c63d1cb528
Update zeroapi curl call to use ip_version + CURL_OPTS + dehydrated user-agent ( closes #995 )
2026-04-30 16:10:15 +02:00
b9bff54bd6
fix: simplify SAN comparison + SAN regex ( closes #996 )
2026-04-30 16:10:14 +02:00
c93c0df78d
readme branding
2026-04-30 16:10:13 +02:00
7ea8aaab5c
some documentation
2026-02-04 00:34:39 +01:00
6f5c9dba64
ipv6 address formatting for letsencrypt compatibility and better detection of changed certificate names
2026-02-04 00:25:41 +01:00
4a340caf29
clean up some whitespace
2026-02-03 22:02:52 +01:00
2e6933464e
remove noout flag from time-based validity check
2026-02-03 22:01:15 +01:00
1dbbc64ce9
implement workaround for openssl regression ( fixes #981 )
...
The introduction of the `-multi` option to the x509 subcommand
introduced a regression to the `-checkend` behaviour, preventing
openssl to correctly indicate the certificate expiry status via
its exit code.
This commit introduces a (maybe temporary) workaround by instead
checking the output string.
2025-10-24 09:22:31 +02:00
12877bb238
throw error with information about OCSP deprecation if certificate doesn't indicate OCSP support
2025-07-05 11:13:45 +02:00
ad43e250b2
allow KEEP_GOING to also skip over ocsp stapling errors, update ocsp error message with a hint about deprecation on some CAs
2025-07-05 10:55:33 +02:00
8e9e5ef9c7
also allow setting KEEP_GOING as a config option
2025-07-05 10:54:29 +02:00
a7deeaedbc
set empty subject for ip-certificates
...
as suggested by @candlerb in #783
2025-07-05 10:28:13 +02:00
3d95f18000
Don't allow CDN's to send cached responses
...
A lot of CA's use a CDN service to protect and speed up their ACME service. These CDN services can sometimes miss-behave and send cached results. For example DigiCert's ACME service uses the Imperva CDN. It will send cached results on the DNS validation, challenge endpoint, resulting in it being stuck in the processing status, thus dehydrated is hung and never gets the certificate.
2025-06-17 19:52:29 +02:00
ce9eb300e2
implemented domain validation timeout
2025-06-17 19:51:27 +02:00
9cfcd66f15
small addition to 0.7.2 changelog
2025-05-18 02:28:57 +02:00
73bb54a4b2
updated changelog
2025-05-18 02:16:14 +02:00
3a71a7ad94
only validate existance of wellknown directory or hook script when actually necessary ( fixes #965 )
2025-05-18 02:07:04 +02:00
0290338853
post-v0.7.2-release
2025-05-18 01:36:16 +02:00
fcca67b53c
release v0.7.2
2025-05-18 01:34:32 +02:00
cf9e6a33fd
Allow for automatic deletion of old files
2025-05-02 15:00:48 +02:00
bec154f070
Added a configuration parameter to allow for timeouts during order processing ( fixes #955 )
2025-05-02 14:42:57 +02:00
0141d86267
Update README ( closes #964 )
2025-05-02 14:38:45 +02:00
a86a176805
use temporary csr file instead of stdin (keeps compatibility to older openssl versions)
2025-04-23 11:24:42 +02:00
200cd68e7e
updated changelog
2025-04-14 19:49:31 +02:00
e973cb2d8a
Disable warning when reading CSRs from stdin.
...
Coming across the same warning that was reported in
[PR#929](https://github.com/dehydrated-io/dehydrated/pull/929 "Suppress
openssl warning about reading from stdin") this is my attempt to disable
this warning. Instead of discarding stderr in total (this can still be
useful), we just use the "-in" parameter as hinted in the warning:
$ foo=$(cat req.csr)
$ <<<${foo} openssl req -noout -verify > /dev/null; echo $?
Warning: Will read cert request from stdin since no -in option is given
0
$ <<<${foo} openssl req -in - -noout -verify > /dev/null; echo $?
0
2025-04-14 19:42:15 +02:00
7c438c484f
added google ca to example config and added documentation link to error message
2025-04-14 19:12:59 +02:00
a94f451014
Add support for Google Trust Services.
...
Official Documentation: https://cloud.google.com/certificate-manager/docs/public-ca-tutorial
The first registration requires obtaining EAB_KID and EAB_HMAC_KEY according to the document, and setting CONTACT_EMAIL, EAB_HMAC_KEY, EAB_KID in the configuration file.
2025-04-14 18:59:59 +02:00
a615a55ad6
Update dehydrated repo urls in man page
2025-04-14 18:57:00 +02:00
f6d82e2715
fix small issue with certificate profile selection (use key instead of value)
2025-04-14 18:49:44 +02:00
1a1cb94a61
added changelog + default config entries for certificate profile selection
2025-04-14 18:41:38 +02:00
5ab8c3806d
implemented certificate profile selection (draft-aaron-acme-profiles-00)
...
https://letsencrypt.org/2025/01/09/acme-profiles/
https://datatracker.ietf.org/doc/html/draft-aaron-acme-profiles-00
Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com >
2025-04-14 18:35:10 +02:00
4ea5081640
renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs ( fixes #963 )
2025-04-11 10:33:07 +02:00
4fd777e87e
Ignore output of 'openssl req -verify'.
...
Newer versions of openssl seem to send the verify outout to stdout instead of
stderr in the past. Ignore that output when retrieving altnames.
2023-12-05 02:36:40 +01:00
e3ef43c816
fix zsh compatibility ( fixes #896 )
2023-01-16 22:41:05 +01:00
67b111a7b0
Replace all escaped slashes in json strings ( closes #866 )
...
${var/pattern/string} will only replace the first occurence. We should
use ${var//pattern/string} to replace all escaped slashes.
2022-10-31 16:27:16 +01:00
fa68ad8b23
improve man page based on feedback from debian-l10n-english ( fixes #873 , closes #875 )
...
Also propagate changes to dehydrated help and README.md
2022-10-31 16:22:04 +01:00
5c4adf6baa
added note about dehydrated irc channel
2022-10-31 15:46:28 +01:00
35bfea55b6
increase dehydrated version for git master use
2022-10-31 15:46:07 +01:00
ea84199863
release 0.7.1 (it finally happened!)
2022-10-31 15:12:38 +01:00
6091ba4bc2
Add missing checks and fix hexdump output ( closes #878 )
2022-10-31 15:12:04 +01:00
6fb8eba56a
implemented workaround for retrying on badNonce errors
2022-09-07 15:09:57 +02:00
19c7fbbf47
egrep is deprecated
...
egrep has been deprecated since 2007 and warns it's obsolete since:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1
Signed-off-by: Simon Deziel <simon@sdeziel.info >
2022-04-07 21:49:56 +02:00
7128e6b63c
rfc8738: fix CN on certs with mixed ip+dns
2022-04-07 01:34:21 +02:00
861f4c733d
rfc8738: only replace ip with reverse dns thingy if tls-alpn-01 is used
2022-04-07 01:33:48 +02:00
ad3f08084c
implemented rfc 8738 support
2022-04-06 22:23:43 +02:00
784fb806c8
really reverted regression in somehow broken array expansion from e963438c..
2021-11-02 09:05:19 +01:00
b2574b16d1
reverted regression in somehow broken array expansion from e963438c ( fixes #850 )
2021-11-02 09:01:00 +01:00
da641588ce
removed old logo
2021-11-01 19:25:17 +01:00
8e6ddf6286
readme and (temporary) logo update
2021-11-01 19:22:50 +01:00
8e5977890a
fix regression from e963438c ( fixes #849 )
2021-11-01 18:57:57 +01:00
radub2012