73bb54a4b2
updated changelog
2025-05-18 02:16:14 +02:00
3a71a7ad94
only validate existance of wellknown directory or hook script when actually necessary ( fixes #965 )
2025-05-18 02:07:04 +02:00
0290338853
post-v0.7.2-release
2025-05-18 01:36:16 +02:00
fcca67b53c
release v0.7.2
2025-05-18 01:34:32 +02:00
cf9e6a33fd
Allow for automatic deletion of old files
2025-05-02 15:00:48 +02:00
bec154f070
Added a configuration parameter to allow for timeouts during order processing ( fixes #955 )
2025-05-02 14:42:57 +02:00
0141d86267
Update README ( closes #964 )
2025-05-02 14:38:45 +02:00
a86a176805
use temporary csr file instead of stdin (keeps compatibility to older openssl versions)
2025-04-23 11:24:42 +02:00
200cd68e7e
updated changelog
2025-04-14 19:49:31 +02:00
e973cb2d8a
Disable warning when reading CSRs from stdin.
...
Coming across the same warning that was reported in
[PR#929](https://github.com/dehydrated-io/dehydrated/pull/929 "Suppress
openssl warning about reading from stdin") this is my attempt to disable
this warning. Instead of discarding stderr in total (this can still be
useful), we just use the "-in" parameter as hinted in the warning:
$ foo=$(cat req.csr)
$ <<<${foo} openssl req -noout -verify > /dev/null; echo $?
Warning: Will read cert request from stdin since no -in option is given
0
$ <<<${foo} openssl req -in - -noout -verify > /dev/null; echo $?
0
2025-04-14 19:42:15 +02:00
7c438c484f
added google ca to example config and added documentation link to error message
2025-04-14 19:12:59 +02:00
a94f451014
Add support for Google Trust Services.
...
Official Documentation: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial
The first registration requires obtaining EAB_KID and EAB_HMAC_KEY according to the document, and setting CONTACT_EMAIL, EAB_HMAC_KEY, EAB_KID in the configuration file.
2025-04-14 18:59:59 +02:00
a615a55ad6
Update dehydrated repo urls in man page
2025-04-14 18:57:00 +02:00
f6d82e2715
fix small issue with certificate profile selection (use key instead of value)
2025-04-14 18:49:44 +02:00
1a1cb94a61
added changelog + default config entries for certificate profile selection
2025-04-14 18:41:38 +02:00
5ab8c3806d
implemented certificate profile selection (draft-aaron-acme-profiles-00)
...
https://letsencrypt.org/2025/01/09/acme-profiles/
https://datatracker.ietf.org/doc/html/draft-aaron-acme-profiles-00
Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com >
2025-04-14 18:35:10 +02:00
4ea5081640
renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs ( fixes #963 )
2025-04-11 10:33:07 +02:00
4fd777e87e
Ignore output of 'openssl req -verify'.
...
Newer versions of openssl seem to send the verify outout to stdout instead of
stderr in the past. Ignore that output when retrieving altnames.
2023-12-05 02:36:40 +01:00
e3ef43c816
fix zsh compatibility ( fixes #896 )
2023-01-16 22:41:05 +01:00
67b111a7b0
Replace all escaped slashes in json strings ( closes #866 )
...
${var/pattern/string} will only replace the first occurence. We should
use ${var//pattern/string} to replace all escaped slashes.
2022-10-31 16:27:16 +01:00
fa68ad8b23
improve man page based on feedback from debian-l10n-english ( fixes #873 , closes #875 )
...
Also propagate changes to dehydrated help and README.md
2022-10-31 16:22:04 +01:00
5c4adf6baa
added note about dehydrated irc channel
2022-10-31 15:46:28 +01:00
35bfea55b6
increase dehydrated version for git master use
2022-10-31 15:46:07 +01:00
ea84199863
release 0.7.1 (it finally happened!)
2022-10-31 15:12:38 +01:00
6091ba4bc2
Add missing checks and fix hexdump output ( closes #878 )
2022-10-31 15:12:04 +01:00
6fb8eba56a
implemented workaround for retrying on badNonce errors
2022-09-07 15:09:57 +02:00
19c7fbbf47
egrep is deprecated
...
egrep has been deprecated since 2007 and warns it's obsolete since:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1
Signed-off-by: Simon Deziel <simon@sdeziel.info >
2022-04-07 21:49:56 +02:00
7128e6b63c
rfc8738: fix CN on certs with mixed ip+dns
2022-04-07 01:34:21 +02:00
861f4c733d
rfc8738: only replace ip with reverse dns thingy if tls-alpn-01 is used
2022-04-07 01:33:48 +02:00
ad3f08084c
implemented rfc 8738 support
2022-04-06 22:23:43 +02:00
784fb806c8
really reverted regression in somehow broken array expansion from e963438c..
2021-11-02 09:05:19 +01:00
b2574b16d1
reverted regression in somehow broken array expansion from e963438c ( fixes #850 )
2021-11-02 09:01:00 +01:00
da641588ce
removed old logo
2021-11-01 19:25:17 +01:00
8e6ddf6286
readme and (temporary) logo update
2021-11-01 19:22:50 +01:00
8e5977890a
fix regression from e963438c ( fixes #849 )
2021-11-01 18:57:57 +01:00
3bcf0c7f5a
use noglob helpers for domains.txt.d parsing
2021-11-01 18:57:49 +01:00
b347bc9086
added some changes to changelog
2021-10-31 22:58:06 +01:00
08477170e9
Exit with error if somebody is trying to use EC account keys with ACME v1
2021-10-31 22:36:40 +01:00
f4cf92bae5
extend ec algorithms with secp521r1 (not yet supported by LetsEncrypt, but maybe by other CAs)
2021-10-31 22:31:09 +01:00
93573cda3c
experimental support for ec account keys ( fixes #827 )
2021-10-31 22:29:44 +01:00
607a6088d3
Avoid writing ec-parameters to private-key file ( fixes #830 )
2021-10-31 20:20:40 +01:00
880c99aa63
Better solution for issue #845
2021-10-31 20:11:31 +01:00
7ac25358ef
Show error if chain is configured for a CA which doesn't offer alternate chains ( fixes #845 )
2021-10-31 20:06:50 +01:00
5733863b93
added warning about possible behaviour-change with new domains.txt.d feature
2021-10-31 19:55:41 +01:00
f6a84a88fa
Support reading domains from drop-in snippets in domains.txt.d
2021-10-31 19:48:28 +01:00
e963438c5a
make shellcheck happy again
2021-10-31 19:33:03 +01:00
095165ee96
Only check existing certs when necessary
2021-10-31 19:29:00 +01:00
199cd59774
Remove debug echo in command_cleanup()
...
Signed-off-by: Simon Deziel <simon@sdeziel.info >
2021-10-31 19:23:01 +01:00
e17456778f
Use consistent indent in hook.sh
2021-10-31 19:21:26 +01:00
71f6bc617e
Better handling around grep/awk
2021-10-31 19:17:49 +01:00
Lukas Schauer