starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-02-24 11:24:49 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity
69 Commits 5 Branches 15 Tags
1f08fda757ee9e4e0b8a2d623ce690ce88d717eb
Commit Graph

69 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lukas Schauer
1f08fda757 look for domains.txt under BASEDIR 2015-12-07 12:36:56 +01:00
Lukas Schauer
77df80b5a4 updated readme 2015-12-07 12:19:15 +01:00
Lukas Schauer
274e8e4192 updated readme 2015-12-07 12:18:06 +01:00
Lukas Schauer
00837b86ae delete challenge response after verification 2015-12-07 12:10:51 +01:00
Lukas Schauer
98a6c549ff parse challenges json differently to be compatible with bsd sed 2015-12-07 12:08:30 +01:00
Lukas Schauer
474f33d2ca added config option to set path for openssl config file (currently only used for generating a signing request) 2015-12-07 11:45:09 +01:00
Lukas Schauer
cd13a9c21a use bash functionality instead of sed to filter SAN variable 2015-12-07 11:36:58 +01:00
Lukas Schauer
81cb6ac77b don't use '-r' on sed 2015-12-07 11:36:27 +01:00
Lukas Schauer
219b3e9d0a making shellcheck happy 2015-12-07 11:26:14 +01:00
Lukas Schauer
401f5f7597 use absolute path of script directory as default BASEDIR, remove trailing slash from BASEDIR 2015-12-07 11:21:26 +01:00
Lukas Schauer
09ed26de5b added default BASEDIR to example config 2015-12-07 11:15:10 +01:00
Andrey Jr. Melnikov
5b29db9755 Store keys and certs in $BASEDIR 2015-12-07 11:07:43 +01:00
Martin Geiseler
579e231631 Cleaner outputs 2015-12-06 19:51:11 +01:00
Lukas Schauer
5d24285f5e Merge pull request #13 from germeier/master 
show expire date when we don't need to renew a certifcate
 2015-12-06 18:42:04 +01:00
Markus Germeier
9f93ef5e41 change openssl to use enddate for expiry date check 2015-12-06 18:25:54 +01:00
Markus Germeier
9c69b624c2 show expire date when we don't need to renew a certifcate 2015-12-06 17:03:59 +01:00
Lukas Schauer
ae8e5c8e17 Merge pull request #12 from germeier/newkeys 
generate a new private key for each csr if the user wishes so
 2015-12-06 16:47:58 +01:00
Lukas Schauer
3cb292cbb8 trying to capture http status codes from curl instead of using "--fail" to be able to capture acme error messages 2015-12-06 16:35:46 +01:00
Markus Germeier
3dbbb461f1 generate a new private key for each csr if the user wishes so 2015-12-06 16:27:15 +01:00
Lukas Schauer
831b973a89 Merge pull request #11 from germeier/fixpending 
fixed logic to check status from our challenge
 2015-12-06 16:09:49 +01:00
Markus Germeier
76a37834be fixed logic to check status from our challenge 
the old code had a problem and would interpret a challenge that
returned "pending" and then "invalid" as valid.

This code actually has another problem. The RFC defines:

"status (optional, string):  The status of this authorization.
 Possible values are: "pending", "valid", and "invalid".  If this
 field is missing, then the default value is "pending"."

So actually the correct way to implement this would be:

while [[ -z "${status}" ]] || [[ "${status}" = "pending" ]]; do

But without further checks this might lead to an endless loop. So this
is "good enough(tm)". ;)
 2015-12-06 15:51:38 +01:00
Lukas Schauer
3390080ccb removed acme-challenges directory from git, create if needed 2015-12-06 15:41:49 +01:00
Lukas Schauer
440dc30d5e make config.sh optional 2015-12-06 15:38:52 +01:00
Lukas Schauer
ff3dbc5819 default location for acme-challenges 2015-12-06 15:37:41 +01:00
Martin Geiseler
e300c0a173 Renew timeframe as config option 2015-12-06 15:21:20 +01:00
Martin Geiseler
5060dea068 Check expire date of existing certs 2015-12-06 15:16:36 +01:00
Markus Germeier
b7439a83d6 don't overwrite certificate files 
In a worst case scenario the new certificate is broken and we are left
without a working certificate (or need to restore one from our backup).

This way we only need to change the symlink to the known working cert
 2015-12-06 15:12:00 +01:00
Markus Germeier
5a213f5f6a make openssl keysize configurable 2015-12-06 15:05:00 +01:00
Lukas Schauer
96d7eabed4 use "-s" to detect content in temporary curl error logfile 2015-12-06 15:01:34 +01:00
Benjamin Dos Santos
c4be4c695a style: double quote to prevent globbing and word splitting 
https://github.com/koalaman/shellcheck/wiki/Sc2086
 2015-12-06 03:01:34 +01:00
Benjamin Dos Santos
dd5f36e536 style: [[ ... ]] is preferred over [, test and /usr/bin/[. 
https://google.github.io/styleguide/shell.xml#Test,_%5B_and_%5B%5B
 2015-12-06 02:59:02 +01:00
Lukas Schauer
16a5589b45 Merge pull request #7 from rudis/master 
add challenge hook and minor fixes/improvements
 2015-12-06 02:49:05 +01:00
Simon Ruderich
b33f128893 add HOOK_CHALLENGE option to run a command before the reponse 2015-12-06 01:26:13 +01:00
Simon Ruderich
d211fece4a use mkdir -p to create certs/$domain/ 
Prevents an error if running for the first time in a different
directory.
 2015-12-06 01:23:41 +01:00
Simon Ruderich
00a0937c1f make license agreement configurable as LICENSE 2015-12-06 01:23:16 +01:00
Simon Ruderich
f11bb1db6e set CA setting per default 
letsencrypt.sh is mainly used with letsencrypt.org.
 2015-12-06 01:23:16 +01:00
Simon Ruderich
1cd81e9f03 fix typo in error string 2015-12-06 01:23:16 +01:00
Simon Ruderich
730930a153 also remove tempfile for curl's stderr on error 2015-12-06 01:23:16 +01:00
Simon Ruderich
130ea6ab69 rewrap line 
No code changes.
 2015-12-06 01:23:16 +01:00
Simon Ruderich
2f9c639c2b simplify check for empty file 2015-12-06 01:23:16 +01:00
Simon Ruderich
d6d11a75e6 quote output filename 
Shouldn't be necessary for output from `mktemp`, but better play it
safe.
 2015-12-06 01:23:16 +01:00
Lukas Schauer
2e8454b46e use "/usr/bin/env bash" instead of "/bin/bash" 2015-12-05 22:30:00 +01:00
Lukas Schauer
c6e6030269 big portability + readability fix: use openssl base64 instead of system base64, use shasum instead of shasum, added some comments 2015-12-05 22:27:58 +01:00
Lukas Schauer
6221526df5 fixed issue #4 (multiple domains per line) 2015-12-05 22:07:03 +01:00
Lukas Schauer
20e7d9d7a7 removed perl dependency 2015-12-05 22:06:36 +01:00
Lukas Schauer
69f3e78b7e fail in pipes too 2015-12-05 18:03:06 +01:00
Lukas Schauer
7ec1e45aa6 fixed curl error message 2015-12-05 17:42:09 +01:00
Lukas Schauer
91ce50afe2 trying to catch curl errors 2015-12-05 17:40:21 +01:00
Lukas Schauer
2b5df371a9 make challenge files world-readable 2015-12-05 16:57:04 +01:00
Lukas Schauer
f8013d9243 Merge pull request #1 from rudis/master 
fix registration, certificate creation and minor fixes
 2015-12-05 16:53:00 +01:00