starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-24 10:01:01 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity
651 Commits 5 Branches 15 Tags
e963438c5a5d58ce3f997eef1e8e25f3cb4238d8
Commit Graph

208 Commits

Author SHA1 Message Date
Lukas Schauer
e963438c5a make shellcheck happy again 2021-10-31 19:33:03 +01:00
Stefaan Ghysels
095165ee96 Only check existing certs when necessary 2021-10-31 19:29:00 +01:00
Simon Deziel
199cd59774 Remove debug echo in command_cleanup() 
Signed-off-by: Simon Deziel <simon@sdeziel.info>
 2021-10-31 19:23:01 +01:00
Brian Bennett
71f6bc617e Better handling around grep/awk 2021-10-31 19:17:49 +01:00
Joao Morais
6ee4ae508e fix command_version on Darwin/macOS 11 
Current output of `uname` on Darwin/macOS 11 is only `Darwin`, which
breaks the premisse used in `command_version()`. This update adds
`Darwin` alongside `BSD`.
 2021-10-31 19:08:52 +01:00
27o
91cccc0c23 ensure newline before new section in openssl.cnf 
openssl.cnf may not end with a newline. The section [SAN] will then not be found as it is added to the last line of openssl.cnf.
 2021-04-23 02:03:23 +02:00
Lukas Schauer
fb06530097 command_sign_csr: redirect fds after init_system (fixes #816) 2021-04-16 14:32:05 +02:00
Lukas Schauer
24f66a3473 generic support for weird curl versions with lower-case headers and no whitespace 2021-03-21 20:51:10 +01:00
joele89
21bff55b7c Updating nonce handler for newer versions of F5 2021-03-21 20:46:31 +01:00
Glenn Strauss
00941472b2 add -t tls-alpn-01 to command line help 2021-02-18 16:56:05 +01:00
Michel Lespinasse
527933db24 Per-certificate config fixes 
- Ensure that all per-certificate settings are saved and restored in
  store_configvars() and reset_configvars() - that's what makes them
  per-certificate in the first place...

- Add OCSP_FETCH and OCSP_DAYS in the documented list of supported
  per-certificate configs, since the code does allow these.
 2021-02-18 16:51:14 +01:00
Nathan Felton
33a421f1e4 Support for LibreSSL version of openssl on macOS 2021-02-18 16:47:24 +01:00
Lukas Schauer
26660e11c7 Fixed small unassigned variable issue 2020-12-12 03:12:13 +01:00
Lukas Schauer
316054ad1c Do not revalidate authorizations on forced renewal 
This commit introduces a new cli argument `--force-validation` which,
when used in combination with `--force` ignores valid domain
authorizations and forces a revalidation.

This has been implemented since at least LE seems to have changed some
behavior on valid authorizations. Only the previously validated
authorization-type is reusable, causing dehydrated to error out when
changing from recently validated authorization types while still trying
to force-renew certificates for whatever reason (e.g. changing algorithms).
 2020-12-12 03:01:59 +01:00
Lukas Schauer
29b67962ac fix CN extraction for older openssl versions 2020-12-11 18:02:51 +01:00
Lukas Schauer
3a7795589b bump changelog for new draft releases 2020-12-10 16:56:13 +01:00
Lukas Schauer
082da2527c preparing for release 0.7.0 2020-12-10 16:54:26 +01:00
Lukas Schauer
e784ba3853 use normal error behaviour for failing http requests (fixes #782) 2020-12-10 16:32:26 +01:00
Lukas Schauer
abd369d062 allow to set domains.txt as cli argument (fixes #678) 2020-12-10 16:07:28 +01:00
Lukas Schauer
174616becd use secp384r1 as default (instead of rsa, fixes #651) 2020-12-10 16:01:08 +01:00
Raphael Hoegger
27fd41d75f adding new CLI Command (--cleanupdelete / -gcd) to cleanup+delete (instead of just moving to /archive) (closes #587) 2020-12-10 14:58:14 +01:00
Lukas Schauer
ea106ef72e allow setting OCSP_FETCH and OCSP_DAYS per certificate config (closes #602, thx @bjacke) 2020-12-10 14:28:30 +01:00
Lukas Schauer
f2d6a6152e cleanup: also remove dangling symlinks 2020-12-10 14:15:07 +01:00
Arnout Vandecappelle (Essensium/Mind)
129ec851ed cleanup: also do cleanup if symlink is broken (closes #667) 
The cleanup command skips filetypes for which the symlink is broken or
doesn't exist. However, if dehydrated fails, we may end up in exactly
the situation that the symlink doesn't exist (yet). If dehydrated fails
repeatedly, we may end up with a lot of old cert.csr, cert.pem and
privkey.pem files, so we really want to be able to clean them up.

Remove all files if the symlink is broken/missing, instead of skipping
those files.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2020-12-10 14:14:35 +01:00
Georg Altmann
835963fa6e make alpn-validation certificates and keys group readable (closes #754, fixes #753) 2020-12-10 14:00:26 +01:00
Daniel Molkentin
829aaeff2d Fix OCSP_FETCH with libressl 
libressl did not pick up the implicit host header patches
of OpenSSL 1.1 even in version 3 and thus exhibits the same
behavior as OpenSSL 1.0.

Patch by Chen, Chih-Chia <pigfoot@gmail.com>

Fixes #778
 2020-12-10 13:52:47 +01:00
Lukas Schauer
481aba7d7b remove quotes from per-cert-config vars to allow for spaces (fixes #789, closes #791) 2020-12-09 20:41:17 +01:00
Lukas Schauer
fbcaac89f9 changed method for parsing issuer cn, fixing compatibility with some openssl versions 2020-12-09 19:38:27 +01:00
Lukas Schauer
589e9f30b3 show available options if preferred chain is not found 2020-11-21 16:19:08 +01:00
Lukas Schauer
f2103340f3 fix spaces in sudo arguments 2020-11-20 17:09:04 +01:00
Daniel Molkentin
7cc9e2d07f add --display-terms to display the URL for the current ToS 
Implements #649
 2020-11-13 20:47:49 +01:00
Lukas Schauer
7dfde364a3 added support for requesting preferred-chain instead of default chain 2020-11-13 20:36:51 +01:00
Lukas Schauer
7d3288f428 one more \s -> [[:space:]] replacement 2020-09-30 11:35:06 +02:00
Jarkko Oranen
e69df6521b Replace \s with [[:space:]] for compatibility 2020-09-30 11:32:23 +02:00
Daniel Molkentin
8ddead4854 Complain about deactivated accounts 2020-09-28 01:15:48 +02:00
Daniel Molkentin
308b3ec750 implement account deactivation through --deactivate parameter 
This is an updated version of https://github.com/lukas2511/dehydrated/files/2641548/dehydrated_add_deactivate_command.diff.txt

Fixes #216
 2020-09-28 01:15:47 +02:00
Daniel Molkentin
39e1068a87 Don't require sudo before we know we really need it 
Fixes #665
 2020-09-27 22:26:20 +02:00
Daniel Molkentin
6d9fcd2588 Do not fail silently with invalid sudo user/group 2020-09-27 22:26:18 +02:00
Daniel Molkentin
60cb678e3b add more CAs, now that support for CA presets is implemented 
- letsencrypt-test (LE staging CA)
- buypass (verified to work with the new json parsing, see #653)
- buypass-test analogously
 2020-09-27 20:41:34 +02:00
Daniel Molkentin
5f8cfa50ba fix OS name detection 
before applying heuristics, use PRETTY_NAME from os-release(3),
which reliably exists on all common linux distributions.

keep the /etc/issue parsing as fallback.
 2020-09-27 20:35:18 +02:00
Lukas Schauer
b3abc41dbe tmpfix: log error if acmev1 validation is denied + fix unbound variable 2020-09-15 17:27:24 +02:00
Lukas Schauer
b3b2fee496 eab: use hex key instead of binary (fixes issue with nullbytes) 2020-09-14 18:59:41 +02:00
Lukas Schauer
416fd0fd1b do not fail on challenge in "processing" state (fixes #759) 2020-09-14 18:31:24 +02:00
Lukas Schauer
142c69dd90 fixed bad typo.. 2020-09-14 18:28:05 +02:00
Lukas Schauer
5fc1175aef EAB + ZeroSSL support 2020-09-14 18:22:36 +02:00
Lukas Schauer
4b91fcf498 read boolean values from json 2020-09-14 18:19:08 +02:00
Lukas Schauer
11323d0727 removed accidental shebang 2020-09-14 18:18:35 +02:00
Lukas Schauer
a9a64c9fd0 use presets for some CAs instead of requiring full urls 2020-09-14 16:37:16 +02:00
j-ed
275fb40ab4 removed tmp file in 'generate_alpn_certificate' function 
Made sure that the temp file will be removed at the end of the function.
 2020-07-05 21:41:12 +02:00
Lukas Schauer
7e92850957 fixed zsh compatibility 2020-07-05 04:13:11 +02:00