starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-17 12:26:55 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity
637 Commits 5 Branches 15 Tags
374fce0249d53dea33f4b559a9421292e91fa288
Commit Graph

637 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Glenn Strauss 374fce0249 document using -t tls-alpn-01 with lighttpd 2021-03-21 20:42:23 +01:00
Glenn Strauss 00941472b2 add -t tls-alpn-01 to command line help 2021-02-18 16:56:05 +01:00
Michel Lespinasse 527933db24 Per-certificate config fixes 
- Ensure that all per-certificate settings are saved and restored in
  store_configvars() and reset_configvars() - that's what makes them
  per-certificate in the first place...

- Add OCSP_FETCH and OCSP_DAYS in the documented list of supported
  per-certificate configs, since the code does allow these.
 2021-02-18 16:51:14 +01:00
Nathan Felton 33a421f1e4 Support for LibreSSL version of openssl on macOS 2021-02-18 16:47:24 +01:00
Lukas Schauer dd0bbd2405 update copyright year 2021-02-18 16:47:23 +01:00
Lukas Schauer 26660e11c7 Fixed small unassigned variable issue 2020-12-12 03:12:13 +01:00
Lukas Schauer 316054ad1c Do not revalidate authorizations on forced renewal 
This commit introduces a new cli argument `--force-validation` which,
when used in combination with `--force` ignores valid domain
authorizations and forces a revalidation.

This has been implemented since at least LE seems to have changed some
behavior on valid authorizations. Only the previously validated
authorization-type is reusable, causing dehydrated to error out when
changing from recently validated authorization types while still trying
to force-renew certificates for whatever reason (e.g. changing algorithms).
 2020-12-12 03:01:59 +01:00
Lukas Schauer 29b67962ac fix CN extraction for older openssl versions 2020-12-11 18:02:51 +01:00
Lukas Schauer 3a7795589b bump changelog for new draft releases 2020-12-10 16:56:13 +01:00
Lukas Schauer 082da2527c preparing for release 0.7.0 v0.7.0 2020-12-10 16:54:26 +01:00
Lukas Schauer e784ba3853 use normal error behaviour for failing http requests (fixes #782) 2020-12-10 16:32:26 +01:00
Lukas Schauer abd369d062 allow to set domains.txt as cli argument (fixes #678) 2020-12-10 16:07:28 +01:00
Lukas Schauer cb7fb82beb use secp384r1 as default (instead of rsa, fixes #651) 2020-12-10 16:01:54 +01:00
Lukas Schauer 174616becd use secp384r1 as default (instead of rsa, fixes #651) 2020-12-10 16:01:08 +01:00
Raphael Hoegger 27fd41d75f adding new CLI Command (--cleanupdelete / -gcd) to cleanup+delete (instead of just moving to /archive) (closes #587) 2020-12-10 14:58:14 +01:00
Lukas Schauer ea106ef72e allow setting OCSP_FETCH and OCSP_DAYS per certificate config (closes #602, thx @bjacke) 2020-12-10 14:28:30 +01:00
Lukas Schauer f2d6a6152e cleanup: also remove dangling symlinks 2020-12-10 14:15:07 +01:00
Arnout Vandecappelle (Essensium/Mind) 129ec851ed cleanup: also do cleanup if symlink is broken (closes #667) 
The cleanup command skips filetypes for which the symlink is broken or
doesn't exist. However, if dehydrated fails, we may end up in exactly
the situation that the symlink doesn't exist (yet). If dehydrated fails
repeatedly, we may end up with a lot of old cert.csr, cert.pem and
privkey.pem files, so we really want to be able to clean them up.

Remove all files if the symlink is broken/missing, instead of skipping
those files.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2020-12-10 14:14:35 +01:00
Georg Altmann 835963fa6e make alpn-validation certificates and keys group readable (closes #754, fixes #753) 2020-12-10 14:00:26 +01:00
Daniel Molkentin 829aaeff2d Fix OCSP_FETCH with libressl 
libressl did not pick up the implicit host header patches
of OpenSSL 1.1 even in version 3 and thus exhibits the same
behavior as OpenSSL 1.0.

Patch by Chen, Chih-Chia <pigfoot@gmail.com>

Fixes #778
 2020-12-10 13:52:47 +01:00
Lukas Schauer 481aba7d7b remove quotes from per-cert-config vars to allow for spaces (fixes #789, closes #791) 2020-12-09 20:41:17 +01:00
Lukas Schauer fbcaac89f9 changed method for parsing issuer cn, fixing compatibility with some openssl versions 2020-12-09 19:38:27 +01:00
Lukas Schauer 589e9f30b3 show available options if preferred chain is not found 2020-11-21 16:19:08 +01:00
Lukas Schauer f2103340f3 fix spaces in sudo arguments 2020-11-20 17:09:04 +01:00
Lukas Schauer c670c18299 added display-terms to changelog+readme 2020-11-13 20:49:18 +01:00
Daniel Molkentin 7cc9e2d07f add --display-terms to display the URL for the current ToS 
Implements #649
 2020-11-13 20:47:49 +01:00
Lukas Schauer 7dfde364a3 added support for requesting preferred-chain instead of default chain 2020-11-13 20:36:51 +01:00
Lukas Schauer 7d3288f428 one more \s -> [[:space:]] replacement 2020-09-30 11:35:06 +02:00
Jarkko Oranen e69df6521b Replace \s with [[:space:]] for compatibility 2020-09-30 11:32:23 +02:00
Daniel Molkentin 8ddead4854 Complain about deactivated accounts 2020-09-28 01:15:48 +02:00
Daniel Molkentin 308b3ec750 implement account deactivation through --deactivate parameter 
This is an updated version of https://github.com/lukas2511/dehydrated/files/2641548/dehydrated_add_deactivate_command.diff.txt

Fixes #216
 2020-09-28 01:15:47 +02:00
Daniel Molkentin 39e1068a87 Don't require sudo before we know we really need it 
Fixes #665
 2020-09-27 22:26:20 +02:00
Daniel Molkentin 6d9fcd2588 Do not fail silently with invalid sudo user/group 2020-09-27 22:26:18 +02:00
Daniel Molkentin 60cb678e3b add more CAs, now that support for CA presets is implemented 
- letsencrypt-test (LE staging CA)
- buypass (verified to work with the new json parsing, see #653)
- buypass-test analogously
 2020-09-27 20:41:34 +02:00
Daniel Molkentin 5f8cfa50ba fix OS name detection 
before applying heuristics, use PRETTY_NAME from os-release(3),
which reliably exists on all common linux distributions.

keep the /etc/issue parsing as fallback.
 2020-09-27 20:35:18 +02:00
Lukas Schauer b3abc41dbe tmpfix: log error if acmev1 validation is denied + fix unbound variable 2020-09-15 17:27:24 +02:00
Lukas Schauer b3b2fee496 eab: use hex key instead of binary (fixes issue with nullbytes) 2020-09-14 18:59:41 +02:00
Lukas Schauer 416fd0fd1b do not fail on challenge in "processing" state (fixes #759) 2020-09-14 18:31:24 +02:00
Lukas Schauer 142c69dd90 fixed bad typo.. 2020-09-14 18:28:05 +02:00
Lukas Schauer 74c136905b readme+changelog 2020-09-14 18:24:01 +02:00
Lukas Schauer 5fc1175aef EAB + ZeroSSL support 2020-09-14 18:22:36 +02:00
Lukas Schauer 4b91fcf498 read boolean values from json 2020-09-14 18:19:08 +02:00
Lukas Schauer 11323d0727 removed accidental shebang 2020-09-14 18:18:35 +02:00
Lukas Schauer a9a64c9fd0 use presets for some CAs instead of requiring full urls 2020-09-14 16:37:16 +02:00
Jason Francis 42a0fc9a5e fix tls-alpn-01 configuration example 2020-07-05 22:30:38 +02:00
Lukas Schauer e119d9136b fixed some typos (fixes #725, fixes #741, fixes #740) 2020-07-05 22:29:57 +02:00
j-ed 275fb40ab4 removed tmp file in 'generate_alpn_certificate' function 
Made sure that the temp file will be removed at the end of the function.
 2020-07-05 21:41:12 +02:00
Lukas Schauer 7e92850957 fixed zsh compatibility 2020-07-05 04:13:11 +02:00
Lukas Schauer bb5a1473d1 merged temporary json.sh into dehydrated, fixed authorization "pending" loop 2020-07-04 21:51:32 +02:00
Lukas Schauer 7f970b527c experimental json.sh support 2020-07-04 21:36:23 +02:00