starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity
685 Commits 5 Branches 15 Tags
a94f4510148c8e65ac7e1053d77bb536687471f9
Commit Graph

685 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hshh
a94f451014 Add support for Google Trust Services. 
Official Documentation: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial
The first registration requires obtaining EAB_KID and EAB_HMAC_KEY according to the document, and setting CONTACT_EMAIL, EAB_HMAC_KEY, EAB_KID in the configuration file.
 2025-04-14 18:59:59 +02:00
Bob Idle
a615a55ad6 Update dehydrated repo urls in man page 2025-04-14 18:57:00 +02:00
Lukas Schauer
f6d82e2715 fix small issue with certificate profile selection (use key instead of value) 2025-04-14 18:49:44 +02:00
Lukas Schauer
1a1cb94a61 added changelog + default config entries for certificate profile selection 2025-04-14 18:41:38 +02:00
Youfu Zhang
5ab8c3806d implemented certificate profile selection (draft-aaron-acme-profiles-00) 
https://letsencrypt.org/2025/01/09/acme-profiles/
https://datatracker.ietf.org/doc/html/draft-aaron-acme-profiles-00

Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
 2025-04-14 18:35:10 +02:00
Lukas Schauer
4ea5081640 renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs (fixes #963) 2025-04-11 10:33:07 +02:00
Wilfried Teiken
4fd777e87e Ignore output of 'openssl req -verify'. 
Newer versions of openssl seem to send the verify outout to stdout instead of
stderr in the past. Ignore that output when retrieving altnames.
 2023-12-05 02:36:40 +01:00
Lukas Schauer
e3ef43c816 fix zsh compatibility (fixes #896) 2023-01-16 22:41:05 +01:00
Alexander Sulfrian
67b111a7b0 Replace all escaped slashes in json strings (closes #866) 
${var/pattern/string} will only replace the first occurence. We should
use ${var//pattern/string} to replace all escaped slashes.
 2022-10-31 16:27:16 +01:00
Daniel Molkentin
fa68ad8b23 improve man page based on feedback from debian-l10n-english (fixes #873, closes #875) 
Also propagate changes to dehydrated help and README.md
 2022-10-31 16:22:04 +01:00
Lukas Schauer
5c4adf6baa added note about dehydrated irc channel 2022-10-31 15:46:28 +01:00
Lukas Schauer
35bfea55b6 increase dehydrated version for git master use 2022-10-31 15:46:07 +01:00
Lukas Schauer
ea84199863 release 0.7.1 (it finally happened!) v0.7.1 2022-10-31 15:12:38 +01:00
Krayon
6091ba4bc2 Add missing checks and fix hexdump output (closes #878) 2022-10-31 15:12:04 +01:00
Lukas Schauer
6fb8eba56a implemented workaround for retrying on badNonce errors 2022-09-07 15:09:57 +02:00
Simon Deziel
19c7fbbf47 egrep is deprecated 
egrep has been deprecated since 2007 and warns it's obsolete since:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1

Signed-off-by: Simon Deziel <simon@sdeziel.info>
 2022-04-07 21:49:56 +02:00
Lukas Schauer
7128e6b63c rfc8738: fix CN on certs with mixed ip+dns 2022-04-07 01:34:21 +02:00
Lukas Schauer
861f4c733d rfc8738: only replace ip with reverse dns thingy if tls-alpn-01 is used 2022-04-07 01:33:48 +02:00
Lukas Schauer
ad3f08084c implemented rfc 8738 support 2022-04-06 22:23:43 +02:00
Lukas Schauer
784fb806c8 really reverted regression in somehow broken array expansion from e963438c.. 2021-11-02 09:05:19 +01:00
Lukas Schauer
b2574b16d1 reverted regression in somehow broken array expansion from e963438c (fixes #850) 2021-11-02 09:01:00 +01:00
Lukas Schauer
da641588ce removed old logo 2021-11-01 19:25:17 +01:00
Lukas Schauer
8e6ddf6286 readme and (temporary) logo update 2021-11-01 19:22:50 +01:00
Lukas Schauer
8e5977890a fix regression from e963438c (fixes #849) 2021-11-01 18:57:57 +01:00
Lukas Schauer
3bcf0c7f5a use noglob helpers for domains.txt.d parsing 2021-11-01 18:57:49 +01:00
Lukas Schauer
b347bc9086 added some changes to changelog 2021-10-31 22:58:06 +01:00
Lukas Schauer
08477170e9 Exit with error if somebody is trying to use EC account keys with ACME v1 2021-10-31 22:36:40 +01:00
Lukas Schauer
f4cf92bae5 extend ec algorithms with secp521r1 (not yet supported by LetsEncrypt, but maybe by other CAs) 2021-10-31 22:31:09 +01:00
Lukas Schauer
93573cda3c experimental support for ec account keys (fixes #827) 2021-10-31 22:29:44 +01:00
Lukas Schauer
607a6088d3 Avoid writing ec-parameters to private-key file (fixes #830) 2021-10-31 20:20:40 +01:00
Lukas Schauer
880c99aa63 Better solution for issue #845 2021-10-31 20:11:31 +01:00
Lukas Schauer
7ac25358ef Show error if chain is configured for a CA which doesn't offer alternate chains (fixes #845) 2021-10-31 20:06:50 +01:00
Lukas Schauer
5733863b93 added warning about possible behaviour-change with new domains.txt.d feature 2021-10-31 19:55:41 +01:00
Marc Schütz
f6a84a88fa Support reading domains from drop-in snippets in domains.txt.d 2021-10-31 19:48:28 +01:00
Lukas Schauer
e963438c5a make shellcheck happy again 2021-10-31 19:33:03 +01:00
Stefaan Ghysels
095165ee96 Only check existing certs when necessary 2021-10-31 19:29:00 +01:00
Simon Deziel
199cd59774 Remove debug echo in command_cleanup() 
Signed-off-by: Simon Deziel <simon@sdeziel.info>
 2021-10-31 19:23:01 +01:00
Elan Ruusamäe
e17456778f Use consistent indent in hook.sh 2021-10-31 19:21:26 +01:00
Brian Bennett
71f6bc617e Better handling around grep/awk 2021-10-31 19:17:49 +01:00
Joao Morais
6ee4ae508e fix command_version on Darwin/macOS 11 
Current output of `uname` on Darwin/macOS 11 is only `Darwin`, which
breaks the premisse used in `command_version()`. This update adds
`Darwin` alongside `BSD`.
 2021-10-31 19:08:52 +01:00
27o
91cccc0c23 ensure newline before new section in openssl.cnf 
openssl.cnf may not end with a newline. The section [SAN] will then not be found as it is added to the last line of openssl.cnf.
 2021-04-23 02:03:23 +02:00
Lukas Schauer
ab016803dd expand documentation on using letsencrypt staging ca 2021-04-18 03:48:47 +02:00
Nick
7d8573af12 Update staging.md to use ACMEv2 server (closes #812) 
letsencrypt is phasing out the v1 server:

```
  + ERROR: An error occurred while sending get-request to https://acme-staging.api.letsencrypt.org/directory (Status 403)

Details:
HTTP/2 403
server: nginx
date: Thu, 01 Apr 2021 20:48:17 GMT
content-type: application/problem+json
content-length: 189
etag: "600b3710-bd"

{
  "type": "urn:acme:error:serverInternal",
  "detail": "ACMEv1 Brownout in Progress. ACMEv1 will fully turn off on June 1, 2021. Check https://letsencrypt.status.io/ for more details."
}

```
 2021-04-18 03:44:41 +02:00
Lukas Schauer
fb06530097 command_sign_csr: redirect fds after init_system (fixes #816) 2021-04-16 14:32:05 +02:00
Lukas Schauer
5c1551e946 remove some dots :) 2021-03-29 20:20:52 +02:00
Marcus Rückert
20c27b291c Add more examples to show case how to create certs 
e.g. with different key algorithms
 2021-03-29 20:19:41 +02:00
Lukas Schauer
24f66a3473 generic support for weird curl versions with lower-case headers and no whitespace 2021-03-21 20:51:10 +01:00
joele89
21bff55b7c Updating nonce handler for newer versions of F5 2021-03-21 20:46:31 +01:00
Glenn Strauss
374fce0249 document using -t tls-alpn-01 with lighttpd 2021-03-21 20:42:23 +01:00
Glenn Strauss
00941472b2 add -t tls-alpn-01 to command line help 2021-02-18 16:56:05 +01:00