starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

[PR #294] [MERGED] Basic implementation for private key rollover #792

New Issue
Closed
opened 2025-12-29 01:29:20 +01:00 by adam · 0 comments
adam commented 2025-12-29 01:29:20 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dehydrated-io/dehydrated/pull/294
Author: @crza
Created: 10/9/2016
Status: Merged
Merged: 10/17/2016
Merged by: @lukas2511

Base: masterHead: keyrollover

📝 Commits (7)

  • 90c60e4 initial commit for PRIVATE_KEY_ROLLOVER
  • adb1c05 fix if syntax
  • 5d96880 rolloverkey without timestamps
  • d85a1c8 update example config: PRIVATE_KEY_ROLLOVER
  • 8b5a9c1 rolloverkey creation logic updated
  • f7f00e1 updated tests. untested.
  • 2770ccb added cleanup for rolloverkeys: if disabled, delete privkey.roll.pem

📊 Changes

3 files changed (+45 additions, -1 deletions)

View changed files

📝 dehydrated (+22 -1)
📝 docs/examples/config (+3 -0)
📝 test.sh (+20 -0)

📄 Description

Hi Lukas!

Implementation of private key rollover
Currently uses $PRIVATE_KEY_ROLLOVER, should work for per-cert config.
To use:
PRIVATE_KEY_RENEW=yes
PRIVATE_KEY_ROLLOVER=yes

An extra private key is created on the first run.
If a rolloverkey and a private key exists, it swaps both.
If PRIVATE_KEY_ROLLOVER is disabled, rollover keys are deleted.

No changes to HOOK-api.

Hacked some CI-tests, but untested.
They should:
a) request a cert, create a private key [A], create a rollover key [B].
b) request a cert (forced), create a private key [C], swap rollover key [B] with private key [C]
c) Check if SHA256 Hash matches with [B](actual private key used on b) should match rollover key in a) )

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dehydrated-io/dehydrated/pull/294 **Author:** [@crza](https://github.com/crza) **Created:** 10/9/2016 **Status:** ✅ Merged **Merged:** 10/17/2016 **Merged by:** [@lukas2511](https://github.com/lukas2511) **Base:** `master` ← **Head:** `keyrollover` --- ### 📝 Commits (7) - [`90c60e4`](https://github.com/dehydrated-io/dehydrated/commit/90c60e4d0964b4a6c5c00acbcdf3bc39061762cb) initial commit for PRIVATE_KEY_ROLLOVER - [`adb1c05`](https://github.com/dehydrated-io/dehydrated/commit/adb1c05ee84c8bdb26f5dcbba949d5e906a518d2) fix if syntax - [`5d96880`](https://github.com/dehydrated-io/dehydrated/commit/5d9688034f2a962edeef9fbc81f5e65f665bbab7) rolloverkey without timestamps - [`d85a1c8`](https://github.com/dehydrated-io/dehydrated/commit/d85a1c87b7ada331404dbbab55aefe50abb85756) update example config: PRIVATE_KEY_ROLLOVER - [`8b5a9c1`](https://github.com/dehydrated-io/dehydrated/commit/8b5a9c11e93d759962f8c81de07dd06d4c9e3ba0) rolloverkey creation logic updated - [`f7f00e1`](https://github.com/dehydrated-io/dehydrated/commit/f7f00e174e65b87c9983158fe5aa4e9c2bf967ad) updated tests. untested. - [`2770ccb`](https://github.com/dehydrated-io/dehydrated/commit/2770ccbbe410771acb9f542619d2df717485dc31) added cleanup for rolloverkeys: if disabled, delete privkey.roll.pem ### 📊 Changes **3 files changed** (+45 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `dehydrated` (+22 -1) 📝 `docs/examples/config` (+3 -0) 📝 `test.sh` (+20 -0) </details> ### 📄 Description Hi Lukas! Implementation of private key rollover Currently uses $PRIVATE_KEY_ROLLOVER, should work for per-cert config. To use: PRIVATE_KEY_RENEW=yes PRIVATE_KEY_ROLLOVER=yes An extra private key is created on the first run. If a rolloverkey and a private key exists, it swaps both. If PRIVATE_KEY_ROLLOVER is disabled, rollover keys are deleted. No changes to HOOK-api. Hacked some CI-tests, but untested. They should: a) request a cert, create a private key [A], create a rollover key [B]. b) request a cert (forced), create a private key [C], swap rollover key [B] with private key [C] c) Check if SHA256 Hash matches with [B](actual private key used on b) should match rollover key in a) ) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-29 01:29:20 +01:00
adam closed this issue 2025-12-29 01:29:20 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#792
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?