Commit graph

618 commits

Author SHA1 Message Date
jraby
a5eaf85c89 RFC2136_TIMEOUT: tuneable DNS propagation timeout (#386)
Useful for slower DNS environment.

Time string is parsed with time.ParseDuration, so units are mandatory
(eg. RFC2136_TIMEOUT=10m)
2017-07-17 22:05:47 +02:00
Janez Troha
147b326cb0 acme/http: saner http client timeouts (#377)
LE is becoming quite popular and it was observed that response time can be around 15s. I've increased this to 30s and added changes recomended here https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
2017-07-17 21:57:01 +02:00
James Nugent
b2aab0377c dns/route53: Allow specifying hosted zone ID (#345)
* dns/route53: Allow specifying hosted zone ID

This commit adds support for specifying hosted zone ID via the
environment variable AWS_HOSTED_ZONE_ID. If this is not specified, the
previous discovery process is used.

This is useful in environments where multiple hosted zones for the same
domain name are present in an account.

* dns/route53: Fix up getHostedZoneID method params

Now that getHostedZoneID is a method on the DNSProvider struct, there is
no reason for it to take the Route53 client as a parameter - we can
simply use the reference stored in the struct.
2017-07-17 21:50:53 +02:00
Dan Lüdtke
dd74b99f8d RFC: providers/dns: add Service Account authorization option to gcloud (#408)
* providers/dns: add Service Account authorization option to gcloud

* providers/dns: use os.LookupEnv() for local ENV var
2017-07-17 21:40:57 +02:00
xenolf
192334c448 Lego version 0.4.0 2017-07-13 03:17:00 +02:00
Christian Groschupp
28ead50ff1 delete go version 1.6.3 from travis ci and add 1.8. (#402) 2017-06-18 11:58:28 -06:00
Wilk
aaa8e70aec CLI example with --days (#388) 2017-05-05 16:12:59 +02:00
theshamuel
25dd6b8fd7 Update azure.go (#391) 2017-05-03 16:53:59 +02:00
Unknown
eb711d3665 Merge branch 'authz-cleanup' 2017-05-03 16:13:45 +02:00
Unknown
f3fc555a98 Add explicit calls to disable authz on errors 2017-04-27 01:46:52 +02:00
jraby
b1fd84c6ff Add description for RFC2136 env vars (#385) 2017-04-25 20:01:22 -06:00
Makis Otman
5dfe609afb Update DNSimple instructions to use new env key (#374)
The help documentation still points to the old environment variable
(DNSIMPLE_API_KEY) so attempts that use that fail with: `DNSimple OAuth token is missing`.
This updates it with the correct key `DNSIMPLE_OAUTH_TOKEN`.
2017-04-05 12:28:06 -06:00
Luca Guidi
7668fe9274 Update error messages for DNSimple provider (#373) 2017-04-04 01:41:49 +02:00
Unknown
1293a4a35b Fix breaking change in azure SDK
Fixes #372
2017-04-04 00:33:46 +02:00
Manuel Valls Fernández
a111d61d85 Move nonce retry from jws to http (#367)
* Move nonce retry from jws to http

The error raised by an "invalid nonce" response never appeared
inside jws.go, but instead it was handled at http.go, so it makes
sense to move the retry logic to that file. The previous code from
jws.go had no effect and did not solve issues related to invalid
nonces.

* Rename retry response variable name for clarity
2017-03-30 02:25:34 +02:00
Unknown
ee0018c855 Remove conditional around rate limiting
Always limit LE requests to ~18 per second, no matter how many domains are being validated.
2017-03-30 02:06:43 +02:00
Mahmoud Abdelsalam
0e2937900b Add error checking for the jws httpPost (#360)
https://github.com/xenolf/lego/issues/359
2017-03-17 19:58:44 +01:00
Luca Guidi
e526fb5a1a Use DNSimple official Go client (#363) 2017-03-17 19:40:51 +01:00
Etienne
45beff7ed3 Add workaround for new-authz rate limits (#357) 2017-03-13 22:41:19 +01:00
Emilien Devos
6cac0ea7d8 Add lego installation via package manager for ArchLinux (#344) 2017-02-19 05:51:39 +01:00
xenolf
66d8acbf89 Add some better error messages to http and jws 2017-02-19 05:50:21 +01:00
Pavel Forkert
0c0d57a545 Log authorization urls (#350)
https://letsencrypt.org/docs/rate-limits/ says:
> The pending authorization objects are represented by URLs of the form https://acme-v01.api.letsencrypt.org/acme/authz/XYZ, and should show up in your client logs.
2017-02-19 05:30:33 +01:00
Pavel Forkert
661e5e690c Do not get stuck when server accidentally starts responding with bad data (#349)
If `links["next"] == ""` the early return does not send neither success, nor failure to outer code,
which leads to whole `getChallenges` method being stuck forever, cause it waits for either `resc` or `errc` to receive message.
2017-02-19 05:17:22 +01:00
xenolf
9f94aabbd2 Fix nonce error (#354)
* Adding a NonceError type to detect nonce errors

* Implement a one off retry on a nonce error.
2017-02-19 05:12:14 +01:00
Pavel Forkert
09d8a49bf2 Reduce nonce locking (#340)
* [reduce-locking] Prepare for change

* [reduce-locking] Do not lock on http request

* [reduce-locking] Move getNonce and getNonceFromResponse from jws struct cause they do not need access to it

* [reduce-locking] Extract nonceManager

* [reduce-locking] Add test that tries to show locking on http requests problem
2017-02-19 04:48:45 +01:00
Simone Carletti
be23e242c1 Fix invalid package name (#342) 2017-02-10 23:53:49 -07:00
Matt Holt
f5d538caab Close response body in error case and close first one (#341)
* Close response body in error case

* Ensure the body of both responses is closed when polling for cert

Also make a new const of maxBodySize, and cap the number of polls
to a maximum of 1000.

* More correct placement for polling limit

* Move const to the top
2017-01-15 16:54:49 +01:00
Fabio Berchtold
ce8fb060cb fix Vultr API calls (#335)
* fix Vultr API calls

Signed-off-by: Fabio Berchtold <jamesclonk@jamesclonk.ch>

* rename Vultr DNS structs

Signed-off-by: Fabio Berchtold <jamesclonk@jamesclonk.ch>
2016-12-27 00:46:13 +01:00
Jacob Hoffman-Andrews
ca19ea1c19 Fix example call to ObtainCertificate (#333)
The previous example left out the MustStaple argument.
2016-12-27 00:41:19 +01:00
Joe Shaw
e9c3078492 add issuer certificate to CertificateResource (#325)
* add issuer certificate to CertificateResource

Also write it out to the file system when running "lego run"

Removed caching of the issuer certificate inside the acme client, since
it didn't appear to be used.

* only append issuerCert to issuedCert in case of success

Effectively a no-op since issuerCert will be nil on error, but it seems
more correct to only do it if fetching the issuer succeeds.
2016-12-14 00:22:48 +01:00
Pavel Forkert
d149f14b6b Properly lock jws.nonces (#319)
Before read access to `nonces` field in jws structure (in `Nonces` method) was not synchronized and we were still able
to get `slice bounds out of range` panic when trying to "pop" value in `Nonces` method.

The race can be actually observed by running `Nonce` method multiple times in separate goroutines with th precondition is `len(jws.nonces) == 1`.
2016-12-13 09:49:37 +01:00
xenolf
cbd5d04c89 Fix OCSP must staple.
Fixes #327
2016-12-06 08:41:28 +01:00
Pavel Borzenkov
cc94601612 Fix build with azure-sdk v7.0.0-beta (#323)
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2016-11-30 23:05:55 +01:00
Gabe Rosenhouse
0abbd738a4 fix typo in help text (#320) 2016-11-20 02:40:51 +01:00
Thomas Recloux
0792ce9a9f Extract from CLI the name -> DNS provider mapping (#313)
* Extract from CLI the name -> DNS provider mapping

This avoids duplication in lib usage 
Ex : https://github.com/containous/traefik/pull/738#issuecomment-258810469

* Verify that we retrieve the good provider
2016-11-18 14:12:13 +01:00
decker
9f86882f77 Add dns provider for dnspod (#312) 2016-11-14 11:41:37 +01:00
xenolf
3db48c9e13 Fix HTTP-01 and TLS-SNI invalid port tests for go 1.8 2016-11-14 11:08:33 +01:00
xenolf
2abbe6d836 Tweak log message for a wrong host in HTTP-01
Fixes #314
2016-11-10 08:24:06 +01:00
Thomas Recloux
7615653a08 Add Exoscale DNS provider (#311) 2016-11-07 08:37:57 +01:00
Luke Hanley
800538520e Adds support for Rackspace DNS (#309)
* Working Rackspace Provider

* Finalize Rackspace DNS provider

Closes out #208. Adds mock API and testing.
2016-11-04 10:29:14 +01:00
Woz
306f5c06fa Dns from resolv.conf (#293)
* Get better dns server defaults if available

if an /etc/resolv.conf file exists, then get the dns servers from there

* fix handwritten code...

* Make discovering system dns servers more testable

Allow specifying path to resolv.conf file to allow testing logic

* add tests

* Log which resolvers we are using

* move log statement for dns resolvers used
2016-11-03 19:37:15 +01:00
Matthew Buckett
501b7b6e0f Remove existing records in gcloud (#308)
When record already exists in gcloud we can't add a new record without removing the other one first. This is a simple fix that doesn't attempt to create multiple entries for the record but just removes the previous data.

fixes #218
2016-11-02 15:47:17 +01:00
Matthew Buckett
85200a157c Azure DNS Provider (#307)
This is a first attempt at a working Azure DNS challenge provider.

Fixes #180
2016-11-02 15:33:57 +01:00
xenolf
72914df00f Add OCSP must staple support
Introduces a new command line switch `--must-staple` to `run` and `renew`.
Using this switch will add the must staple TLS extension to the CSR generated by lego and thus also to the generated certificate.
This does not work with user specified CSRs!

Fixes #270
2016-10-27 11:22:10 +02:00
Clint Armstrong
4bb8bea031 add memcached provider (#296)
* add memcached provider

* add testing
2016-10-24 11:03:18 +02:00
xenolf
e953bbc8b9 Leave ca-certificates in the docker image
Fixes #288
2016-10-18 22:55:27 +02:00
xenolf
bb51288200 Merge pull request #299 from edeckers/add-auroradns
Add AuroraDNS support
2016-10-18 10:26:37 +02:00
David Calavera
5f9a041680 Add NS1 DNS provider. (#295)
* Add NS1 DNS provider.

Integrates Lego with NS1 using their rest API.
It uses NS1's official Go package as client:

https://github.com/ns1/ns1-go

Signed-off-by: David Calavera <david.calavera@gmail.com>

* Add NS1 to the cli handlers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-10-18 10:20:15 +02:00
xenolf
85eddfa347 Remove check for auto renewed cert from . This is no longer part of the spec 2016-10-17 11:12:54 +02:00
xenolf
3690d6ecaa Merge pull request #301 from edeckers/bugfix/vet_json_tag_remove_unused_type
Fix duplicate json tag in recoveryKeyMessage
2016-10-17 09:37:24 +02:00