Lukas Schauer
b5de2e26eb
sign_domain: Use existing CSR with matching timestamp
2018-02-06 20:41:26 +01:00
Lukas Schauer
73a116e879
Create required certificate and chaincache directories outside of sign_domain
2018-02-06 20:40:32 +01:00
Lukas Schauer
9c35fce61e
Pre-generate timestamp outside of sign_domain
2018-02-06 20:39:23 +01:00
Lukas Schauer
87194f6596
Remove additional whitespace from extract_altnames
2018-02-06 20:38:02 +01:00
Mattia Rizzolo
62d37c9b3d
Fix grammer error in the manpage ( fixes #466 )
...
"allows to" requires a subject (e.g. "allows one to"), without it's just
syntactically wrong. Change the verb entirely to workaround the
problem.
2018-02-06 19:14:12 +01:00
Lukas Schauer
b53cb6643b
moved manpage to docs directory
2018-02-06 18:53:21 +01:00
Lukas Schauer
fb41783885
automatic discovery of remote acme api version
2018-02-05 19:20:28 +01:00
Nick Muerdter
0bc0bd13d6
Fix globbing of CONFIG_D *.sh files.
...
With the globbing changes made in
61083cf522
2018-02-03 16:11:14 -07:00
Lukas Schauer
6d02bfdb42
shrink "logo" a bit
2018-02-03 22:14:43 +01:00
Lukas Schauer
727443483d
added acmev2 information to readme
2018-02-03 22:12:32 +01:00
Lukas Schauer
7a0e71c6c2
follow location on http get-requests
2018-02-03 22:03:58 +01:00
Lukas Schauer
45f5c17260
fixed altname extraction of csr with wildcard domains, moved altname extraction from sign_csr to command_sign_csr
2018-02-02 23:47:29 +01:00
Lukas Schauer
61083cf522
disable globbing globally (only allow for cleanup routine)
2018-02-02 23:45:34 +01:00
Lukas Schauer
afba7c694c
moved deploy_challenge to earlier loop so it works with multiple challenge tokens on the same identifier (important for wildcard certificate), fixed array-name, removed hook-chain warning
2018-01-28 19:48:25 +01:00
Pandark
471899b4d8
Add ^~ to nginx location block
...
To make sure it is not overridden.
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location :
> If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.
2018-01-28 06:18:10 +01:00
Lukas Schauer
ec5dbcc816
updated changelog
2018-01-28 06:14:44 +01:00
Lukas Schauer
0f69481e2b
rewrote challenge validation to iterate over authorizations instead of altnames (fixes some acmev2 validation edgecases), also removed broken test-script (for now)
2018-01-28 06:13:37 +01:00
Lukas Schauer
6f3fed496d
rewrote donation section in readme
2018-01-28 06:13:01 +01:00
Lukas Schauer
5fd93ea874
be more verbose for acme v2 challenge handling
2018-01-27 22:51:39 +01:00
Lukas Schauer
656af8cadc
don't fail on nested json array in challenge info
2018-01-13 23:10:31 +01:00
Lukas Schauer
3e521e1c01
fixed domains.txt parsing (theoretically compatible with wildcard domains)
2018-01-13 20:54:55 +01:00
Martin Strobel
68cb1e0661
ACME v02 Support
2018-01-13 20:17:25 +01:00
Lukas Schauer
35a9f31643
changelog template, year update
2018-01-13 20:10:32 +01:00
Lukas Schauer
4a811759dc
version 0.5.0
2018-01-13 20:08:12 +01:00
Lukas Schauer
2adc57791c
Add optional user and group configuration ( fixes #434 )
2017-12-18 00:35:26 +01:00
Lukas Schauer
f35aed6ae6
replace backticks with escaped dollarbracethingy ( fixes #438 )
2017-12-18 00:01:47 +01:00
Lukas Schauer
b6b56d0df7
export certificate alias to be used in hook scripts
2017-12-17 23:54:19 +01:00
Lukas Schauer
13c853d43b
also reset configvars after domains loop
2017-12-17 23:51:23 +01:00
Lukas Schauer
c62f3d91fc
implement certificate aliases as suggested by typingArtist ( fixes #396 )
2017-12-17 23:50:46 +01:00
typingArtist
eb1c4ac41d
make certdir a parameter to sign_domain
2017-12-17 22:55:12 +01:00
Daniel Molkentin
3ec54e7e0f
Add man page
2017-12-14 00:35:54 +01:00
sirrkitt
88267db7e2
Update wellknown.md
...
add Hiawatha to list
2017-12-14 00:33:11 +01:00
Lukas Schauer
eb4aaefda1
also inform about still-valid ocsp stapling files ( fixes #457 )
2017-12-14 00:11:40 +01:00
Lukas Schauer
3d97799d6a
always revalidate challenges if --force is set ( fixes #370 )
2017-11-07 14:43:41 +01:00
Exagone313
742c0ad176
fix ocsp.der symlink
2017-10-22 16:31:25 +02:00
Andreas Loibl
7f410e9bff
fix account command
...
backup file path generation should split the filename on the last dot instead of the first
2017-10-17 16:39:46 +02:00
Lukas Schauer
da3428a84a
use nullglob, disable warning on empty CONFIG_D directory
2017-09-21 18:10:01 +02:00
Lukas Schauer
b5e178ea75
allow for spaces when extracting commonName from csr ( fixes #423 )
2017-09-20 15:44:05 +02:00
Lukas Schauer
bc20ec79f3
also show freebsd version
2017-09-20 15:31:38 +02:00
Marcin Gryszkalis
ce9b42d8ad
fix issue #426 - version info on FreeBSD
2017-09-20 15:28:57 +02:00
Lukas Schauer
f838d93f40
stop verification loop after invalid challenge ( fixes #431 )
2017-09-20 15:17:30 +02:00
typingArtist
0be0ab083f
replace ${CERTDIR}/${domain} with ${certdir} everywhere
...
• improves readability
• allows ${certdir} to be changed independent from ${domain} more easily
2017-07-18 15:46:25 +02:00
Lukas Schauer
58647cab65
added OPENSSL variable to example config ( #414 )
2017-07-18 15:46:25 +02:00
Lukas Schauer
c57ad87e7c
fixed error handling on non-2xx http status codes ( #413 )
2017-07-18 03:29:39 +02:00
Lukas Schauer
2687054d25
cut path from url for ocsp host
2017-07-13 00:53:32 +02:00
Lukas Schauer
2b76d038d3
ocsp fetching should now also work with older openssl versions
2017-07-12 16:00:25 +02:00
Lukas Schauer
e339b28159
add host header to ocsp request
2017-07-12 15:33:56 +02:00
Lukas Schauer
4f3bd3e956
fixed exit_hook
2017-07-11 10:06:42 +02:00
Lukas Schauer
f86290ea52
revocation: don't fail if certificate already has been revoked ( fixes #236 )
2017-07-11 01:30:30 +02:00
Lukas Schauer
f1bc2b14ba
cleanup old ocsp response files
2017-07-11 00:50:05 +02:00
