5940c55e18
prepared future migration to new acmev2 endpoint
2018-02-07 03:14:29 +01:00
2eedd69ee9
request_failure hook: added http response headers as new parameter
2018-02-06 23:33:28 +01:00
082ed17a0a
added acmev2 staging information to docs
2018-02-06 21:58:42 +01:00
dec5ad5840
read url to terms of service from ca directory
2018-02-06 21:58:42 +01:00
83bf2664b0
added a few simple example use cases to example hook script
2018-02-06 21:13:37 +01:00
63854b752b
New hook: generate_csr (see example hook script for more information, implements #475 , replaces #377 )
2018-02-06 20:57:33 +01:00
62d37c9b3d
Fix grammer error in the manpage ( fixes #466 )
...
"allows to" requires a subject (e.g. "allows one to"), without it's just
syntactically wrong. Change the verb entirely to workaround the
problem.
2018-02-06 19:14:12 +01:00
b53cb6643b
moved manpage to docs directory
2018-02-06 18:53:21 +01:00
fb41783885
automatic discovery of remote acme api version
2018-02-05 19:20:28 +01:00
6d02bfdb42
shrink "logo" a bit
2018-02-03 22:14:43 +01:00
afba7c694c
moved deploy_challenge to earlier loop so it works with multiple challenge tokens on the same identifier (important for wildcard certificate), fixed array-name, removed hook-chain warning
2018-01-28 19:48:25 +01:00
471899b4d8
Add ^~ to nginx location block
...
To make sure it is not overridden.
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location :
> If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.
2018-01-28 06:18:10 +01:00
0f69481e2b
rewrote challenge validation to iterate over authorizations instead of altnames (fixes some acmev2 validation edgecases), also removed broken test-script (for now)
2018-01-28 06:13:37 +01:00
68cb1e0661
ACME v02 Support
2018-01-13 20:17:25 +01:00
2adc57791c
Add optional user and group configuration ( fixes #434 )
2017-12-18 00:35:26 +01:00
c62f3d91fc
implement certificate aliases as suggested by typingArtist ( fixes #396 )
2017-12-17 23:50:46 +01:00
88267db7e2
Update wellknown.md
...
add Hiawatha to list
2017-12-14 00:33:11 +01:00
58647cab65
added OPENSSL variable to example config ( #414 )
2017-07-18 15:46:25 +02:00
ee75c5dca7
Initial support for fetching OCSP status to be used for OCSP stapling (as suggested in #385 )
2017-07-11 00:28:36 +02:00
60583d3ef9
added hook to run before cron command ( fixes #371 )
2017-07-10 21:36:10 +02:00
e6d6882c78
added option to automatically run cleanup routine (implements #389 )
2017-07-10 20:21:30 +02:00
875c1f74e5
Add some formatting to improve human scannability (while reading)
2017-07-10 19:53:39 +02:00
d1f215b652
fixed typos as suggested by @jwilk ( closes #369 )
2017-07-10 16:55:18 +02:00
bd57777c62
Ability to provide extra curl options
...
In some situations it might be necessary to pass extra commands to
the curl binary, e.g. proxy authentication credentials.
Adds the CURL_OPTS config option.
2017-07-10 16:44:39 +02:00
33c77e6daa
Add some comments about IPv6.
2017-07-10 15:26:50 +02:00
d685463673
implemented issuer-chain cache
2017-07-10 15:06:50 +02:00
fe17753dd5
Invoke bash through /usr/bin/env
2017-01-30 20:47:23 -05:00
27a416511f
The example hook script uses bash test regex
...
Use bash explictly as done for the main script.
Signed-off-by: Simon Deziel <simon.deziel@gmail.com >
2017-01-30 20:36:19 -05:00
e5452922e9
whitelist handlers for example hook ( fixes #348 )
2017-01-30 03:53:59 +01:00
6a32f20e00
ask user to read and accept license, added register-command, fullchain.pem is now actually the full chain
2017-01-29 22:06:53 +01:00
298a7e9aaf
added exit_hook hook
2017-01-29 15:48:03 +01:00
81eecedc5a
Fix: bash to sh notation on invalid_challenge() hook
2017-01-06 00:18:57 +01:00
404dc3fe0f
Adding the request_failure hook ( #326 )
2017-01-06 00:15:51 +01:00
318cf2011d
Adding the invalid_challenge hook ( #278 )
2016-12-18 20:31:08 +01:00
a13e410363
Basic implementation for private key rollover ( #294 )
...
* initial commit for PRIVATE_KEY_ROLLOVER
* fix if syntax
* rolloverkey without timestamps
* update example config: PRIVATE_KEY_ROLLOVER
* rolloverkey creation logic updated
* updated tests. untested.
* added cleanup for rolloverkeys: if disabled, delete privkey.roll.pem
2016-10-17 22:40:03 +02:00
d62a5eeb1e
fix lighttpd syntax ( #299 )
...
at least in 1.4 the syntax is `server.modules` and it's an array.
and it's always good idea to keep trailing comma to avoid syntax errors when adding new entries.
2016-10-17 22:11:34 +02:00
83fa54cc38
examples/hook: no bashism ( #300 )
...
use plain shell syntax,
also protect against if arguments contain spaces.
2016-10-17 22:08:14 +02:00
caeed7d5e3
Make example hook.sh file executable. ( #253 )
...
So one can easily `cp docs/examples/hook.sh .`
2016-09-14 15:11:25 +02:00
ec49a4433b
fixed a few things after project rename
2016-09-13 20:00:43 +02:00
64e35463cb
renamed project to dehydrated and main script to dehydrated.sh
2016-09-13 19:48:27 +02:00
6192b33ac2
ECDSA is supported since February 10, 2016 ( #260 )
...
Let's Encrypt will however sign all ECDSA certs with an RSA intermediate certificate.
https://letsencrypt.org/upcoming-features/
2016-08-22 15:40:37 +02:00
47602dea04
Update staging doc: Let's Encrypt is no longer in beta. ( #259 )
2016-08-22 15:38:29 +02:00
3a66a7f8d2
Fix default license help text in example config ( #254 )
2016-08-06 15:32:53 +02:00
ca0249c46c
Update staging.md
2016-08-03 23:47:57 +02:00
afabfff06e
updated url to letsencrypt license agreement
2016-08-01 20:35:46 +02:00
194464b04b
Default WELLKNOWN location is now /var/www/letsencrypt
...
With this change private and public files are now separated by default.
2016-07-20 17:04:25 +02:00
364bcccf74
Added option to select IP version of name to address resolution ( #231 )
2016-07-20 16:49:04 +02:00
2042b177c7
modified lighttpd example config
2016-06-10 23:41:59 +02:00
ae98ff6767
Add Lighttpd example to wellknown.md ( #224 )
2016-06-08 01:49:50 +02:00
194d543fa1
removed ACCOUNT_KEY and ACCOUNT_KEY_JSON from example config
2016-06-04 11:12:30 +02:00
Lukas Schauer