The cleanup command skips filetypes for which the symlink is broken or
doesn't exist. However, if dehydrated fails, we may end up in exactly
the situation that the symlink doesn't exist (yet). If dehydrated fails
repeatedly, we may end up with a lot of old cert.csr, cert.pem and
privkey.pem files, so we really want to be able to clean them up.
Remove all files if the symlink is broken/missing, instead of skipping
those files.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libressl did not pick up the implicit host header patches
of OpenSSL 1.1 even in version 3 and thus exhibits the same
behavior as OpenSSL 1.0.
Patch by Chen, Chih-Chia <pigfoot@gmail.com>
Fixes#778
before applying heuristics, use PRETTY_NAME from os-release(3),
which reliably exists on all common linux distributions.
keep the /etc/issue parsing as fallback.
We store the account URL on account creation in the account_id.json file.
When reading the file, if the attribute is missing, we retrieve the account URL
from the CA ( https://tools.ietf.org/html/rfc8555#section-7.3.1 ) and edit the
file.
Per https://tools.ietf.org/html/rfc8555#section-7.3
> The server returns this account object in a 201 (Created) response, with the
> account URL in a Location header field. The account URL is used as the "kid"
> value in the JWS authenticating subsequent requests by this account (see
> Section 6.2). The account URL is also used for requests for management
> actions on this account, as described below.
Per https://tools.ietf.org/html/rfc8555#section-7.1.3
> status (required, string): The status of this order. Possible values are
> "pending", "ready", "processing", "valid", and "invalid". See Section 7.1.6.
Per https://tools.ietf.org/html/rfc8555#section-7.5.1
> The client indicates to the server that it is ready for the challenge
> validation by sending an empty JSON body ("{}") carried in a POST
> request to the challenge URL (not the authorization URL).
Lukas Schauer