forked from TrueCloudLab/lego
Lego version 0.4.0
This commit is contained in:
parent
28ead50ff1
commit
192334c448
4 changed files with 79 additions and 25 deletions
49
CHANGELOG.md
49
CHANGELOG.md
|
@ -1,5 +1,54 @@
|
|||
# Changelog
|
||||
|
||||
## [0.4.0] - 2017-07-13
|
||||
|
||||
### Added:
|
||||
- CLI: The `--http-timeout` switch. This allows for an override of the default client HTTP timeout.
|
||||
- lib: The `HTTPClient` field. This allows for an override of the default HTTP timeout for library HTTP requests.
|
||||
- CLI: The `--dns-timeout` switch. This allows for an override of the default DNS timeout for library DNS requests.
|
||||
- lib: The `DNSTimeout` switch. This allows for an override of the default client DNS timeout.
|
||||
- lib: The `QueryRegistration` function on `acme.Client`. This performs a POST on the client registration's URI and gets the updated registration info.
|
||||
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
|
||||
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
|
||||
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
|
||||
- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
|
||||
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
|
||||
- lib: Added a memcached provider for the HTTP challenge.
|
||||
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
|
||||
- CLI: The `--must-staple` flag. This enables OCSP must staple in the generated CSR.
|
||||
- lib: The library will now honor entries in your resolv.conf.
|
||||
- lib: Added a field `IssuerCertificate` to the `CertificateResource` struct.
|
||||
- lib: A new DNS provider for OVH.
|
||||
- lib: A new DNS provider for DNSMadeEasy.
|
||||
- lib: A new DNS provider for Linode.
|
||||
- lib: A new DNS provider for AuroraDNS.
|
||||
- lib: A new DNS provider for NS1.
|
||||
- lib: A new DNS provider for Azure DNS.
|
||||
- lib: A new DNS provider for Rackspace DNS.
|
||||
- lib: A new DNS provider for Exoscale DNS.
|
||||
- lib: A new DNS provider for DNSPod.
|
||||
|
||||
### Changed:
|
||||
- lib: Exported the `PreCheckDNS` field so library users can manage the DNS check in tests.
|
||||
- lib: The library will now skip challenge solving if a valid Authz already exists.
|
||||
|
||||
### Removed:
|
||||
- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
|
||||
|
||||
### Fixed:
|
||||
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
|
||||
- lib: Loading an account from file should fail if a integral part is nil
|
||||
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
|
||||
- lib: If a registration encounteres a conflict, the old registration is now recovered.
|
||||
- CLI: The account.json file no longer has the executable flag set.
|
||||
- lib: Made the client registration more robust in case of a 403 HTTP response.
|
||||
- lib: Fixed an issue with zone lookups when they have a CNAME in another zone.
|
||||
- lib: Fixed the lookup for the authoritative zone for Google Cloud.
|
||||
- lib: Fixed a race condition in the nonce store.
|
||||
- lib: The Google Cloud provider now removes old entries before trying to add new ones.
|
||||
- lib: Fixed a condition where we could stall due to an early error condition.
|
||||
- lib: Fixed an issue where Authz object could end up in an active state after an error condition.
|
||||
|
||||
## [0.3.1] - 2016-04-19
|
||||
|
||||
### Added:
|
||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2015 Sebastian Erhart
|
||||
Copyright (c) 2015-2017 Sebastian Erhart
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
51
README.md
51
README.md
|
@ -80,32 +80,37 @@ NAME:
|
|||
|
||||
USAGE:
|
||||
lego [global options] command [command options] [arguments...]
|
||||
|
||||
|
||||
VERSION:
|
||||
0.3.1
|
||||
|
||||
0.4.0
|
||||
|
||||
COMMANDS:
|
||||
run Register an account, then create and install a certificate
|
||||
revoke Revoke a certificate
|
||||
renew Renew a certificate
|
||||
dnshelp Shows additional help for the --dns global option
|
||||
help, h Shows a list of commands or help for one command
|
||||
|
||||
run Register an account, then create and install a certificate
|
||||
revoke Revoke a certificate
|
||||
renew Renew a certificate
|
||||
dnshelp Shows additional help for the --dns global option
|
||||
help, h Shows a list of commands or help for one command
|
||||
|
||||
GLOBAL OPTIONS:
|
||||
--domains, -d [--domains option --domains option] Add domains to the process
|
||||
--csr, -c Certificate signing request filename, if an external CSR is to be used
|
||||
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
|
||||
--email, -m Email used for registration and recovery contact.
|
||||
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
|
||||
--key-type, -k "rsa2048" Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384
|
||||
--path "${CWD}/.lego" Directory to use for storing the data
|
||||
--exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
|
||||
--webroot Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
|
||||
--http Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
|
||||
--tls Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
|
||||
--dns Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
|
||||
--help, -h show help
|
||||
--version, -v print the version
|
||||
--domains value, -d value Add domains to the process
|
||||
--csr value, -c value Certificate signing request filename, if an external CSR is to be used
|
||||
--server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v01.api.letsencrypt.org/directory")
|
||||
--email value, -m value Email used for registration and recovery contact.
|
||||
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
|
||||
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048")
|
||||
--path value Directory to use for storing the data (default: "/.lego")
|
||||
--exclude value, -x value Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
|
||||
--webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
|
||||
--memcached-host value Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts.
|
||||
--http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
|
||||
--tls value Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
|
||||
--dns value Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
|
||||
--http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
|
||||
--dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
|
||||
--dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use Google's DNS resolvers.
|
||||
--pem Generate a .pem file by concatanating the .key and .crt files together.
|
||||
--help, -h show help
|
||||
--version, -v print the version
|
||||
```
|
||||
|
||||
##### CLI Example
|
||||
|
|
2
cli.go
2
cli.go
|
@ -32,7 +32,7 @@ func main() {
|
|||
app.Name = "lego"
|
||||
app.Usage = "Let's Encrypt client written in Go"
|
||||
|
||||
version := "0.3.1"
|
||||
version := "0.4.0"
|
||||
if strings.HasPrefix(gittag, "v") {
|
||||
version = gittag
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue