76dcfbd528
Add more tests
2020-10-27 10:28:33 +01:00
b93d271f31
Fix flake8
2020-10-27 10:25:31 +01:00
e06bdcf2a3
Implement create_certificate for HTTP-01 challenge
2020-10-27 10:25:31 +01:00
d00dd9d295
Initial structure for ACME http challenge
2020-10-27 10:25:31 +01:00
57534d86cd
Disable account saving by default
2020-10-07 12:28:22 +02:00
eed628dbab
Implement storage of acme account
2020-10-07 12:28:22 +02:00
898b5da661
Add store_account option to acme plugin
2020-10-07 12:28:22 +02:00
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
3a1da72419
nt
2019-04-29 13:57:04 -07:00
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
2a235fb0e2
Prefer DNS provider with longest matching zone
2018-11-30 12:44:52 -08:00
a90154e0ae
LetsEncrypt Celery Flow
2018-11-29 09:29:05 -08:00
75183ef2f2
Unpin most dependencies, and fix moto
2018-11-05 14:37:52 -08:00
9f64f0523b
Increase timeouts
2018-08-17 15:36:56 -07:00
43ae6c39e3
wait right here
2018-08-17 12:14:02 -07:00
be9d683e46
fix merge
2018-08-16 10:15:48 -07:00
da99bcda68
Better zone handling
2018-08-16 10:12:19 -07:00
2c22c9c2f1
Allow proper detection of zones, fix certificate detection
2018-08-14 14:37:45 -07:00
cc836433fb
formatting
2018-08-13 15:06:16 -07:00
5829794d82
typo fix
2018-08-13 14:25:54 -07:00
bb026b8b59
Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider
2018-08-13 14:22:59 -07:00
44192d4494
remove debug print
2018-07-30 15:27:23 -07:00
0889076d3b
Support LetsEncrypt accounts
2018-07-30 15:25:02 -07:00
2a6dda07eb
Show and send error for pending certs
2018-07-27 14:15:14 -07:00
1a02740b67
reformat code (noop)
2018-06-29 15:24:31 -07:00
dda7f54a16
lint
2018-06-19 20:58:00 -07:00
2d33d3e2b8
lint
2018-06-19 20:35:00 -07:00
d50c9c7748
Merge branch 'master' into acme_validation_dns_provider_option
2018-06-19 16:45:25 -07:00
a141b8c5ea
Support concurrent issuance in Route53 for LetsEncrypt
2018-06-19 16:27:58 -07:00
4e72cb96c9
Graceful cancellation of pending cert and order details in log for acme failure
2018-06-14 08:02:34 -07:00
Mathias Petermann
Hossein Shafagh
csine-nflx
csine-nflx
Curtis Castrapel
Kush Bavishi
Curtis Castrapel
Curtis