xenolf
1ab8907f82
Merge pull request #90 from weppos/dnsimple-subdomain
...
Fix bugs with subdomains
2016-01-30 23:57:27 +01:00
Simone Carletti
2e32f171d2
DNSimpleProvider: Fix wrong record deletion
...
This is a very subtle bug. In some specific circumstances, when the
list of domains in the SAN was > 1, the library may delete the wrong
record (specifically the last one) instead of the matching one.
The issue is explained here
https://groups.google.com/forum/#!topic/golang-nuts/tlWzJUWJKgA
Here's the output from one of the various tests
➜ lego git:(dnsimple-subdomain) ✗ DNSIMPLE_DOMAIN=simone.io go test -v ./... --run "TestLiveDNSimpleCleanUp"
? github.com/xenolf/lego [no test files]
=== RUN TestLiveDNSimpleCleanUp
2016/01/30 01:10:45 Empty records:
2016/01/30 01:10:45 0
2016/01/30 01:10:46 Fetched records:
2016/01/30 01:10:46 [{5326536 41571 v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC} {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC} {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC} {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}]
2016/01/30 01:10:46 Record name:
2016/01/30 01:10:46 _acme-challenge
2016/01/30 01:10:46 {5326536 41571 v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC}
2016/01/30 01:10:46 {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC}
2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
2016/01/30 01:10:46 Deleted>>
2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
2016/01/30 01:10:46 >>Deleted
2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
2016/01/30 01:10:46 Record to delete:
2016/01/30 01:10:46 1
2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
2016/01/30 01:10:46 Record to delete (foos):
2016/01/30 01:10:46 [{5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}]
2016/01/30 01:10:46 Found records to delete:
2016/01/30 01:10:46 1
2016/01/30 01:10:46 [0xc8203be240]
2016/01/30 01:10:46 &{5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
--- PASS: TestLiveDNSimpleCleanUp (3.10s)
PASS
ok github.com/xenolf/lego/acme 3.121s
The record 5340655 was supposed to be deleted, but 5340677 was deleted
instead (notice how the deleted record was always the last one in the
returned record set).
And of course the validation never passed
➜ letsencrypt-dnsimple git:(master) go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,foo1.simone.io,foo2.simone.io,foo3.simone.io
2016/01/30 00:27:55 .data/users/xxx@gmail.com
2016/01/30 00:27:55 {xxx@gmail.com <nil> 0xc82009a300}
2016/01/30 00:27:56 [INFO] acme: Registering account for xxx@gmail.com
2016/01/30 00:27:57 &{{ 116016 {RSA xxx} [mailto:xxx@gmail.com] } https://acme-staging.api.letsencrypt.org/acme/reg/116016 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf }
2016/01/30 00:27:58 [INFO][simone.io, foo1.simone.io, foo2.simone.io, foo3.simone.io] acme: Obtaining bundled SAN certificate
2016/01/30 00:27:59 [INFO][simone.io] acme: Could not find solver for: http-01
2016/01/30 00:27:59 [INFO][simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:00 simone.io
2016/01/30 00:28:00 &{0 0 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT <nil> <nil>}
2016/01/30 00:28:12 [INFO][simone.io] The server validated our request
2016/01/30 00:28:14 &{5340584 41571 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT 2016-01-29 23:28:00.828 +0000 UTC 2016-01-29 23:28:00.828 +0000 UTC}
2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:15 simone.io
2016/01/30 00:28:15 &{0 0 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT <nil> <nil>}
2016/01/30 00:28:19 &{5340585 41571 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT 2016-01-29 23:28:15.996 +0000 UTC 2016-01-29 23:28:15.996 +0000 UTC}
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:20 simone.io
2016/01/30 00:28:20 &{0 0 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT <nil> <nil>}
2016/01/30 00:28:22 [INFO][foo2.simone.io] The server validated our request
2016/01/30 00:28:23 &{5340586 41571 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT 2016-01-29 23:28:21.051 +0000 UTC 2016-01-29 23:28:21.051 +0000 UTC}
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: http-01
2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Trying to solve DNS-01
2016/01/30 00:28:25 simone.io
2016/01/30 00:28:25 &{0 0 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT <nil> <nil>}
2016/01/30 00:28:27 [INFO][foo3.simone.io] The server validated our request
2016/01/30 00:28:28 &{5340587 41571 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT 2016-01-29 23:28:25.616 +0000 UTC 2016-01-29 23:28:25.616 +0000 UTC}
2016/01/30 00:28:28 map[foo1.simone.io:acme: Error 0 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.foo1.simone.io
Error Detail:
]
exit status 1
This is the result of the latest (successful) run:
➜ letsencrypt-dnsimple git:(master) ✗ go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,yy.simone.io,xx.simone.io
2016/01/30 21:34:01 .data/users/xxx@gmail.com
2016/01/30 21:34:01 {xxx@gmail.com <nil> 0xc820070480}
2016/01/30 21:34:02 [INFO] acme: Registering account for xxx@gmail.com
2016/01/30 21:34:03 &{{ 116199 {RSA xxx} [mailto:xxx@gmail.com] } https://acme-staging.api.letsencrypt.org/acme/reg/116199 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf }
2016/01/30 21:34:03 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Obtaining bundled SAN certificate
2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: http-01
2016/01/30 21:34:04 [INFO][simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:13 [INFO][simone.io] The server validated our request
2016/01/30 21:34:14 Searching for
2016/01/30 21:34:14 simone.io
2016/01/30 21:34:15 To delete:
2016/01/30 21:34:15 {5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}
2016/01/30 21:34:15 Will delete:
2016/01/30 21:34:15 [{5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}]
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: http-01
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:18 [INFO][yy.simone.io] The server validated our request
2016/01/30 21:34:19 Searching for
2016/01/30 21:34:19 yy.simone.io
2016/01/30 21:34:19 To delete:
2016/01/30 21:34:19 {5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}
2016/01/30 21:34:19 Will delete:
2016/01/30 21:34:19 [{5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}]
2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Could not find solver for: tls-sni-01
2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Trying to solve DNS-01
2016/01/30 21:34:23 [INFO][xx.simone.io] The server validated our request
2016/01/30 21:34:23 Searching for
2016/01/30 21:34:23 xx.simone.io
2016/01/30 21:34:24 To delete:
2016/01/30 21:34:24 {5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}
2016/01/30 21:34:24 Will delete:
2016/01/30 21:34:24 [{5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}]
2016/01/30 21:34:25 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Validations succeeded; requesting certificates
2016/01/30 21:34:26 [INFO] acme: Requesting issuer cert from https://acme-staging.api.letsencrypt.org/acme/issuer-cert
2016/01/30 21:34:26 [INFO][simone.io] Server responded with a certificate.
[INFO][https://acme-staging.api.letsencrypt.org/acme/cert/fae971fcb1ce12 c4d3bb95a1f577786cccfe] Certificate simone.io, yy.simone.io, xx.simone.io2016/01/30 21:34:26 145 <nil>
2016/01/30 21:34:26 .data/certs/1454186041
2016/01/30 21:34:26 completed!
2016-01-30 22:14:29 +01:00
Den Quixote
0e53e51ba5
dns_challenge preCheckDNS: let system resolver decide IPv4 ./. IPv6.
...
We can ask the OS resolver for the IP of Google's public anycast DNS.
No need to "bootstrap" with literal IP address. The OS resolver knows
best about IPv4 ./. IPv6.
Mostly fixes #88 .
2016-01-30 19:39:10 +01:00
Simone Carletti
753f9ca798
DNSimpleProvider: Fix bug with subdomains
...
When requesting a certificate for a subdomain, the DNS record was
attached to the domain instead.
E.g.
Requested:
ww1.example.com
Created:
_acme-challenge.example.com
instead of
_acme-challenge.ww1.example.com
2016-01-30 00:03:50 +01:00
Simone Carletti
adc8afbb89
Update the path to the go lib
2016-01-29 23:47:56 +01:00
xenolf
815d8bba0c
Merge pull request #84 from weppos/dnsimple
...
Add DNSimple DNS support
2016-01-29 23:06:42 +01:00
xenolf
54e272aaa3
Fix regression in Renew with SAN.
...
re-apply 5930ea52f0
Fixes #87
2016-01-29 14:10:57 +01:00
Matthew Holt
cf4ca2a89d
Use http.DefaultClient
...
The Go docs recommend this.
2016-01-27 20:43:51 -07:00
Matthew Holt
b42b256d5c
Add DigitalOcean DNS provider
...
Also a few vet/lint fixes and improved some error messages
2016-01-26 17:57:55 -07:00
Simone Carletti
d70e2869d2
Move toFqdn and unFqdn into a shared place (see GH-84)
2016-01-26 16:37:50 +01:00
Simone Carletti
08516614dd
DNSimpleProvider: implement Present/CleanUp
2016-01-26 15:09:33 +01:00
Simone Carletti
6a3297e36f
DNSimpleProvider: fetch credentials from env
...
I also had to rename the `envAuth()` in the Cloudflare implementation
to avoid the "redeclared" error
acme/dns_challenge_dnsimple.go:41: envAuth redeclared in this block
previous declaration at acme/dns_challenge_cloudflare.go:154
2016-01-26 13:13:40 +01:00
Simone Carletti
bcfce0809a
DNSimpleProvider: Check valid credentials
2016-01-26 12:25:51 +01:00
Simone Carletti
3f4b078329
Basic DNSimple implementation for DNSProvider
2016-01-26 12:14:10 +01:00
xenolf
50031525c9
Fix DNS-01 challenge resource property
2016-01-25 00:32:47 +01:00
xenolf
08cd016ed3
Switch DNS-01 challenge over to central validation function
2016-01-25 00:23:21 +01:00
Jehiah Czebotar
617dd4d37c
Refactor challenge providers to new ChallengeProvider interface
...
* new ChallengeProvider with Present and CleanUp methods
* new Challenge type describing `http-01`, `tls-sni-01`, `dns-01`
* new client.SetChallengeProvider to support custom implementations
2016-01-24 16:10:50 -05:00
Matthew Holt
1ceed018fd
Tweak comment
2016-01-22 13:39:32 -07:00
Jan Broer
323bb88640
Fetch remaining zones when response is truncated.
...
Route53 API won’t return more than 100 zones per request.
2016-01-22 18:50:18 +01:00
xenolf
50be32a69e
Change maximum zone number requested from Route53 to Math.MaxInt32 from MaxInt64.
...
Fixes #79 .
2016-01-22 18:18:53 +01:00
xenolf
5992793edd
Refactor DNS precheck
2016-01-22 02:25:27 +01:00
xenolf
602aeba6c1
Merge branch 'add-dns-challenge'
2016-01-22 01:51:10 +01:00
xenolf
a3f134e3fb
Check DNS entry for validity before hitting boulder
2016-01-22 01:38:15 +01:00
Matthew Holt
db3a956d52
Couple more tests to ensure right method is being used
2016-01-13 18:49:25 -07:00
Ernesto Alejo
873ed4771d
Fix fallthrough in the response status codes
2016-01-14 00:32:45 +01:00
xenolf
beac6273f6
Merge pull request #71 from xenolf/pem-decode-fix
...
Fix PEM decoding if file ends with multiple newlines
2016-01-12 18:16:52 +01:00
xenolf
33216d7563
Fix a race for socket in HTTP-01
2016-01-11 22:04:04 +01:00
Matthew Holt
19ea2cbf75
Fix PEM decoding if file ends with multiple newlines
...
This method more closely reflects how crypto/tls does it here: https://golang.org/src/crypto/tls/tls.go?s=5139:5210#L174
2016-01-11 10:02:28 -07:00
xenolf
db1a519684
Add the ability to reuse a private key
2016-01-08 10:14:41 +01:00
xenolf
6e33cd1b84
Move JSON http wrappers to http.go file
2016-01-08 10:04:57 +01:00
xenolf
0c10083ef0
Update tests
2016-01-08 08:04:50 +01:00
xenolf
de29381f7a
Add interface:port override to HTTP-01 and TLS-01 instead of only port
2016-01-08 08:04:38 +01:00
xenolf
1193ae895a
Merge pull request #66 from xenolf/user-agent-string
...
Implement custom User-Agent string
2016-01-07 04:51:31 +01:00
Jan Broer
04e4239653
Base64 encode dns-01 record
2016-01-05 00:40:05 +01:00
Matthew Holt
0786c993c9
Return full, parsed ocsp response instead of just the status
2015-12-31 16:07:18 -07:00
Matthew Holt
bfc24007db
Oops
2015-12-31 15:04:58 -07:00
Matthew Holt
89908f39e9
Implement custom User-Agent string
...
Also a couple miscellaneous vet fixes
2015-12-30 15:01:21 -07:00
xenolf
fce9468e1e
Update client docs
2015-12-27 20:56:02 +01:00
xenolf
8362f35823
Remove unreachable code
2015-12-27 20:55:44 +01:00
xenolf
3a3baf1597
Fix validateFunc tests
2015-12-27 19:26:47 +01:00
xenolf
09ff568758
Adjust logging output for http-01
2015-12-27 19:18:38 +01:00
xenolf
466af28672
Extract validateFunc from httpChallenge and tlsSNIChallenge
2015-12-27 19:08:17 +01:00
xenolf
6b750198f2
Fix tests
2015-12-27 18:56:44 +01:00
xenolf
523f3eb250
Change SetHTTPSPort to SetTLSPort
2015-12-27 18:56:36 +01:00
xenolf
0e857b2fef
Adapt CLI to changes in lib
...
- Change explicit include of challenges to explicit exclude
- Add CLI switches for HTTP and TLS ports
2015-12-27 18:35:19 +01:00
xenolf
053dc4cfb1
Extract mutation of client into functions
2015-12-27 18:28:54 +01:00
xenolf
595f684e27
Merge branch 'master' of https://github.com/tommie/lego into refactor-client
...
# Conflicts:
# acme/client.go
# acme/http_challenge.go
# acme/http_challenge_test.go
# acme/tls_sni_challenge.go
# cli.go
# cli_handlers.go
2015-12-27 17:38:49 +01:00
Mustafa Altun
f3df6b81b2
Fix gofmt errors
2015-12-24 10:57:09 +02:00
xenolf
c2630f8eb7
Limit ioutil.ReadAll calls in client as well
2015-12-21 02:44:25 +01:00
xenolf
00af84d91b
Close response body in getIssuerCertificate
2015-12-21 02:44:25 +01:00