Commit graph

691 commits

Author SHA1 Message Date
xenolf
365bbf3166 Add a changelog 2015-12-21 02:44:25 +01:00
xenolf
c2630f8eb7 Limit ioutil.ReadAll calls in client as well 2015-12-21 02:44:25 +01:00
xenolf
00af84d91b Close response body in getIssuerCertificate 2015-12-21 02:44:25 +01:00
Matt Holt
cb9a6e8207 Merge pull request #58 from flibustenet/patch-1
Update README.md
2015-12-20 09:32:45 -07:00
Wilk
058ac09825 Update README.md
Missing `-challenge` in request path (`/.well-known/acme-challenge/`)
2015-12-20 12:38:38 +01:00
xenolf
6316bea09b Improve documentation.
Fixes #46, #47
2015-12-18 22:38:59 +01:00
xenolf
7789bd2ffc Limit OCSP answers to 1MB.
fixes #56
2015-12-18 22:33:30 +01:00
xenolf
37153517a9 Merge pull request #57 from xenolf/fix-san-renewal
Fix: renew dropping additional DNSNames
2015-12-18 18:09:58 +01:00
xenolf
136cc73ff8 Move call to ObtainSANCertificate 2015-12-18 17:55:43 +01:00
xenolf
5930ea52f0 lib: make renew aware of SAN 2015-12-18 17:55:43 +01:00
xenolf
2d385d3f41 CLI: renew only the first domain (CommonName) 2015-12-18 17:55:43 +01:00
xenolf
102a9f756b Merge pull request #55 from gianluca311/cliFix
CLI: fix short domain args
2015-12-17 21:39:37 +01:00
xenolf
c13968859a tweak log messages a bit 2015-12-15 21:21:12 +01:00
Gianluca
0edc4b5aaa typo fix 2015-12-15 19:21:46 +01:00
Gianluca
dc57d2d8ba cli fixes for short args 2015-12-15 19:18:51 +01:00
xenolf
468e9a2ede Merge pull request #38 from janeczku/dns-providers
Modular dns-01 challenge providers
2015-12-12 20:58:24 +01:00
xenolf
bf740fa2ca Merge pull request #50 from xenolf/better-challenge-errors
Better challenge errors
2015-12-12 20:44:19 +01:00
xenolf
c2467d031f Fix tests with new error 2015-12-11 17:16:24 +01:00
xenolf
f08c15df80 Use boulder error messages. 2015-12-11 17:16:24 +01:00
Jan Broer
666698cea3 Modular DNS challenge
- Manual provider
- Dynamic DNS Update provider (RFC2136)
- Route53 provider
- CloudFlare provider
2015-12-10 18:35:35 +01:00
Matthew Holt
c4add3c81e Stub out simple CLI example 2015-12-07 19:33:46 -07:00
xenolf
1b07617a49 Merge pull request #45 from xenolf/ensure-non-zero-error-return
Make sure the CLI returns proper non-zero exit codes on errors.
2015-12-07 20:53:30 +01:00
xenolf
a23289899c Fix typo 2015-12-07 16:58:01 +01:00
xenolf
2f16c0fa5c Make sure the CLI returns proper non-zero exit codes on errors. 2015-12-07 16:52:59 +01:00
xenolf
54e96f6fc5 Document that ObtainSANCertificate will never return a partial certificate on error. 2015-12-07 16:51:28 +01:00
xenolf
0c0521f177 Merge pull request #43 from egorsmkv/master
Minor fixes
2015-12-07 15:53:53 +01:00
Egor Smolyakov
e8a631338c Added bundle option 2015-12-07 13:21:54 +02:00
Egor Smolyakov
4676e45836 Fix bug 2015-12-07 13:18:58 +02:00
xenolf
3cf9fe610f Merge pull request #42 from xenolf/add-renew-time
Add a way for cronjobs to automatically renew certificates.
2015-12-07 02:10:37 +01:00
xenolf
1573f13fac Remove redundant semicolon. 2015-12-06 23:14:22 +01:00
xenolf
2a9875b220 Add a way for cronjobs to automatically renew certificates. 2015-12-06 22:35:52 +01:00
Tommie Gannert
e32b9abfb2 Remove ObtainCertificates and rename ObtainSANCertificate to ObtainCertificate.
Also removes revokation abilities from RenewCertificate.

Makes the API more orthogonal. These things are not provided by the
ACME protocol, but were convenience helpers.
2015-12-05 22:07:12 +00:00
Tommie Gannert
71624f607a Replace exponential back-off in validate with Retry-After header.
Last paragraph of ACME spec, section 6.5:

  To check on the status of an authorization, the client sends a GET
  request to the authorization URI, and the server responds with the
  current authorization object.  In responding to poll requests while
  the validation is still in progress, the server MUST return a 202
  (Accepted) response with a Retry-After header field.
2015-12-05 21:32:53 +00:00
Tommie Gannert
b2c88d7a5d Make solvers configurable.
Allows selecting which solvers are available, and specifying options for them.
2015-12-05 21:01:08 +00:00
Tommie Gannert
039b7c50dc Use postJSON and getJSON wherever possible.
Encapsulates JSON marshalling.
2015-12-05 15:59:15 +00:00
Tommie Gannert
2dc2fdd1af Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 15:09:29 +00:00
Tommie Gannert
bee1326835 Use a local ServeMux in httpChallenge.Solve.
Avoids modifying global state.
2015-12-05 12:25:01 +00:00
Tommie Gannert
38cb60624f Simplify tlsSNIChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:24:49 +00:00
Tommie Gannert
5dc33c8c08 Simplify httpChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:00:00 +00:00
Tommie Gannert
58a2fd2267 Split off validation function.
This is a loop that interacts with the ACME server, not the individual challenges.

Also switch to exponential back-off polling for good measure.
2015-12-05 11:52:24 +00:00
Tommie Gannert
237689b0cf Run gofmt on acme/tls_sni_challenge. 2015-12-05 11:50:57 +00:00
xenolf
a528107826 Update README.md 2015-12-03 20:04:55 +01:00
xenolf
95a41a1441 Push CLI version 2015-12-03 19:41:04 +01:00
xenolf
8c8396a0a2 Update CLI to default to the live LE endpoint. 2015-12-03 19:37:54 +01:00
Matthew Holt
d9e2e2a873 Cleaned up a couple log lines 2015-12-02 12:33:37 -07:00
xenolf
24e8a55405 Merge pull request #33 from xenolf/add-tls-sni-challenge
Add TLS-SNI-01 Challenge
2015-11-22 19:34:22 +01:00
xenolf
32a29fd5ad We have two solvers now 2015-11-22 19:33:26 +01:00
xenolf
775545e2bb Add tests to TLS-SNI-01 2015-11-22 19:31:16 +01:00
xenolf
08f34f6071 Mark TLS-SNI implemented in README 2015-11-22 19:31:16 +01:00
xenolf
22622438fd Implement TLS-SNI-01 to match Boulder. Not spec conform. 2015-11-22 19:31:16 +01:00