moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-13 06:45:24 +01:00
Code Releases Activity
77 Commits 2 Branches 20 Tags 321 KiB
48a55c0dc4
Commit Graph

77 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kishi85
48a55c0dc4 dns.nsupdate: cleanup + typo fixes 2019-02-12 10:09:43 +01:00
Kishi85
02036f5617 Update README 2019-01-22 16:03:08 +01:00
Kishi85
1ce94491fd Fix python3 compatibility 2019-01-22 16:03:08 +01:00
Kishi85
1c939363c0 Automatically download CA from AIA-data in certificate (fixes github.com/moepman/acertmgr/issues/12) 2019-01-22 16:02:39 +01:00
Kishi85
a135bae583 dns: Add DNS challenge handler using RFC2136 dynamic updates 2019-01-22 15:50:47 +01:00
Kishi85
90b25e2f3b configuration: Split into separate module 2019-01-22 15:50:44 +01:00
Kishi85
39855323aa authority: Refactor into classes to allow implementation of other api 2019-01-22 10:03:43 +01:00
Kishi85
cc3bfb55dd modes: Use classes to easily allow different types of challenge handling 2019-01-22 10:03:39 +01:00
Kishi85
622c4866da Automatically create RSA keys if they are missing 2019-01-22 09:27:05 +01:00
Kishi85
93377fd3a9 Refactor and cleanup codebase 2019-01-08 08:12:20 +01:00
David Klaftenegger
2446b1d3d2 Change certificate cache filename to unique hash 
md5 is used because cryptographic strength is irrelevant.
This simply allows storing multiple certificates that have
the same domain name as the first domain in the certificate.
 2019-01-07 20:01:20 +01:00
David Klaftenegger
4766102874 Switch from pyopenssl to cryptography 
The cryptography module is already a dependency of pyopenssl.
This patch thus just drops the dependency on pyopenssl
and somewhat simplifies the code.
 2019-01-07 20:01:17 +01:00
Markus Hauschild
017f55f57c Update agreement URL. 2018-01-14 18:37:27 +01:00
Markus Hauschild
4803376486 Update agreement URL. 2016-09-26 13:10:45 +02:00
Markus Hauschild
60172b7e6e Ingore whitespace in output format definitions. 2016-07-04 20:15:01 +02:00
Ralf Ramsauer
35d9d39b26 Make key location dynamic 
Besides the fact that this removes redundant code, hard coded location
of file is generally no good idea

Also adapt README.md and provide a default location for key files.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-15 12:49:33 +02:00
Markus Hauschild
f6f3180617 Improve and clean up the documentation 2016-04-14 18:52:40 +02:00
David Klaftenegger
6c91b03cc6 Minor code improvements 2016-04-14 08:18:51 +02:00
David Klaftenegger
c8a72094d1 Replace openssl call with pyopenssl 
The last remaining call to openssl is replaced by an equivalent
call to pyopenssl, which returns a similar string.
The regular expressions are changed to deal with the difference
in the string returned.
 2016-04-14 08:18:40 +02:00
David Klaftenegger
c4e1152ed4 Use pyopenssl key format consistently 
Replaces a case where keys were handled manually instead of using
pyopenssl wrappers.
 2016-04-14 08:18:28 +02:00
David Klaftenegger
af17847cac refactoring ACME protocol code 
This patch breaks up the ACME protocol code into functions for account
registration, key/certificate file handling, and helpers for ACME
protocol communication.
 2016-04-14 08:17:50 +02:00
Markus Hauschild
77d3d1caf2 Fix error message wording 2016-04-12 11:55:22 +02:00
Ralf Ramsauer
62a6084905 Adjust permissions of certificates 
For the internal store of certificates in the configuration directory, a
permission of user read only is absolutely sufficient

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:17 +02:00
Ralf Ramsauer
6b7f1ebfe0 acertmgr.py: use os.path.join() instead of string concatenations 
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:12 +02:00
Ralf Ramsauer
b3db2029e0 Readme: Add hint for proper permission setting of keys 
openssl genrsa > foo will allow group and world read. Add a hint that
these permissions should be adjusted.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:06 +02:00
Ralf Ramsauer
4fc23b52d6 Add .gitignore 
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:01 +02:00
David Klaftenegger
2ad472b6b5 remove obsolete import 2016-04-12 11:54:57 +02:00
David Klaftenegger
9624f8c704 Only execute actions once 
instead of once per domain
 2016-04-12 11:54:52 +02:00
David Klaftenegger
dc83df8d97 Prevent failure when target file is missing 2016-04-12 11:54:47 +02:00
David Klaftenegger
6599c49476 Avoid race condition which is triggered when debugging misconfigurations 2016-04-12 11:54:42 +02:00
David Klaftenegger
2dbae6673a Make it a configuration option which ACME authority is used 2016-04-12 11:54:37 +02:00
Markus Hauschild
a8205c47cb Improve documentation 2016-04-12 11:54:15 +02:00
David Klaftenegger
025e238213 handle correctly when no action is defined 2016-04-12 11:54:09 +02:00
David Klaftenegger
db0afbf0b7 Add example for multiple domain names per certificate 
The first name will be the Common Name.
All names will be listed as subject alternate names.
 2016-04-12 11:54:03 +02:00
David Klaftenegger
5ff9f60cdb Documentation: add more examples 2016-04-12 11:53:58 +02:00
David Klaftenegger
625ae67f47 Documentation changes 
acme-tiny is no longer required
ca-file needs to be downloaded

minor fixes of inaccuracies
 2016-04-12 11:53:53 +02:00
David Klaftenegger
3a1a5a62b8 restore python3 compatibility 2016-04-12 11:53:48 +02:00
David Klaftenegger
c2383d1d2c correctly handle multiple domain names 2016-04-12 11:53:43 +02:00
David Klaftenegger
a4c0bd6357 Change copyright information 2016-04-12 11:53:37 +02:00
David Klaftenegger
661115a508 replace acme-tiny 
using a pyopenssl implementation of the same functionality instead
 2016-04-12 11:53:32 +02:00
David Klaftenegger
9dc7941658 Refactor ssl functionality 
use pyopenssl for certificate validty and requests
 2016-04-12 11:53:27 +02:00
David Klaftenegger
e39c3cf298 Refactor webserver into separate file 2016-04-12 11:53:22 +02:00
David Klaftenegger
ffb4fde1c6 Adds support for SubjectAltName in CSR generation 
To use this feature, add multiple domain names in the configuration,
separated by spaces
 2016-04-12 11:53:15 +02:00
Markus Hauschild
53d2ad4bf6 Actually add actions to the set. 2016-04-12 11:53:08 +02:00
David Klaftenegger
f16868bb6c replace target files based on timestamp 
instead of relying on the cached certificate file being updated.
This allows multiple configuration files for the same domain.
To avoid replacing existing entries, the format is changed from
a dictionary to a list, and setting domains in acme.conf is no
longer supported.
 2016-04-12 11:52:57 +02:00
Markus Hauschild
2202fe867b Fix error if default values are empty. 2016-04-12 11:52:29 +02:00
Markus Hauschild
23b70c798c New format: ca to be able to create cert-chains. 2016-04-12 11:52:23 +02:00
Markus Hauschild
0346a6b492 Fix accidentally removed TODO. 2016-04-12 11:52:18 +02:00
Markus Hauschild
2500b044f1 Rename notify to action and execute them only once. 2016-04-12 11:52:12 +02:00
David Klaftenegger
55f340bebd indentation error 
fixes one instance of space-indentation instead of tab-indentation
 2016-04-12 11:52:06 +02:00