dehydrated

mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-11 21:05:21 +01:00

Author	SHA1	Message	Date
Simon Ruderich	f9126627a8	use lock file to prevent concurrent access Closes #31.	2015-12-08 17:52:18 +01:00
Simon Ruderich	85da9090ef	fix missing variable	2015-12-08 17:36:29 +01:00
Simon Ruderich	10cf229981	check certificate to detect corruption	2015-12-08 16:57:55 +01:00
Lukas Schauer	43b00611b1	fixed output of config location	2015-12-08 16:54:34 +01:00
Lukas Schauer	0972918605	grab action urls from ca-directory	2015-12-08 16:38:25 +01:00
Simon Ruderich	0b2119c494	_request: fix unset variable _request() is also called when $challenge_token/$keyauth is not set.	2015-12-08 16:04:52 +01:00
Simon Ruderich	84fac54107	fix typo in error message	2015-12-08 16:04:52 +01:00
Simon Ruderich	e32ea24c78	pass altname/domain as second argument to HOOK	2015-12-08 16:04:47 +01:00
Simon Ruderich	7f8ea450ff	display errors from openssl	2015-12-08 16:04:47 +01:00
Simon Ruderich	526843d66e	ugly fix to syntax highlighting in Vim	2015-12-08 16:04:47 +01:00
Simon Ruderich	1369c9afb8	replace echo with printf	2015-12-08 16:04:47 +01:00
Simon Ruderich	cbe1eb2cda	fix typo in comment	2015-12-08 16:04:47 +01:00
Simon Ruderich	c10390fbd1	simplify expiry check	2015-12-08 16:04:47 +01:00
Simon Ruderich	3f6ff8f753	replace rm -f; ln -s with ln -sf	2015-12-08 16:04:47 +01:00
Lukas Schauer	454c164b25	Check for config file in various locations	2015-12-08 15:57:22 +01:00
Lukas Schauer	16943702a5	fixed default path to WELLKNOWN and moved SCRIPTDIR definition out of default-config block	2015-12-08 15:38:33 +01:00
et@corde.org	c24843c666	A single HOOK to handle challenge, cleaning of challenge files and uploading of certs.	2015-12-08 15:22:31 +01:00
Lukas Schauer	15accf9013	certificate comes first in fullchain.pem, fixes #26	2015-12-08 14:46:50 +01:00
Lukas Schauer	ead15632ff	making shellcheck happy	2015-12-08 14:42:26 +01:00
et@corde.org	ea5b70a3d9	add CONTACT_EMAIL option on registration	2015-12-08 14:38:13 +01:00
Markus Germeier	063d28a6dc	implement revoke	2015-12-07 21:00:36 +01:00
Lukas Schauer	f343dc11e8	update symlinks after signing the certificate	2015-12-07 14:28:53 +01:00
Lukas Schauer	329acb58b5	create fullchain.pem	2015-12-07 12:50:31 +01:00
Lukas Schauer	3cc587c224	also store csr with timestamp and symlink to default location	2015-12-07 12:41:57 +01:00
Lukas Schauer	1f08fda757	look for domains.txt under BASEDIR	2015-12-07 12:36:56 +01:00
Lukas Schauer	00837b86ae	delete challenge response after verification	2015-12-07 12:10:51 +01:00
Lukas Schauer	98a6c549ff	parse challenges json differently to be compatible with bsd sed	2015-12-07 12:08:30 +01:00
Lukas Schauer	474f33d2ca	added config option to set path for openssl config file (currently only used for generating a signing request)	2015-12-07 11:45:09 +01:00
Lukas Schauer	cd13a9c21a	use bash functionality instead of sed to filter SAN variable	2015-12-07 11:36:58 +01:00
Lukas Schauer	81cb6ac77b	don't use '-r' on sed	2015-12-07 11:36:27 +01:00
Lukas Schauer	219b3e9d0a	making shellcheck happy	2015-12-07 11:26:14 +01:00
Lukas Schauer	401f5f7597	use absolute path of script directory as default BASEDIR, remove trailing slash from BASEDIR	2015-12-07 11:21:26 +01:00
Andrey Jr. Melnikov	5b29db9755	Store keys and certs in $BASEDIR	2015-12-07 11:07:43 +01:00
Martin Geiseler	579e231631	Cleaner outputs	2015-12-06 19:51:11 +01:00
Markus Germeier	9f93ef5e41	change openssl to use enddate for expiry date check	2015-12-06 18:25:54 +01:00
Markus Germeier	9c69b624c2	show expire date when we don't need to renew a certifcate	2015-12-06 17:03:59 +01:00
Lukas Schauer	ae8e5c8e17	Merge pull request #12 from germeier/newkeys generate a new private key for each csr if the user wishes so	2015-12-06 16:47:58 +01:00
Lukas Schauer	3cb292cbb8	trying to capture http status codes from curl instead of using "--fail" to be able to capture acme error messages	2015-12-06 16:35:46 +01:00
Markus Germeier	3dbbb461f1	generate a new private key for each csr if the user wishes so	2015-12-06 16:27:15 +01:00
Lukas Schauer	831b973a89	Merge pull request #11 from germeier/fixpending fixed logic to check status from our challenge	2015-12-06 16:09:49 +01:00
Markus Germeier	76a37834be	fixed logic to check status from our challenge the old code had a problem and would interpret a challenge that returned "pending" and then "invalid" as valid. This code actually has another problem. The RFC defines: "status (optional, string): The status of this authorization. Possible values are: "pending", "valid", and "invalid". If this field is missing, then the default value is "pending"." So actually the correct way to implement this would be: while [[ -z "${status}" ]] \|\| [[ "${status}" = "pending" ]]; do But without further checks this might lead to an endless loop. So this is "good enough(tm)". ;)	2015-12-06 15:51:38 +01:00
Lukas Schauer	3390080ccb	removed acme-challenges directory from git, create if needed	2015-12-06 15:41:49 +01:00
Lukas Schauer	440dc30d5e	make config.sh optional	2015-12-06 15:38:52 +01:00
Lukas Schauer	ff3dbc5819	default location for acme-challenges	2015-12-06 15:37:41 +01:00
Martin Geiseler	e300c0a173	Renew timeframe as config option	2015-12-06 15:21:20 +01:00
Martin Geiseler	5060dea068	Check expire date of existing certs	2015-12-06 15:16:36 +01:00
Markus Germeier	b7439a83d6	don't overwrite certificate files In a worst case scenario the new certificate is broken and we are left without a working certificate (or need to restore one from our backup). This way we only need to change the symlink to the known working cert	2015-12-06 15:12:00 +01:00
Markus Germeier	5a213f5f6a	make openssl keysize configurable	2015-12-06 15:05:00 +01:00
Lukas Schauer	96d7eabed4	use "-s" to detect content in temporary curl error logfile	2015-12-06 15:01:34 +01:00
Benjamin Dos Santos	c4be4c695a	style: double quote to prevent globbing and word splitting https://github.com/koalaman/shellcheck/wiki/Sc2086	2015-12-06 03:01:34 +01:00

1 2

87 Commits