chore: fix grammar and typo (#1978)

Co-authored-by: Dominik Menke <git@dmke.org>
This commit is contained in:
Ludovic Fernandez 2023-07-29 12:59:24 +02:00 committed by GitHub
parent f582d12f65
commit 3cefc7a51b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
74 changed files with 109 additions and 118 deletions

View file

@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
- **[dnsprovider]** azure: Allow for the use of MSI - **[dnsprovider]** azure: Allow for the use of MSI
- **[dnsprovider]** constellix: improve challenge. - **[dnsprovider]** constellix: improve challenge.
- **[dnsprovider]** godaddy: allow parallel solve. - **[dnsprovider]** godaddy: allow parallel solve.
- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created - **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created
- **[dnsprovider]** transip: updated the client to v6 - **[dnsprovider]** transip: updated the client to v6
### Fixed: ### Fixed:
@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
## [v3.0.1] - 2019-08-14 ## [v3.0.1] - 2019-08-14
There was a problem when creating the tag v3.0.1, this tag has been invalidate. There was a problem when creating the tag v3.0.1, this tag has been invalidated.
## [v3.0.0] - 2019-08-05 ## [v3.0.0] - 2019-08-05
@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client. - lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR. - lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line. - CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together. - CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together.
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup. - CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
- lib: Added a memcached provider for the HTTP challenge. - lib: Added a memcached provider for the HTTP challenge.
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage. - CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
- lib: The library will now skip challenge solving if a valid Authz already exists. - lib: The library will now skip challenge solving if a valid Authz already exists.
### Removed: ### Removed:
- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder. - lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder.
### Fixed: ### Fixed:
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone. - lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
- lib: Loading an account from file should fail if a integral part is nil - lib: Loading an account from file should fail if an integral part is nil
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone. - lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
- lib: If a registration encounteres a conflict, the old registration is now recovered. - lib: If a registration encounteres a conflict, the old registration is now recovered.
- CLI: The account.json file no longer has the executable flag set. - CLI: The account.json file no longer has the executable flag set.
@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
### Changed: ### Changed:
- lib: NewClient does no longer accept the optPort parameter - lib: NewClient does no longer accept the optPort parameter
- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain. - lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain.
- lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status. - lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
- lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates. - lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
- lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key. - lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.

View file

@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel
- Use the issue search to see if the issue has already been reported. - Use the issue search to see if the issue has already been reported.
- Also look for closed issues to see if your issue has already been fixed. - Also look for closed issues to see if your issue has already been fixed.
- If both of the above do not apply create a new issue and include as much information as possible. - If both of the above do not apply, create a new issue and include as much information as possible.
Bug reports should include all information a person could need to reproduce your problem without the need to Bug reports should include all information a person could need to reproduce your problem without the need to
follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour. follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.

View file

@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) {
return GetFromResponse(resp) return GetFromResponse(resp)
} }
// GetFromResponse Extracts a nonce from a HTTP response. // GetFromResponse Extracts a nonce from an HTTP response.
func GetFromResponse(resp *http.Response) (string, error) { func GetFromResponse(resp *http.Response) (string, error) {
if resp == nil { if resp == nil {
return "", errors.New("nil response") return "", errors.New("nil response")

View file

@ -71,12 +71,12 @@ type Meta struct {
// externalAccountRequired (optional, boolean): // externalAccountRequired (optional, boolean):
// If this field is present and set to "true", // If this field is present and set to "true",
// then the CA requires that all new- account requests include an "externalAccountBinding" field // then the CA requires that all new-account requests include an "externalAccountBinding" field
// associating the new account with an external account. // associating the new account with an external account.
ExternalAccountRequired bool `json:"externalAccountRequired"` ExternalAccountRequired bool `json:"externalAccountRequired"`
} }
// ExtendedAccount a extended Account. // ExtendedAccount an extended Account.
type ExtendedAccount struct { type ExtendedAccount struct {
Account Account
// Contains the value of the response header `Location` // Contains the value of the response header `Location`
@ -91,7 +91,7 @@ type Account struct {
// The status of this account. // The status of this account.
// Possible values are: "valid", "deactivated", and "revoked". // Possible values are: "valid", "deactivated", and "revoked".
// The value "deactivated" should be used to indicate client-initiated deactivation // The value "deactivated" should be used to indicate client-initiated deactivation
// whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6) // whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6)
Status string `json:"status,omitempty"` Status string `json:"status,omitempty"`
// contact (optional, array of string): // contact (optional, array of string):
@ -321,7 +321,7 @@ type RenewalInfoResponse struct {
// SuggestedWindow contains two fields, start and end, // SuggestedWindow contains two fields, start and end,
// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate. // whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
SuggestedWindow Window `json:"suggestedWindow"` SuggestedWindow Window `json:"suggestedWindow"`
// ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is. // ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is.
// For example, it may be a page explaining the CA's dynamic load-balancing strategy, // For example, it may be a page explaining the CA's dynamic load-balancing strategy,
// or a page documenting which certificates are affected by a mass revocation event. // or a page documenting which certificates are affected by a mass revocation event.
// Callers SHOULD provide this URL to their operator, if present. // Callers SHOULD provide this URL to their operator, if present.

View file

@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
// ParsePEMPrivateKey parses a private key from key, which is a PEM block. // ParsePEMPrivateKey parses a private key from key, which is a PEM block.
// Borrowed from Go standard library, to handle various private key and PEM block types. // Borrowed from Go standard library, to handle various private key and PEM block types.
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308 // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238) // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) { func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
keyBlockDER, _ := pem.Decode(key) keyBlockDER, _ := pem.Decode(key)
if keyBlockDER == nil { if keyBlockDER == nil {

View file

@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
} }
if respOrder.Status == acme.StatusValid { if respOrder.Status == acme.StatusValid {
// if the certificate is available right away, short cut! // if the certificate is available right away, shortcut!
ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain) ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
if errR != nil { if errR != nil {
return nil, errR return nil, errR

View file

@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {
if in != nil && in.Truncated { if in != nil && in.Truncated {
tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout} tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
// If the TCP request succeeds, the err will reset to nil // If the TCP request succeeds, the "err" will reset to nil
in, _, err = tcp.Exchange(m, ns) in, _, err = tcp.Exchange(m, ns)
} }

View file

@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) {
ok, err := check.checkDNSPropagation(test.fqdn, test.value) ok, err := check.checkDNSPropagation(test.fqdn, test.value)
if test.expectError { if test.expectError {
assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn) assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn)
assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn) assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn)
} else { } else {
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn) assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn) assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)

View file

@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
} }
func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) { func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// For all valid preSolvers, first submit the challenges so they have max time to propagate // For all valid preSolvers, first submit the challenges, so they have max time to propagate
for _, authSolver := range authSolvers { for _, authSolver := range authSolvers {
authz := authSolver.authz authz := authSolver.authz
if solvr, ok := authSolver.solver.(preSolver); ok { if solvr, ok := authSolver.solver.(preSolver); ok {

View file

@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string {
return net.JoinHostPort(s.iface, s.port) return net.JoinHostPort(s.iface, s.port)
} }
// Present generates a certificate with a SHA-256 digest of the keyAuth provided // Present generates a certificate with an SHA-256 digest of the keyAuth provided
// as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec. // as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
func (s *ProviderServer) Present(domain, token, keyAuth string) error { func (s *ProviderServer) Present(domain, token, keyAuth string) error {
if s.port == "" { if s.port == "" {

View file

@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln(`Credentials:`) ew.writeln(`Credentials:`)
ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`) ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`)
ew.writeln(` - "SOFTLAYER_USERNAME": User name (IBM Cloud is <accountID>_<emailAddress>)`) ew.writeln(` - "SOFTLAYER_USERNAME": Username (IBM Cloud is <accountID>_<emailAddress>)`)
ew.writeln() ew.writeln()
ew.writeln(`Additional Configuration:`) ew.writeln(`Additional Configuration:`)
@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln(`Credentials:`) ew.writeln(`Credentials:`)
ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`) ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`)
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`) ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`)
ew.writeln() ew.writeln()
ew.writeln(`Additional Configuration:`) ew.writeln(`Additional Configuration:`)

View file

@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`:
$ lego --email "you@example.com" --domains="example.com" --dns "manual" run $ lego --email "you@example.com" --domains="example.com" --dns "manual" run
``` ```
What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions: What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
```txt ```txt
No key found for account you@example.com. Generating a P256 key. No key found for account you@example.com. Generating a P256 key.

View file

@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare.
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details. See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
The main resources Lego cares for are the DNS entries for your Zones. The main resources Lego cares for are the DNS entries for your Zones.
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
Hence, you should create an API token with the following permissions: Hence, you should create an API token with the following permissions:

View file

@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default. if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/), While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge. DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
To authenticate you need to provide a valid API token. To authenticate you need to provide a valid API token.
HTTP Basic Authentication is intentionally not supported. HTTP Basic Authentication is intentionally not supported.
@ -69,7 +69,7 @@ HTTP Basic Authentication is intentionally not supported.
### API tokens ### API tokens
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page. You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
Only Account API tokens are supported, if you try to use an User API token you will receive an error message. Only Account API tokens are supported, if you try to use a User API token you will receive an error message.

View file

@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}). More information [here]({{< ref "dns#configuration-and-credentials" >}}).
Akamai credentials are automatically detected in the following locations and prioritized in the following order: Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`): 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
- `AKAMAI_{SECTION}_HOST` - `AKAMAI_{SECTION}_HOST`

View file

@ -64,7 +64,7 @@ The server must provide:
- `POST` `/present` - `POST` `/present`
- `POST` `/cleanup` - `POST` `/cleanup`
The URL of the server must be define by `HTTPREQ_ENDPOINT`. The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
### Mode ### Mode

View file

@ -39,7 +39,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
| Environment Variable Name | Description | | Environment Variable Name | Description |
|-----------------------|-------------| |-----------------------|-------------|
| `SOFTLAYER_API_KEY` | Classic Infrastructure API key | | `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
| `SOFTLAYER_USERNAME` | User name (IBM Cloud is <accountID>_<emailAddress>) | | `SOFTLAYER_USERNAME` | Username (IBM Cloud is <accountID>_<emailAddress>) |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}). More information [here]({{< ref "dns#configuration-and-credentials" >}}).

View file

@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html): As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
> 1. please login at Joker.com, visit 'My Domains', > 1. please log in at Joker.com, visit 'My Domains',
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu > find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
> >
> 2. on the top right, you will find the setting for 'Dynamic DNS'. > 2. on the top right, you will find the setting for 'Dynamic DNS'.

View file

@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
## Description ## Description
You can login using your account name + username or using your email address. You can log in using your account name + username or using your email address.
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`. Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.

View file

@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/). Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
When requesting the consumer key, the following configuration can be use to define access rights: When requesting the consumer key, the following configuration can be used to define access rights:
```json ```json
{ {

View file

@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
## Description ## Description
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions. Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
This are special tokens with limited access for ACME requests only. These are special tokens with limited access for ACME requests only.
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes. RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.

View file

@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th
### Least privilege policy for production purposes ### Least privilege policy for production purposes
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge. The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`. Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy. Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.

View file

@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname). This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`. Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.

View file

@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}). More information [here]({{< ref "dns#configuration-and-credentials" >}}).
## Credential inforamtion ## Credential information
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud. You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.

View file

@ -52,7 +52,7 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains
| Environment Variable Name | Description | | Environment Variable Name | Description |
|-----------------------|-------------| |-----------------------|-------------|
| `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud | | `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions | | `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}). More information [here]({{< ref "dns#configuration-and-credentials" >}}).

View file

@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
and you need to pick the one where your domain's DNS settings are set up. and you need to pick the one where your domain's DNS settings are set up.
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
For this example, let's assume you have setup CloudFlare for your domain. For this example, let's assume you have set up CloudFlare for your domain.
Execute this command: Execute this command:

View file

@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options:
## Port Usage ## Port Usage
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges. By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges.
If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
lego to listen on that interface:port for any incoming challenges. lego to listen on that interface:port for any incoming challenges.
If you are using this option, make sure you proxy all of the following traffic to these ports. If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports.
**HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header]. **HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].
@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the
There are also situations, where this verification step doesn't work as expected: There are also situations, where this verification step doesn't work as expected:
- A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt). - A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet. - With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet.
The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order. The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.

View file

@ -36,7 +36,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
and you need to pick the one where your domain's DNS settings are set up. and you need to pick the one where your domain's DNS settings are set up.
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
For this example, let's assume you have setup CloudFlare for your domain. For this example, let's assume you have set up CloudFlare for your domain.
Execute this command: Execute this command:
@ -107,4 +107,4 @@ RandomizedDelaySec=1h
WantedBy=timers.target WantedBy=timers.target
``` ```
[^loadspikes]: See [Github issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description. [^loadspikes]: See [GitHub issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.

View file

@ -4,7 +4,7 @@ date: 2019-03-03T16:39:46+01:00
draft: false draft: false
--- ---
Lego can be use as a Go Library. Lego can be used as a Go Library.
<!--more--> <!--more-->

View file

@ -1,7 +1,7 @@
# certs/ # certs/
This directory contains a CA certificate (`pebble.minica.pem`) and a private key This directory contains a CA certificate (`pebble.minica.pem`) and a private key
(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See (`pebble.minica.key.pem`) that are used to issue an end-entity certificate (See
`certs/localhost`) for the Pebble HTTPS server. `certs/localhost`) for the Pebble HTTPS server.
To get your **testing code** to use Pebble without HTTPS errors you should To get your **testing code** to use Pebble without HTTPS errors you should
@ -14,12 +14,11 @@ code!!! The CA's private key is **public** and anyone can use it to issue
certificates that will be trusted by a system with the Pebble CA in the trust certificates that will be trusted by a system with the Pebble CA in the trust
store. store.
To re-create all of the Pebble certificates run: To re-create all certificates used by Pebble, run:
minica -ca-cert pebble.minica.pem \ minica -ca-cert pebble.minica.pem \
-ca-key pebble.minica.key.pem \ -ca-key pebble.minica.key.pem \
-domains localhost,pebble \ -domains localhost,pebble \
-ip-addresses 127.0.0.1 -ip-addresses 127.0.0.1
From the `test/certs/` directory after [installing From the `test/certs/` directory after [installing MiniCA](https://github.com/jsha/minica#installation)
MiniCA](https://github.com/jsha/minica#installation)

View file

@ -29,7 +29,7 @@ const (
// caServerNameEnvVar is the environment variable name that can be used to // caServerNameEnvVar is the environment variable name that can be used to
// specify the CA server name that can be used to // specify the CA server name that can be used to
// authenticate an ACME server with a HTTPS certificate not issued by a CA in // authenticate an ACME server with an HTTPS certificate not issued by a CA in
// the system-wide trusted root list. // the system-wide trusted root list.
caServerNameEnvVar = "LEGO_CA_SERVER_NAME" caServerNameEnvVar = "LEGO_CA_SERVER_NAME"

View file

@ -95,7 +95,7 @@ func getOneWithFallback(main string, names ...string) (string, string) {
} }
// GetOrDefaultInt returns the given environment variable value as an integer. // GetOrDefaultInt returns the given environment variable value as an integer.
// Returns the default if the envvar cannot be coopered to an int, or is not found. // Returns the default if the env var cannot be coopered to an int, or is not found.
func GetOrDefaultInt(envVar string, defaultValue int) int { func GetOrDefaultInt(envVar string, defaultValue int) int {
v, err := strconv.Atoi(GetOrFile(envVar)) v, err := strconv.Atoi(GetOrFile(envVar))
if err != nil { if err != nil {
@ -105,8 +105,8 @@ func GetOrDefaultInt(envVar string, defaultValue int) int {
return v return v
} }
// GetOrDefaultSecond returns the given environment variable value as an time.Duration (second). // GetOrDefaultSecond returns the given environment variable value as a time.Duration (second).
// Returns the default if the envvar cannot be coopered to an int, or is not found. // Returns the default if the env var cannot be coopered to an int, or is not found.
func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration { func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration {
v := GetOrDefaultInt(envVar, -1) v := GetOrDefaultInt(envVar, -1)
if v < 0 { if v < 0 {
@ -117,7 +117,7 @@ func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration
} }
// GetOrDefaultString returns the given environment variable value as a string. // GetOrDefaultString returns the given environment variable value as a string.
// Returns the default if the envvar cannot be find. // Returns the default if the env var cannot be found.
func GetOrDefaultString(envVar, defaultValue string) string { func GetOrDefaultString(envVar, defaultValue string) string {
v := GetOrFile(envVar) v := GetOrFile(envVar)
if v == "" { if v == "" {
@ -128,7 +128,7 @@ func GetOrDefaultString(envVar, defaultValue string) string {
} }
// GetOrDefaultBool returns the given environment variable value as a boolean. // GetOrDefaultBool returns the given environment variable value as a boolean.
// Returns the default if the envvar cannot be coopered to a boolean, or is not found. // Returns the default if the env var cannot be coopered to a boolean, or is not found.
func GetOrDefaultBool(envVar string, defaultValue bool) bool { func GetOrDefaultBool(envVar string, defaultValue bool) bool {
v, err := strconv.ParseBool(GetOrFile(envVar)) v, err := strconv.ParseBool(GetOrFile(envVar))
if err != nil { if err != nil {

View file

@ -48,7 +48,7 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest {
for _, key := range keys { for _, key := range keys {
if e.domainKey != key && !e.isManagedKey(key) { if e.domainKey != key && !e.isManagedKey(key) {
panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key)) panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed, or it's not the key of the domain.", key))
} }
if e.domainKey == key { if e.domainKey == key {

View file

@ -204,7 +204,7 @@ func getAuthorizer(config *Config) (autorest.Authorizer, error) {
return auth.NewAuthorizerFromEnvironment() return auth.NewAuthorizerFromEnvironment()
} }
// Fetches metadata from environment or he instance metadata service. // Fetches metadata from environment or the instance metadata service.
// borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go // borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go
func getMetadata(config *Config, field string) (string, error) { func getMetadata(config *Config, field string) (string, error) {
metadataEndpoint := config.MetadataEndpoint metadataEndpoint := config.MetadataEndpoint

View file

@ -200,7 +200,7 @@ func (c *Client) LookupViewID(ctx context.Context, configName, viewName string)
return view.ID, nil return view.ID, nil
} }
// LookupParentZoneID Return the entityId of the parent zone by recursing from the root view. // LookupParentZoneID returns the entityId of the parent zone by iterating through the root labels.
// Also return the simple name of the host. // Also return the simple name of the host.
func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) { func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) {
if fqdn == "" { if fqdn == "" {

View file

@ -63,7 +63,7 @@ type DNSProvider struct {
// For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN. // For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN.
// //
// The email and API key should be avoided, if possible. // The email and API key should be avoided, if possible.
// Instead setup a API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable. // Instead, set up an API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
// You can split the Zone:Read and DNS:Edit permissions across multiple API tokens: // You can split the Zone:Read and DNS:Edit permissions across multiple API tokens:
// in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly. // in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly.
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {

View file

@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare.
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details. See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
The main resources Lego cares for are the DNS entries for your Zones. The main resources Lego cares for are the DNS entries for your Zones.
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
Hence, you should create an API token with the following permissions: Hence, you should create an API token with the following permissions:

View file

@ -105,7 +105,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
tokens, err := identifier.GetToken(context.TODO(), auth) tokens, err := identifier.GetToken(context.TODO(), auth)
if err != nil { if err != nil {
return nil, fmt.Errorf("conoha: failed to login: %w", err) return nil, fmt.Errorf("conoha: failed to log in: %w", err)
} }
client, err := internal.NewClient(config.Region, tokens.Access.Token.ID) client, err := internal.NewClient(config.Region, tokens.Access.Token.ID)

View file

@ -29,7 +29,7 @@ func TestNewDNSProvider(t *testing.T) {
EnvAPIUsername: "api_username", EnvAPIUsername: "api_username",
EnvAPIPassword: "api_password", EnvAPIPassword: "api_password",
}, },
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
}, },
{ {
desc: "missing credentials", desc: "missing credentials",
@ -99,7 +99,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
}{ }{
{ {
desc: "complete credentials, but login failed", desc: "complete credentials, but login failed",
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
tenant: "tenant_id", tenant: "tenant_id",
username: "api_username", username: "api_username",
password: "api_password", password: "api_password",

View file

@ -23,7 +23,7 @@ type TokenTransport struct {
Transport http.RoundTripper Transport http.RoundTripper
} }
// NewTokenTransport Creates a HTTP transport for API authentication. // NewTokenTransport Creates an HTTP transport for API authentication.
func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) { func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
if apiKey == "" { if apiKey == "" {
return nil, errors.New("credentials missing: API key") return nil, errors.New("credentials missing: API key")

View file

@ -16,7 +16,7 @@ Additional = '''
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default. if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/), While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge. DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
To authenticate you need to provide a valid API token. To authenticate you need to provide a valid API token.
HTTP Basic Authentication is intentionally not supported. HTTP Basic Authentication is intentionally not supported.
@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported.
### API tokens ### API tokens
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page. You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
Only Account API tokens are supported, if you try to use an User API token you will receive an error message. Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
''' '''
[Configuration] [Configuration]

View file

@ -17,7 +17,7 @@ import (
const defaultBaseURL string = "https://api.domeneshop.no/v0" const defaultBaseURL string = "https://api.domeneshop.no/v0"
// Client implements a very simple wrapper around the Domeneshop API. // Client implements a very simple wrapper around the Domeneshop API.
// For now it will only deal with adding and removing TXT records, as required by ACME providers. // For now, it will only deal with adding and removing TXT records, as required by ACME providers.
// https://api.domeneshop.no/docs/ // https://api.domeneshop.no/docs/
type Client struct { type Client struct {
apiToken string apiToken string

View file

@ -16,7 +16,7 @@ type TokenTransport struct {
Transport http.RoundTripper Transport http.RoundTripper
} }
// NewTokenTransport Creates a HTTP transport for API authentication. // NewTokenTransport Creates an HTTP transport for API authentication.
func NewTokenTransport(apiKey string) (*TokenTransport, error) { func NewTokenTransport(apiKey string) (*TokenTransport, error) {
if apiKey == "" { if apiKey == "" {
return nil, errors.New("credentials missing: API key") return nil, errors.New("credentials missing: API key")

View file

@ -110,7 +110,7 @@ func (c Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostnam
return &apiResp, nil return &apiResp, nil
} }
// doRetry the API is really unstable so we need to retry on EOF. // doRetry the API is really unstable, so we need to retry on EOF.
func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error { func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error {
operation := func() error { operation := func() error {
return c.do(ctx, method, uri, body, result) return c.do(ctx, method, uri, body, result)

View file

@ -62,7 +62,7 @@ type DNSProvider struct {
} }
// NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS: // NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS:
// Akamai credentials are automatically detected in the following locations and prioritized in the following order: // Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
// //
// 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION` // 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
// 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET` // 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`

View file

@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run
''' '''
Additional = ''' Additional = '''
Akamai credentials are automatically detected in the following locations and prioritized in the following order: Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`): 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
- `AKAMAI_{SECTION}_HOST` - `AKAMAI_{SECTION}_HOST`

View file

@ -14,11 +14,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/glesys/internal" "github.com/go-acme/lego/v4/providers/dns/glesys/internal"
) )
const ( const minTTL = 60
// defaultBaseURL is the GleSYS API endpoint used by Present and CleanUp.
defaultBaseURL = "https://api.glesys.com/domain"
minTTL = 60
)
// Environment variables names. // Environment variables names.
const ( const (

View file

@ -1,4 +1,4 @@
// Package httpreq implements a DNS provider for solving the DNS-01 challenge through a HTTP server. // Package httpreq implements a DNS provider for solving the DNS-01 challenge through an HTTP server.
package httpreq package httpreq
import ( import (

View file

@ -17,7 +17,7 @@ The server must provide:
- `POST` `/present` - `POST` `/present`
- `POST` `/cleanup` - `POST` `/cleanup`
The URL of the server must be define by `HTTPREQ_ENDPOINT`. The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
### Mode ### Mode

View file

@ -113,7 +113,7 @@ func evaluateBody(body string, hostname string) error {
case codeAbuse: case codeAbuse:
return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname) return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname)
case codeBadAgent: case codeBadAgent:
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body) return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on GitHub", body)
case codeBadAuth: case codeBadAuth:
return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname) return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
case codeInterval: case codeInterval:

View file

@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
[Configuration] [Configuration]
[Configuration.Credentials] [Configuration.Credentials]
SOFTLAYER_USERNAME = "User name (IBM Cloud is <accountID>_<emailAddress>)" SOFTLAYER_USERNAME = "Username (IBM Cloud is <accountID>_<emailAddress>)"
SOFTLAYER_API_KEY = "Classic Infrastructure API key" SOFTLAYER_API_KEY = "Classic Infrastructure API key"
[Configuration.Additional] [Configuration.Additional]
SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check" SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"

View file

@ -55,7 +55,7 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai
statusCode, err := c.do(req, domain) statusCode, err := c.do(req, domain)
if err != nil { if err != nil {
if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 { if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
// Look up for the next sub domain // Look up for the next subdomain
subIndex := strings.Index(domainName, ".") subIndex := strings.Index(domainName, ".")
return c.GetDomainByName(ctx, domainName[subIndex+1:]) return c.GetDomainByName(ctx, domainName[subIndex+1:])
} }

View file

@ -108,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
defer func() { defer func() {
errL := d.client.Account.Logout() errL := d.client.Account.Logout()
if errL != nil { if errL != nil {
log.Infof("inwx: failed to logout: %v", errL) log.Infof("inwx: failed to log out: %v", errL)
} }
}() }()
@ -158,7 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
defer func() { defer func() {
errL := d.client.Account.Logout() errL := d.client.Account.Logout()
if errL != nil { if errL != nil {
log.Infof("inwx: failed to logout: %v", errL) log.Infof("inwx: failed to log out: %v", errL)
} }
}() }()
@ -199,7 +199,7 @@ func (d *DNSProvider) twoFactorAuth(info *goinwx.LoginResponse) error {
} }
if d.config.SharedSecret == "" { if d.config.SharedSecret == "" {
return errors.New("two factor authentication but no shared secret is given") return errors.New("two-factor authentication but no shared secret is given")
} }
tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now()) tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now())

View file

@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html): As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
> 1. please login at Joker.com, visit 'My Domains', > 1. please log in at Joker.com, visit 'My Domains',
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu > find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
> >
> 2. on the top right, you will find the setting for 'Dynamic DNS'. > 2. on the top right, you will find the setting for 'Dynamic DNS'.

View file

@ -192,7 +192,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
err = d.client.RemoveSubdomain(ctx, authZone, subDomain) err = d.client.RemoveSubdomain(ctx, authZone, subDomain)
if err != nil { if err != nil {
return fmt.Errorf("loopia: failed to remove sub-domain: %w", err) return fmt.Errorf("loopia: failed to remove subdomain: %w", err)
} }
return nil return nil

View file

@ -149,10 +149,10 @@ func TestDNSProvider_Cleanup(t *testing.T) {
callGetTXTRecords: true, callGetTXTRecords: true,
callRemoveSubdomain: true, callRemoveSubdomain: true,
expectedError: `loopia: failed to remove sub-domain: unknown error: "UNKNOWN_ERROR"`, expectedError: `loopia: failed to remove subdomain: unknown error: "UNKNOWN_ERROR"`,
}, },
{ {
desc: "Dont call removeSubdomain when records", desc: "Don't call removeSubdomain when records",
getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}}, getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}},
callAddTXTRecord: true, callAddTXTRecord: true,

View file

@ -18,17 +18,16 @@ import (
) )
// Notes about namecheap's tool API: // Notes about namecheap's tool API:
// 1. Using the API requires registration. Once registered, use your account // 1. Using the API requires registration.
// name and API key to access the API. // Once registered, use your account name and API key to access the API.
// 2. There is no API to add or modify a single DNS record. Instead you must // 2. There is no API to add or modify a single DNS record.
// read the entire list of records, make modifications, and then write the // Instead, you must read the entire list of records, make modifications,
// entire updated list of records. (Yuck.) // and then write the entire updated list of records. (Yuck.)
// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take // 3. Namecheap's DNS updates can be slow to propagate.
// as long as an hour. // I've seen them take as long as an hour.
// 4. Namecheap requires you to whitelist the IP address from which you call // 4. Namecheap requires you to whitelist the IP address from which you call its APIs.
// its APIs. It also requires all API calls to include the whitelisted IP // It also requires all API calls to include the whitelisted IP address as a form or query string value.
// address as a form or query string value. This code uses a namecheap // This code uses a namecheap service to query the client's IP address.
// service to query the client's IP address.
// Environment variables names. // Environment variables names.
const ( const (

View file

@ -201,5 +201,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
} }
return fmt.Errorf("nicmanager: no record found to cleanup") return fmt.Errorf("nicmanager: no record found to clean up")
} }

View file

@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run
Additional = ''' Additional = '''
## Description ## Description
You can login using your account name + username or using your email address. You can log in using your account name + username or using your email address.
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`. Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
''' '''

View file

@ -161,7 +161,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
if *domainRecords.OpcTotalItems == 0 { if *domainRecords.OpcTotalItems == 0 {
return errors.New("oraclecloud: no record to CleanUp") return errors.New("oraclecloud: no record to clean up")
} }
var deleteHash *string var deleteHash *string
@ -173,7 +173,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
if deleteHash == nil { if deleteHash == nil {
return errors.New("oraclecloud: no record to CleanUp") return errors.New("oraclecloud: no record to clean up")
} }
recordOperation := dns.RecordOperation{ recordOperation := dns.RecordOperation{

View file

@ -17,7 +17,7 @@ Additional = '''
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/). Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
When requesting the consumer key, the following configuration can be use to define access rights: When requesting the consumer key, the following configuration can be used to define access rights:
```json ```json
{ {

View file

@ -13,7 +13,7 @@ Additional = '''
## Description ## Description
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions. Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
This are special tokens with limited access for ACME requests only. These are special tokens with limited access for ACME requests only.
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes. RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.

View file

@ -85,7 +85,7 @@ func TestServerError(t *testing.T) {
err = provider.Present(fakeDomain, "", fakeKeyAuth) err = provider.Present(fakeDomain, "", fakeKeyAuth)
require.Error(t, err) require.Error(t, err)
if !strings.Contains(err.Error(), "NOTZONE") { if !strings.Contains(err.Error(), "NOTZONE") {
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string but it did not: %v", err) t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err)
} }
} }

View file

@ -95,7 +95,7 @@ func NewDNSProvider() (*DNSProvider, error) {
return NewDNSProviderConfig(NewDefaultConfig()) return NewDNSProviderConfig(NewDefaultConfig())
} }
// NewDNSProviderConfig takes a given config ans returns a custom configured DNSProvider instance. // NewDNSProviderConfig takes a given config and returns a custom configured DNSProvider instance.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil { if config == nil {
return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil") return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil")

View file

@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th
### Least privilege policy for production purposes ### Least privilege policy for production purposes
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge. The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`. Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy. Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.

View file

@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname). This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`. Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
''' '''
[Configuration] [Configuration]

View file

@ -81,7 +81,7 @@ func TestNewDNSProvider(t *testing.T) {
} }
// The error message for a file not existing is different on Windows and Linux. // The error message for a file not existing is different on Windows and Linux.
// Therefore we test if the error type is the same. // Therefore, we test if the error type is the same.
t.Run("could not open private key path", func(t *testing.T) { t.Run("could not open private key path", func(t *testing.T) {
defer envTest.RestoreEnv() defer envTest.RestoreEnv()
envTest.ClearEnv() envTest.ClearEnv()
@ -144,7 +144,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
} }
// The error message for a file not existing is different on Windows and Linux. // The error message for a file not existing is different on Windows and Linux.
// Therefore we test if the error type is the same. // Therefore, we test if the error type is the same.
t.Run("could not open private key path", func(t *testing.T) { t.Run("could not open private key path", func(t *testing.T) {
config := NewDefaultConfig() config := NewDefaultConfig()
config.AccountName = "johndoe" config.AccountName = "johndoe"

View file

@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*.
''' '''
Additional = ''' Additional = '''
## Credential inforamtion ## Credential information
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud. You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.

View file

@ -38,7 +38,7 @@ func czechHour() int {
func utcToCet(utc time.Time) time.Time { func utcToCet(utc time.Time) time.Time {
// https://en.wikipedia.org/wiki/Central_European_Time // https://en.wikipedia.org/wiki/Central_European_Time
// As of 2011, all member states of the European Union observe summer time (daylight saving time), // As of 2011, all member states of the European Union observe Summer Time (daylight saving time),
// from the last Sunday in March to the last Sunday in October. // from the last Sunday in March to the last Sunday in October.
// States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1] // States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1]
utcMonth := utc.Month() utcMonth := utc.Month()

View file

@ -37,7 +37,7 @@ cat key.json | base64
[Configuration] [Configuration]
[Configuration.Credentials] [Configuration.Credentials]
YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions" YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions"
YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud" YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
[Configuration.Additional] [Configuration.Additional]
YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check" YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"

View file

@ -1,5 +1,4 @@
// Package memcached implements a HTTP provider for solving the HTTP-01 challenge using memcached // Package memcached implements an HTTP provider for solving the HTTP-01 challenge using memcached in combination with a webserver.
// in combination with a webserver.
package memcached package memcached
import ( import (

View file

@ -1,4 +1,4 @@
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge using web server's root path. // Package s3 implements an HTTP provider for solving the HTTP-01 challenge using AWS S3.
package s3 package s3
import ( import (

View file

@ -1,5 +1,3 @@
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge
// using AWS S3 in combination with AWS CloudFront.
package s3 package s3
import ( import (

View file

@ -1,4 +1,4 @@
// Package webroot implements a HTTP provider for solving the HTTP-01 challenge using web server's root path. // Package webroot implements an HTTP provider for solving the HTTP-01 challenge using web server's root path.
package webroot package webroot
import ( import (