Kishi85
3570baacda
standalone: Fix server start+stop with multiple handlers
2019-02-12 10:49:52 +01:00
Kishi85
48a55c0dc4
dns.nsupdate: cleanup + typo fixes
2019-02-12 10:09:43 +01:00
Kishi85
02036f5617
Update README
2019-01-22 16:03:08 +01:00
Kishi85
1ce94491fd
Fix python3 compatibility
2019-01-22 16:03:08 +01:00
Kishi85
1c939363c0
Automatically download CA from AIA-data in certificate (fixes github.com/moepman/acertmgr/issues/12)
2019-01-22 16:02:39 +01:00
Kishi85
a135bae583
dns: Add DNS challenge handler using RFC2136 dynamic updates
2019-01-22 15:50:47 +01:00
Kishi85
90b25e2f3b
configuration: Split into separate module
2019-01-22 15:50:44 +01:00
Kishi85
39855323aa
authority: Refactor into classes to allow implementation of other api
2019-01-22 10:03:43 +01:00
Kishi85
cc3bfb55dd
modes: Use classes to easily allow different types of challenge handling
2019-01-22 10:03:39 +01:00
Kishi85
622c4866da
Automatically create RSA keys if they are missing
2019-01-22 09:27:05 +01:00
Kishi85
93377fd3a9
Refactor and cleanup codebase
2019-01-08 08:12:20 +01:00
David Klaftenegger
2446b1d3d2
Change certificate cache filename to unique hash
...
md5 is used because cryptographic strength is irrelevant.
This simply allows storing multiple certificates that have
the same domain name as the first domain in the certificate.
2019-01-07 20:01:20 +01:00
David Klaftenegger
4766102874
Switch from pyopenssl to cryptography
...
The cryptography module is already a dependency of pyopenssl.
This patch thus just drops the dependency on pyopenssl
and somewhat simplifies the code.
2019-01-07 20:01:17 +01:00
017f55f57c
Update agreement URL.
2018-01-14 18:37:27 +01:00
4803376486
Update agreement URL.
2016-09-26 13:10:45 +02:00
60172b7e6e
Ingore whitespace in output format definitions.
2016-07-04 20:15:01 +02:00
Ralf Ramsauer
35d9d39b26
Make key location dynamic
...
Besides the fact that this removes redundant code, hard coded location
of file is generally no good idea
Also adapt README.md and provide a default location for key files.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-15 12:49:33 +02:00
f6f3180617
Improve and clean up the documentation
2016-04-14 18:52:40 +02:00
David Klaftenegger
6c91b03cc6
Minor code improvements
2016-04-14 08:18:51 +02:00
David Klaftenegger
c8a72094d1
Replace openssl call with pyopenssl
...
The last remaining call to openssl is replaced by an equivalent
call to pyopenssl, which returns a similar string.
The regular expressions are changed to deal with the difference
in the string returned.
2016-04-14 08:18:40 +02:00
David Klaftenegger
c4e1152ed4
Use pyopenssl key format consistently
...
Replaces a case where keys were handled manually instead of using
pyopenssl wrappers.
2016-04-14 08:18:28 +02:00
David Klaftenegger
af17847cac
refactoring ACME protocol code
...
This patch breaks up the ACME protocol code into functions for account
registration, key/certificate file handling, and helpers for ACME
protocol communication.
2016-04-14 08:17:50 +02:00
77d3d1caf2
Fix error message wording
2016-04-12 11:55:22 +02:00
Ralf Ramsauer
62a6084905
Adjust permissions of certificates
...
For the internal store of certificates in the configuration directory, a
permission of user read only is absolutely sufficient
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:17 +02:00
Ralf Ramsauer
6b7f1ebfe0
acertmgr.py: use os.path.join() instead of string concatenations
...
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:12 +02:00
Ralf Ramsauer
b3db2029e0
Readme: Add hint for proper permission setting of keys
...
openssl genrsa > foo will allow group and world read. Add a hint that
these permissions should be adjusted.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:06 +02:00
Ralf Ramsauer
4fc23b52d6
Add .gitignore
...
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:01 +02:00
David Klaftenegger
2ad472b6b5
remove obsolete import
2016-04-12 11:54:57 +02:00
David Klaftenegger
9624f8c704
Only execute actions once
...
instead of once per domain
2016-04-12 11:54:52 +02:00
David Klaftenegger
dc83df8d97
Prevent failure when target file is missing
2016-04-12 11:54:47 +02:00
David Klaftenegger
6599c49476
Avoid race condition which is triggered when debugging misconfigurations
2016-04-12 11:54:42 +02:00
David Klaftenegger
2dbae6673a
Make it a configuration option which ACME authority is used
2016-04-12 11:54:37 +02:00
a8205c47cb
Improve documentation
2016-04-12 11:54:15 +02:00
David Klaftenegger
025e238213
handle correctly when no action is defined
2016-04-12 11:54:09 +02:00
David Klaftenegger
db0afbf0b7
Add example for multiple domain names per certificate
...
The first name will be the Common Name.
All names will be listed as subject alternate names.
2016-04-12 11:54:03 +02:00
David Klaftenegger
5ff9f60cdb
Documentation: add more examples
2016-04-12 11:53:58 +02:00
David Klaftenegger
625ae67f47
Documentation changes
...
acme-tiny is no longer required
ca-file needs to be downloaded
minor fixes of inaccuracies
2016-04-12 11:53:53 +02:00
David Klaftenegger
3a1a5a62b8
restore python3 compatibility
2016-04-12 11:53:48 +02:00
David Klaftenegger
c2383d1d2c
correctly handle multiple domain names
2016-04-12 11:53:43 +02:00
David Klaftenegger
a4c0bd6357
Change copyright information
2016-04-12 11:53:37 +02:00
David Klaftenegger
661115a508
replace acme-tiny
...
using a pyopenssl implementation of the same functionality instead
2016-04-12 11:53:32 +02:00
David Klaftenegger
9dc7941658
Refactor ssl functionality
...
use pyopenssl for certificate validty and requests
2016-04-12 11:53:27 +02:00
David Klaftenegger
e39c3cf298
Refactor webserver into separate file
2016-04-12 11:53:22 +02:00
David Klaftenegger
ffb4fde1c6
Adds support for SubjectAltName in CSR generation
...
To use this feature, add multiple domain names in the configuration,
separated by spaces
2016-04-12 11:53:15 +02:00
53d2ad4bf6
Actually add actions to the set.
2016-04-12 11:53:08 +02:00
David Klaftenegger
f16868bb6c
replace target files based on timestamp
...
instead of relying on the cached certificate file being updated.
This allows multiple configuration files for the same domain.
To avoid replacing existing entries, the format is changed from
a dictionary to a list, and setting domains in acme.conf is no
longer supported.
2016-04-12 11:52:57 +02:00
2202fe867b
Fix error if default values are empty.
2016-04-12 11:52:29 +02:00
23b70c798c
New format: ca to be able to create cert-chains.
2016-04-12 11:52:23 +02:00
0346a6b492
Fix accidentally removed TODO.
2016-04-12 11:52:18 +02:00
2500b044f1
Rename notify to action and execute them only once.
2016-04-12 11:52:12 +02:00