Commit graph

609 commits

Author SHA1 Message Date
Stuart
d5799a1f37 Tighten permissions on challenge files and directories 2016-09-04 04:06:18 -04:00
Ryan Rogers
5656b9df20 Add support for Linode as a DNS provider. 2016-08-29 12:37:19 -07:00
xenolf
160cb3b6e8 Merge pull request #272 from porjo/master
Add PowerDNS provider
2016-08-24 00:45:37 +02:00
xenolf
e220b2da7c Merge pull request #276 from jipperinbham/cloudflare-query-fix
add txt and name to query params, remove Type check
2016-08-24 00:15:56 +02:00
xenolf
89caa84ad0 Merge pull request #273 from porjo/recursor
Allow custom DNS resolvers
2016-08-23 08:46:22 +02:00
Ian Bishop
9d954fcc41 Allow custom DNS resolvers 2016-08-23 08:22:17 +10:00
JP
ac63d9748d add txt and name to query params, remove Type check 2016-08-22 14:03:32 -05:00
Ian Bishop
63a05d58a6 Add PowerDNS provider 2016-08-19 18:32:27 +10:00
xenolf
823436d611 Merge branch 'nonce-race' 2016-08-19 09:15:40 +02:00
Kate Jefferson
2569c53efe Add sync.Mutex to lock and unlock j.nonces 2016-08-18 16:35:03 -04:00
xenolf
63e8e33beb Merge pull request #268 from xenolf/authz-recycle
Skip challenges when authz is already valid
2016-08-17 20:15:46 +02:00
xenolf
cfdbc15336 Merge pull request #269 from xenolf/travisci-go-updates
Shift CI test to newer Go versions
2016-08-17 20:15:19 +02:00
Matt Holt
33ef204b5e Shift CI test to newer Go versions
Some dependencies evidently require Go 1.6 and newer; also Go 1.7 is out.
2016-08-16 21:56:30 -06:00
Matthew Holt
6bd7f505e1 Log when skipping challenges due to valid authz 2016-08-16 14:00:17 -06:00
Matthew Holt
b2d7a1821e Skip solving challenges when authz is already valid (fixes #267) 2016-08-16 13:50:56 -06:00
xenolf
eb7c5e6bb6 Merge pull request #262 from doublerr/google_multi_subdomains
Fix GoogleCloud DNS challenge to allow subdomains
2016-08-12 19:05:03 +02:00
xenolf
68f2512ba1 Merge pull request #260 from cristiangraz/export-pre-check-dns
Export PreCheckDNS so library users can manage the DNS check in tests
2016-08-12 19:02:52 +02:00
Ryan Richard
de8a56bde8 Fix GoogleCloud DNS challenge to allow subdomains
Fixes #257

Previously the google cloud provider assumed the domain being provided
was also the authoritative zone. This fix uses an acme function to
recursively lookup the authoritative zone for a provided domain.
2016-08-11 13:39:07 -05:00
Cristian Graziano
2818a41068 Export PreCheckDNS so library users can manage the DNS check in tests 2016-08-09 22:15:54 -07:00
xenolf
aa216e0399 Merge pull request #256 from heroku/newclient-doc-fix
Fix documentation for acme.NewClient
2016-08-05 14:04:00 +02:00
liz
5eae7e889c Fix documentation for acme.NewClient 2016-08-04 12:09:42 -04:00
xenolf
4c33bee13d Merge pull request #254 from janeczku/findzonebyfqdn-fix
Correctly determine the zone for CNAME domains pointing to another zone
2016-08-01 13:31:24 +02:00
janeczku
d6197084fc Fixes zone lookup for domains that have a CNAME with the target in another zone 2016-07-29 21:28:28 +02:00
xenolf
5720cba2c9 Merge pull request #251 from bshi/master
Filter Google Cloud DNS List() calls
2016-07-26 14:04:26 +02:00
Bo Shi
028e412850 Filter Google Cloud DNS List() calls
Make a more efficient API call to only fetch the name of interest.
2016-07-21 19:05:16 +00:00
xenolf
b12ce5e731 Merge pull request #245 from bsiegert/master
codegangsta is now called urfave.
2016-07-21 03:40:32 +02:00
xenolf
e2f341198f Remove unneeded re-checking of OCSP responses. The stdlib has us covered already.
Fixes #247
2016-07-21 03:32:56 +02:00
xenolf
029ece0fd2 Well a timeout of 10 something is a good idea indeed... 2016-07-21 03:27:34 +02:00
xenolf
082ff6d029 Removed HTTPTimeout and exported a new HTTPClient variable as a replacement.
The HTTPTimeout was not honored by the default client. Clients should now construct their own HTTPClient for overriding the timeout.
Fixes #246
2016-07-21 03:24:11 +02:00
Benny Siegert
524e35dba6 codegangsta is now called urfave.
Update import paths for cli package.
2016-07-13 21:03:47 +02:00
xenolf
58ead76066 Merge pull request #238 from moomerman/dnsmadeeasy
Add DNSProvider for DNSMadeEasy (http://dnsmadeeasy.com/)
2016-07-10 04:39:59 +02:00
xenolf
b7b05e88db Merge pull request #233 from disaster37/master
Add OVH DNS provider
2016-07-04 15:00:59 +02:00
xenolf
0eba8326e9 Merge pull request #231 from paybyphone/paybyphone_dns_ttl
providers/dns/route53: Adjust DNS challenge TTL to 10 seconds
2016-06-29 16:21:13 +02:00
Richard Taylor
108eaea79b Add DNSProvider for DNSMadeEasy (http://dnsmadeeasy.com/) 2016-06-28 22:48:06 +01:00
disaster
cc40650b80 lauch go fmt to format the change 2016-06-24 18:23:28 +00:00
xenolf
02f0c50815 Merge pull request #234 from jboelter/master
Add optional support for .pem output (.crt + .key)
2016-06-21 02:30:01 +02:00
Joshua Boelter
941e753c80 Add optional support for .pem output (.crt + .key) 2016-06-18 22:55:15 -07:00
Chris Marchesi
64f8e0d225 providers/dns/route53: Adjust DNS challenge TTL to 10 seconds
While more than likely never to come up in a real-world situation,
during renewal integration testing a value of 120 seconds has
proven to be too high (the old challenge record has not expired
by the time the new one is created).
2016-06-17 16:07:37 -07:00
disaster
4f6c1d470f Add OVH DNS provider 2016-06-16 21:11:19 +02:00
xenolf
b2fad61981 Merge pull request #224 from paybyphone/support_existing_csr
Support existing CSRs (update to #122)
2016-06-16 01:01:12 +02:00
Chris Marchesi
575370e196 cert: Extend acme.CertificateResource, support CSRs on renew
client.RenewCertificate now supports CSRs, and in fact prefers them,
when renewing certificates. In other words, if the certificate was
created via a CSR then using that will be attempted before re-generating
off a new private key.

Also adjusted the API of ObtainCertificateForCSR to be a little
more in line with the original ObtainCertificate function.
2016-06-14 21:15:25 -07:00
Will Glynn
01e2a30802 Document --csr flag 2016-06-14 21:15:25 -07:00
Will Glynn
333af54906 Add --csr option to generate a certificate for an existing CSR 2016-06-14 21:15:25 -07:00
Will Glynn
8d7afd02b9 Add ObtainCertificateForCSR()
This commit also breaks requestCertificate() into two parts, the first of
which generates a CSR, the second of which became requestCertificateForCsr()
which does what the name implies.
2016-06-14 21:15:25 -07:00
xenolf
c570b320ae Merge pull request #222 from connctd/registration
In case of conflict during registration, the old registration is now recovered
2016-06-14 13:13:50 +02:00
Till Klocke
402756c1c5 registration message in case of conflict 409 should not contain contact details 2016-06-14 09:50:12 +02:00
xenolf
a9d8cec0e6 Merge pull request #227 from dmcgowan/add-rsc-changes
Change TLS SNI Challenge Cert function to return domain
2016-06-14 01:31:55 +02:00
Derek McGowan
be785fda33 Updated original signature and removed new function 2016-06-12 22:57:22 -07:00
xenolf
a4dfe5a7e7 Merge pull request #230 from doherty/account-json-executable
Write account.json without executable bit set
2016-06-13 03:01:50 +02:00
Mike Doherty
58758f4761 Write account.json without executable bit set
Fixes gh-229
2016-06-11 23:17:11 -07:00