Commit graph

475 commits

Author SHA1 Message Date
xenolf
a42a5f66d7 Add initial TLS-SNI-02 challenge 2016-06-29 16:51:28 +02:00
xenolf
0eba8326e9 Merge pull request #231 from paybyphone/paybyphone_dns_ttl
providers/dns/route53: Adjust DNS challenge TTL to 10 seconds
2016-06-29 16:21:13 +02:00
xenolf
02f0c50815 Merge pull request #234 from jboelter/master
Add optional support for .pem output (.crt + .key)
2016-06-21 02:30:01 +02:00
Joshua Boelter
941e753c80 Add optional support for .pem output (.crt + .key) 2016-06-18 22:55:15 -07:00
Chris Marchesi
64f8e0d225 providers/dns/route53: Adjust DNS challenge TTL to 10 seconds
While more than likely never to come up in a real-world situation,
during renewal integration testing a value of 120 seconds has
proven to be too high (the old challenge record has not expired
by the time the new one is created).
2016-06-17 16:07:37 -07:00
xenolf
b2fad61981 Merge pull request #224 from paybyphone/support_existing_csr
Support existing CSRs (update to #122)
2016-06-16 01:01:12 +02:00
Chris Marchesi
575370e196 cert: Extend acme.CertificateResource, support CSRs on renew
client.RenewCertificate now supports CSRs, and in fact prefers them,
when renewing certificates. In other words, if the certificate was
created via a CSR then using that will be attempted before re-generating
off a new private key.

Also adjusted the API of ObtainCertificateForCSR to be a little
more in line with the original ObtainCertificate function.
2016-06-14 21:15:25 -07:00
Will Glynn
01e2a30802 Document --csr flag 2016-06-14 21:15:25 -07:00
Will Glynn
333af54906 Add --csr option to generate a certificate for an existing CSR 2016-06-14 21:15:25 -07:00
Will Glynn
8d7afd02b9 Add ObtainCertificateForCSR()
This commit also breaks requestCertificate() into two parts, the first of
which generates a CSR, the second of which became requestCertificateForCsr()
which does what the name implies.
2016-06-14 21:15:25 -07:00
xenolf
c570b320ae Merge pull request #222 from connctd/registration
In case of conflict during registration, the old registration is now recovered
2016-06-14 13:13:50 +02:00
Till Klocke
402756c1c5 registration message in case of conflict 409 should not contain contact details 2016-06-14 09:50:12 +02:00
xenolf
a9d8cec0e6 Merge pull request #227 from dmcgowan/add-rsc-changes
Change TLS SNI Challenge Cert function to return domain
2016-06-14 01:31:55 +02:00
Derek McGowan
be785fda33 Updated original signature and removed new function 2016-06-12 22:57:22 -07:00
xenolf
a4dfe5a7e7 Merge pull request #230 from doherty/account-json-executable
Write account.json without executable bit set
2016-06-13 03:01:50 +02:00
Mike Doherty
58758f4761 Write account.json without executable bit set
Fixes gh-229
2016-06-11 23:17:11 -07:00
Russ Cox
c8b0781028 Add TLS SNI Challenge function which returns domain
Used by rsc.io/letsencrypt to get the challenge domain.
Originally committed under rsc.io/letsencrypt/vendor.
2016-06-10 11:47:43 -07:00
xenolf
cae9c70e1e Merge pull request #223 from paybyphone/paybyphone_reg_read_delete
reg: Add Query and Delete functions
2016-06-09 21:26:13 +02:00
Chris Marchesi
3028225371 reg: Add Query and Delete functions
Add 2 new functions to acme.Client for registration stuff:

 * QueryRegistration: This performs a POST on the client
   registration's URI and gets the updated registration info.
 * DeleteRegistration: This deletes the registration as currently
   configured in the client.

The latter, while a part of the IETF draft, may not be 100%
functional in LE yet, my tests showed that resources were still
available after deletion.
2016-06-08 16:36:42 -07:00
Till Klocke
599eb9a739 In case of conflict during registration, the old registration is now recovered 2016-06-06 15:32:02 +02:00
xenolf
30a7a8e882 Merge pull request #215 from zealic/master
Add dns-timeout support.
2016-05-27 13:43:23 +02:00
zealic
88932f9167 Add dns-timeout support. 2016-05-25 11:22:09 +08:00
xenolf
b119bc45fb Add "http-timeout" CLI flag.
This allows for an override of the default HTTP timeout for library HTTP requests.
Fixes #207.
2016-05-19 18:52:58 +02:00
xenolf
9e0c21c439 Add HTTPTimeout variable to http.go.
This lets users of this library override the default internal timeout for HTTP requests issued by the library. The default is 10 seconds.
2016-05-19 18:51:47 +02:00
xenolf
1389afd8d8 Better cloudflare API error handling. Report all errors if more then one error is available. 2016-05-19 18:33:35 +02:00
xenolf
7a24c51c48 Merge pull request #213 from ByStones/pwd
Allow setting "--path" even if os.Getwd() fails
2016-05-18 00:06:12 +02:00
Felix Stein
e7292edf3c Allow setting "--path" even if os.Getwd() fails 2016-05-16 19:10:28 +02:00
xenolf
a62452db95 Merge pull request #209 from slon/master
Report error from command line parser to user.
2016-05-15 21:15:22 +02:00
Fedor Korotkiy
2460688c35 Report App error to user. 2016-05-14 18:11:26 +03:00
xenolf
b5d5eee2dd Update usage of codegangster/cli to remove deprecation warning.
Fixes #206.
2016-05-12 19:52:59 +02:00
xenolf
948483535f Merge pull request #204 from aebruno/fix-dyn-subdomains
Fixes #199
2016-04-27 13:07:41 +02:00
Andrew E. Bruno
ecf664eaef Fixes #199
Dyn provider was using incorrect zone in Present and Cleanup functions.
This uses FindZoneByFqdn() to find the correct zone for use in the
subsequent API calls.
2016-04-26 22:36:48 -04:00
xenolf
06124e0954 Merge pull request #201 from janeczku/route53-fix-priv-zone
Route 53: Make sure we don't provision to a private hosted zone
2016-04-22 02:03:12 +02:00
xenolf
d93c71b61f Loading an account from file should fail if a integral part is nil.
Fixes #191
2016-04-22 01:53:50 +02:00
JanB
4d9e4f1487 Make sure we don't provision to a private hosted zone
Route 53 allows multiple zones with the same name to co-exist in an
account. The most common use case for this is a split-view DNS with one
private and one public zone for the same domain name. This patch makes
sure we don’t ever provision the authorization record to the private
zone.
The other case where a user has multiple public zones with the same
name is not covered here since this would require a bigger change in
code in order to determine which of the zones is active from the
viewpoint of the internet. Also this is probably an edge use case that
can be addressed once it comes up in the issues.
2016-04-21 15:47:43 +02:00
xenolf
96a24777ff Update changelog 2016-04-19 20:57:16 +02:00
xenolf
562781dd19 Merge pull request #196 from JoyceBabu/patch-1
Optimized Dockerfile for smaller image size
2016-04-19 10:18:03 +02:00
Joyce Babu
8482f665f6 Optimized Dockerfile for smaller image size
I have modified the official Dockerfile and made two changes

- Each RUN instruction creates an additional layer in the docker image. Adding files in one RUN instruction and deleting it in another RUN instruction will not reduce the size of the image. I used a single RUN command so that all the package/file removal happens in the same command in which the package installation happens, so that no additional layers are created.
- Similar to RUN statement, ADD instruction also creates an additional layer. Using git clone in the RUN statement and deleting it within the same statement ensures that an additional layer with source files is not added.
2016-04-19 13:43:22 +05:30
xenolf
684400fe76 Merge pull request #193 from janeczku/fix-dnsimple
Fix broken DNSimple provider
2016-04-18 01:41:48 +02:00
JanB
65321943ba Fix: DNSimple passes not-a-FQDN string to FindZoneByFqdn() 2016-04-17 04:43:43 +02:00
xenolf
094e3d41bb httpError - Set detail string to the content of the HTTP response if it's not parsed as JSON
Fixes #188
2016-04-15 03:09:29 +02:00
xenolf
cbca761215 Merge pull request #186 from LukeHandle/patch-dns-retryquery
Retry logic for dnsQuery
2016-04-14 20:27:14 +02:00
LukeHandle
a684bab9a4 Fix typo in "retry" 2016-04-12 07:36:42 +01:00
xenolf
23e88185c2 Merge pull request #185 from rekby/jws-out-of-range
Fix out of range
2016-04-12 02:41:31 +02:00
LukeHandle
dbad97ebc6 Retry logic for dnsQuery
Added a slice of NS to be used when retrying queries. Also used with FindZoneByFqdn()
Adjusted 2 error messages given to better differentiate the returned error string
2016-04-12 00:24:11 +01:00
Rekby
e81192c912 errors.New -> fmt.Errorf 2016-04-11 11:49:20 +03:00
Rekby
3ab9b75696 simple, without retriing 2016-04-11 11:43:32 +03:00
Rekby
334ebd6ee6 gofmt 2016-04-11 07:27:12 +03:00
Rekby
7557681b06 doesn't sleep after last try 2016-04-11 07:26:45 +03:00
Rekby
3a426a1382 retry get nonce few times before return error 2016-04-11 07:22:00 +03:00