Ralf Ramsauer
6b7f1ebfe0
acertmgr.py: use os.path.join() instead of string concatenations
...
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:12 +02:00
Ralf Ramsauer
b3db2029e0
Readme: Add hint for proper permission setting of keys
...
openssl genrsa > foo will allow group and world read. Add a hint that
these permissions should be adjusted.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:06 +02:00
Ralf Ramsauer
4fc23b52d6
Add .gitignore
...
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2016-04-12 11:55:01 +02:00
David Klaftenegger
2ad472b6b5
remove obsolete import
2016-04-12 11:54:57 +02:00
David Klaftenegger
9624f8c704
Only execute actions once
...
instead of once per domain
2016-04-12 11:54:52 +02:00
David Klaftenegger
dc83df8d97
Prevent failure when target file is missing
2016-04-12 11:54:47 +02:00
David Klaftenegger
6599c49476
Avoid race condition which is triggered when debugging misconfigurations
2016-04-12 11:54:42 +02:00
David Klaftenegger
2dbae6673a
Make it a configuration option which ACME authority is used
2016-04-12 11:54:37 +02:00
a8205c47cb
Improve documentation
2016-04-12 11:54:15 +02:00
David Klaftenegger
025e238213
handle correctly when no action is defined
2016-04-12 11:54:09 +02:00
David Klaftenegger
db0afbf0b7
Add example for multiple domain names per certificate
...
The first name will be the Common Name.
All names will be listed as subject alternate names.
2016-04-12 11:54:03 +02:00
David Klaftenegger
5ff9f60cdb
Documentation: add more examples
2016-04-12 11:53:58 +02:00
David Klaftenegger
625ae67f47
Documentation changes
...
acme-tiny is no longer required
ca-file needs to be downloaded
minor fixes of inaccuracies
2016-04-12 11:53:53 +02:00
David Klaftenegger
3a1a5a62b8
restore python3 compatibility
2016-04-12 11:53:48 +02:00
David Klaftenegger
c2383d1d2c
correctly handle multiple domain names
2016-04-12 11:53:43 +02:00
David Klaftenegger
a4c0bd6357
Change copyright information
2016-04-12 11:53:37 +02:00
David Klaftenegger
661115a508
replace acme-tiny
...
using a pyopenssl implementation of the same functionality instead
2016-04-12 11:53:32 +02:00
David Klaftenegger
9dc7941658
Refactor ssl functionality
...
use pyopenssl for certificate validty and requests
2016-04-12 11:53:27 +02:00
David Klaftenegger
e39c3cf298
Refactor webserver into separate file
2016-04-12 11:53:22 +02:00
David Klaftenegger
ffb4fde1c6
Adds support for SubjectAltName in CSR generation
...
To use this feature, add multiple domain names in the configuration,
separated by spaces
2016-04-12 11:53:15 +02:00
53d2ad4bf6
Actually add actions to the set.
2016-04-12 11:53:08 +02:00
David Klaftenegger
f16868bb6c
replace target files based on timestamp
...
instead of relying on the cached certificate file being updated.
This allows multiple configuration files for the same domain.
To avoid replacing existing entries, the format is changed from
a dictionary to a list, and setting domains in acme.conf is no
longer supported.
2016-04-12 11:52:57 +02:00
2202fe867b
Fix error if default values are empty.
2016-04-12 11:52:29 +02:00
23b70c798c
New format: ca to be able to create cert-chains.
2016-04-12 11:52:23 +02:00
0346a6b492
Fix accidentally removed TODO.
2016-04-12 11:52:18 +02:00
2500b044f1
Rename notify to action and execute them only once.
2016-04-12 11:52:12 +02:00
David Klaftenegger
55f340bebd
indentation error
...
fixes one instance of space-indentation instead of tab-indentation
2016-04-12 11:52:06 +02:00
David Klaftenegger
b396f0bb07
Check result of file metadata changes
...
Changing ownership and permissions is not supported on all filesystems.
This patch prints a warning whenever it fails to set these properties,
but continues without a fatal error.
2016-04-12 11:52:00 +02:00
David Klaftenegger
e8c82197a9
Use whichever python is available
...
The code is not specific to python2, so any python should do
2016-04-12 11:51:54 +02:00
David Klaftenegger
d7ea460ce6
Initial setup documentation
...
Adds a section for the initial motions required to get a acertmgr running
2016-04-12 11:51:48 +02:00
David Klaftenegger
abba505c9f
standalone webserver mode
...
This patch adds the ability to start a simple
webserver that is sufficient to solve the ACME
challenge.
2016-04-12 11:51:42 +02:00
60ae8f2452
Implement cert_put and use live API
2016-04-12 11:51:23 +02:00
554b96cea8
Improve README
2016-04-12 11:51:16 +02:00
29fba6e161
More fine grained TODOs for cert_put
2016-04-12 11:51:09 +02:00
0cc6556df0
Implement check© in cert_get
2016-04-12 11:51:03 +02:00
4089faa997
Improve error handling and tempfile creation
2016-04-12 11:50:56 +02:00
bd8b672e75
Use challenge dir from configuration
2016-04-12 11:50:50 +02:00
David Klaftenegger
a614df5d3a
Add checks for errors during certificate creation
2016-04-12 11:49:47 +02:00
David Klaftenegger
d2a47fbd6a
Fixes exception types
2016-04-12 11:49:36 +02:00
David Klaftenegger
23f9af7c3f
Document python search paths
2016-04-12 11:49:17 +02:00
David Klaftenegger
39720d7fee
Improve checks for required files
2016-04-12 11:49:07 +02:00
0ab3919d73
Acutally invoke acme_tiny (using the staging API)
2016-04-12 11:48:38 +02:00
b1d25d1821
Fix markdown in README
2016-04-12 11:48:29 +02:00
1e745b94ea
More checks (e.g. for acme_tiny)
2016-04-12 11:48:21 +02:00
David Klaftenegger
5c58580585
Adds some different small improvements
...
Add a check that the server key is present
Add a check for temporaty file conflicts
Use python3-compatible functions
Skip more things when there is nothing to be done
Add a few more comments/TODOs
2016-04-12 11:47:22 +02:00
57440e1513
Handle empty domain config
2016-04-12 11:46:57 +02:00
c7efda7b61
Split cert_get into cert_get and cert_put
2016-04-12 11:46:50 +02:00
54787d1513
Refactor cert_isValid, minor improvements
2016-04-12 11:46:42 +02:00
David Klaftenegger
363c69c9b8
Add minor functionality and code comments
2016-04-12 11:45:56 +02:00
c494fc3ba7
Add a security section to README
2016-01-10 15:56:04 +01:00