bc564b574d
Merge branch 'master' into feature/acme-http-challenge
2020-11-03 09:36:37 +01:00
a4178ca113
fixing floating comma in CNAME PR
2020-10-29 18:52:22 -07:00
ca465e3c9e
updating debug string with target_domain
2020-10-29 14:42:51 -07:00
2b91077d92
updating variables based on feedback
2020-10-29 13:51:22 -07:00
33a006bbeb
fixing delete with optional validation
2020-10-28 22:24:37 -07:00
b47667b73e
cname redirection working
2020-10-28 20:51:35 -07:00
d27f2a53af
Merge branch 'master' of github.com:Netflix/lemur into cname_01
2020-10-28 14:03:23 -07:00
ccf87986c0
Add store_account to AcmeDnsIssuer
2020-10-27 12:15:07 +01:00
4464c5890d
Flake8
2020-10-27 10:37:30 +01:00
812e1dee92
Refactor Acme plugin into AcmeChallenge objects, dns01
2020-10-27 10:37:27 +01:00
b91cebf245
Refactor Acme plugin into AcmeChallenge objects, http01
2020-10-27 10:36:06 +01:00
6c1be02bfa
Remove destination_list from AcmeHttpIssuer
2020-10-27 10:28:34 +01:00
ef0fce2661
Set timeout for finalize to 90s
2020-10-27 10:28:34 +01:00
235653b558
Refactor destination selection for acme-http authorities, to load destinations dynamically
2020-10-27 10:28:34 +01:00
81b078604c
Implement revoke certificate for ACME
2020-10-27 10:28:34 +01:00
41ea59d7e3
Remove unneeded polling
2020-10-27 10:28:33 +01:00
d24fae0bac
Fix permissions on acme token upload, dont append well-known automatically
2020-10-27 10:28:33 +01:00
66cab6abd3
Make http-01 challenge work for SAN certificates
2020-10-27 10:28:33 +01:00
e3e5ef7d66
Refactor AcmeHandler, Move DNS stuff into AcmeDnsHandler
2020-10-27 10:28:33 +01:00
76dcfbd528
Add more tests
2020-10-27 10:28:33 +01:00
b93d271f31
Fix flake8
2020-10-27 10:25:31 +01:00
e06bdcf2a3
Implement create_certificate for HTTP-01 challenge
2020-10-27 10:25:31 +01:00
d00dd9d295
Initial structure for ACME http challenge
2020-10-27 10:25:31 +01:00
749aa772ba
First change to get CNAME redirection working
2020-10-26 11:57:33 -07:00
57534d86cd
Disable account saving by default
2020-10-07 12:28:22 +02:00
eed628dbab
Implement storage of acme account
2020-10-07 12:28:22 +02:00
898b5da661
Add store_account option to acme plugin
2020-10-07 12:28:22 +02:00
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
3a1da72419
nt
2019-04-29 13:57:04 -07:00
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
Mathias Petermann
csine-nflx
Hossein Shafagh
csine-nflx
Curtis Castrapel
Kush Bavishi