diff --git a/docs/administration.rst b/docs/administration.rst
index 8f055147..157af478 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -735,6 +735,12 @@ The following configuration properties are required to use the Digicert issuer p
This is the default validity (in years), if no end date is specified. (Default: 1)
+.. data:: DIGICERT_MAX_VALIDITY
+ :noindex:
+
+ This is the maximum validity (in years). (Default: value of DIGICERT_DEFAULT_VALIDITY)
+
+
.. data:: DIGICERT_PRIVATE
:noindex:
@@ -1008,6 +1014,18 @@ The following configuration properties are required to use the PowerDNS ACME Plu
This is the number of times DNS Verification should be attempted (i.e. 20)
+
+.. data:: ACME_POWERDNS_VERIFY
+ :noindex:
+
+ This configures how TLS certificates on the PowerDNS API target are validated. The PowerDNS Plugin depends on the PyPi requests library, which supports the following options for the verify parameter:
+
+ True: Verifies the TLS certificate was issued by a known publicly-trusted CA. (Default)
+
+ False: Disables certificate validation (Not Recommended)
+
+ File/Dir path to CA Bundle: Verifies the TLS certificate was issued by a Certificate Authority in the provided CA bundle.
+
.. _CommandLineInterface:
Command Line Interface
diff --git a/lemur/plugins/lemur_acme/powerdns.py b/lemur/plugins/lemur_acme/powerdns.py
index f3ad9965..a26faaac 100644
--- a/lemur/plugins/lemur_acme/powerdns.py
+++ b/lemur/plugins/lemur_acme/powerdns.py
@@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
def _get(path, params=None):
""" Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
+ verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.get(
f"{base_uri}{path}",
headers=_generate_header(),
params=params,
- verify=True,
+ verify=verify_value
)
resp.raise_for_status()
return resp.json()
@@ -259,9 +260,11 @@ def _get(path, params=None):
def _patch(path, payload):
""" Execute a Patch request on the given URL (base_uri + path) with given payload """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
+ verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.patch(
f"{base_uri}{path}",
data=json.dumps(payload),
- headers=_generate_header()
+ headers=_generate_header(),
+ verify=verify_value
)
resp.raise_for_status()
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 7ac2107f..027add0f 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -140,7 +140,6 @@