Authorities (e.g. Let's Encrypt) usually have Terms of Serivce (ToS)
that have to be agreed to. Up until this point we automatically
indicated agreement to those ToS and sent the necessary value.
This commit changes the behaviour to be in line with recommendations
from Let's Encrypt that the user themselves have to indicate their
agreement by no longer automatically doing so (except for cases of
legacy configuration files to provide compatibility).
The user can now indicate ToS agreement by either setting the associated
configuration variable (authority_tos_agreement) to the required value
and/or providing the required value via a command-line parameter
(--authority-tos-agreement=<value>/--tos-agreement=<value>/--tos=<value>)
This adds a few basic command line parameters to allow further
customization of the configuration locations. As well as defining new
default locations for the acertmgr config files and updating the parser
with missing values, so that the config dictionary provided to the
acertmgr process after parsing is complete and no cross reference to the
configuration module is necessary. The parser error handling is also
improved.
md5 is used because cryptographic strength is irrelevant.
This simply allows storing multiple certificates that have
the same domain name as the first domain in the certificate.
Besides the fact that this removes redundant code, hard coded location
of file is generally no good idea
Also adapt README.md and provide a default location for key files.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
The last remaining call to openssl is replaced by an equivalent
call to pyopenssl, which returns a similar string.
The regular expressions are changed to deal with the difference
in the string returned.
This patch breaks up the ACME protocol code into functions for account
registration, key/certificate file handling, and helpers for ACME
protocol communication.
