -> makeRequest

* Change http.Client to acme.HTTPClient
2018-02-02 20:41:35 +01:00
Ian Bishop
ed69aa0cc6 Fix PowerDNS zone URL, add leading slash (#476) 2018-02-02 20:32:18 +01:00
Zadkiel
e2b4c3a54f Add support for new Gandi Beta Platform: LiveDNS (#365)
* Add 'dns-01' in CLI usage's solver list

* Add Gandi Beta LiveDNS provider

* gandiv5: rename provider and enhance error messages

* gandiv5: clean old behavior comments

* gandiv5: clean old behavior comments
2018-02-02 20:22:33 +01:00
Philippe M. Chiasson
6bddbfd17a Use proxies from environment when making outbound http connections (#478)
Fixes #477
2018-01-25 09:10:08 -07:00
James Nugent
cc326ce155 cli: Correct help text for --dns-resolvers default (#462)
getNameservers in dns_challenge.go attempts to determine the system
resolvers from /etc/resolv.conf before using the Google DNS servers.
2018-01-15 22:11:42 +01:00
Daniel McCarney
a5a28d2e7f Add /directory to example NewClient caDirURL. (#471)
The `acme.NewClient` function's `caDirURL` argument is expected to be
the full path to the ACME server's directory endpoint. In the README
example of using Lego programmatically against a Boulder instance only
the hostname & port are provided but not the directory path:

   `"http://192.168.99.100:4000"`

This produces an error like:

```
2018/01/15 14:34:06 get directory at 'http://192.168.99.100:4000': invalid
character '<' looking for beginning of value
```

When used verbatim with a Boulder container since the `/directory` is
missing and "What is an ACME server" HTML index page is returned.

This commit updates the example to use:

 `"http://192.168.99.100:4000/directory"`

Which allows the example code to work with Boulder as-intended.
2018-01-15 22:05:27 +01:00
Yoan Blanc
62e0f1096f exoscale: update to latest egoscale version (#468)
Signed-off-by: Yoan Blanc <yoan.blanc@exoscale.ch>
2018-01-15 21:58:24 +01:00