* add issuer certificate to CertificateResource
Also write it out to the file system when running "lego run"
Removed caching of the issuer certificate inside the acme client, since
it didn't appear to be used.
* only append issuerCert to issuedCert in case of success
Effectively a no-op since issuerCert will be nil on error, but it seems
more correct to only do it if fetching the issuer succeeds.
Before read access to `nonces` field in jws structure (in `Nonces` method) was not synchronized and we were still able
to get `slice bounds out of range` panic when trying to "pop" value in `Nonces` method.
The race can be actually observed by running `Nonce` method multiple times in separate goroutines with th precondition is `len(jws.nonces) == 1`.
* Get better dns server defaults if available
if an /etc/resolv.conf file exists, then get the dns servers from there
* fix handwritten code...
* Make discovering system dns servers more testable
Allow specifying path to resolv.conf file to allow testing logic
* add tests
* Log which resolvers we are using
* move log statement for dns resolvers used
When record already exists in gcloud we can't add a new record without removing the other one first. This is a simple fix that doesn't attempt to create multiple entries for the record but just removes the previous data.
fixes#218
Introduces a new command line switch `--must-staple` to `run` and `renew`.
Using this switch will add the must staple TLS extension to the CSR generated by lego and thus also to the generated certificate.
This does not work with user specified CSRs!
Fixes#270
* Add NS1 DNS provider.
Integrates Lego with NS1 using their rest API.
It uses NS1's official Go package as client:
https://github.com/ns1/ns1-go
Signed-off-by: David Calavera <david.calavera@gmail.com>
* Add NS1 to the cli handlers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Fixes#257
Previously the google cloud provider assumed the domain being provided
was also the authoritative zone. This fix uses an acme function to
recursively lookup the authoritative zone for a provided domain.