Mathias Petermann
bc564b574d
Merge branch 'master' into feature/acme-http-challenge
2020-11-03 09:36:37 +01:00
csine-nflx
a4178ca113
fixing floating comma in CNAME PR
2020-10-29 18:52:22 -07:00
csine-nflx
ca465e3c9e
updating debug string with target_domain
2020-10-29 14:42:51 -07:00
csine-nflx
2b91077d92
updating variables based on feedback
2020-10-29 13:51:22 -07:00
csine-nflx
33a006bbeb
fixing delete with optional validation
2020-10-28 22:24:37 -07:00
csine-nflx
b47667b73e
cname redirection working
2020-10-28 20:51:35 -07:00
csine-nflx
d27f2a53af
Merge branch 'master' of github.com:Netflix/lemur into cname_01
2020-10-28 14:03:23 -07:00
Mathias Petermann
ccf87986c0
Add store_account to AcmeDnsIssuer
2020-10-27 12:15:07 +01:00
Mathias Petermann
4464c5890d
Flake8
2020-10-27 10:37:30 +01:00
Mathias Petermann
812e1dee92
Refactor Acme plugin into AcmeChallenge objects, dns01
2020-10-27 10:37:27 +01:00
Mathias Petermann
b91cebf245
Refactor Acme plugin into AcmeChallenge objects, http01
2020-10-27 10:36:06 +01:00
Mathias Petermann
6c1be02bfa
Remove destination_list from AcmeHttpIssuer
2020-10-27 10:28:34 +01:00
Mathias Petermann
ef0fce2661
Set timeout for finalize to 90s
2020-10-27 10:28:34 +01:00
Mathias Petermann
235653b558
Refactor destination selection for acme-http authorities, to load destinations dynamically
2020-10-27 10:28:34 +01:00
Mathias Petermann
81b078604c
Implement revoke certificate for ACME
2020-10-27 10:28:34 +01:00
Mathias Petermann
41ea59d7e3
Remove unneeded polling
2020-10-27 10:28:33 +01:00
Mathias Petermann
d24fae0bac
Fix permissions on acme token upload, dont append well-known automatically
2020-10-27 10:28:33 +01:00
Mathias Petermann
66cab6abd3
Make http-01 challenge work for SAN certificates
2020-10-27 10:28:33 +01:00
Mathias Petermann
e3e5ef7d66
Refactor AcmeHandler, Move DNS stuff into AcmeDnsHandler
2020-10-27 10:28:33 +01:00
Mathias Petermann
76dcfbd528
Add more tests
2020-10-27 10:28:33 +01:00
Mathias Petermann
b93d271f31
Fix flake8
2020-10-27 10:25:31 +01:00
Mathias Petermann
e06bdcf2a3
Implement create_certificate for HTTP-01 challenge
2020-10-27 10:25:31 +01:00
Mathias Petermann
d00dd9d295
Initial structure for ACME http challenge
2020-10-27 10:25:31 +01:00
csine-nflx
749aa772ba
First change to get CNAME redirection working
2020-10-26 11:57:33 -07:00
Mathias Petermann
57534d86cd
Disable account saving by default
2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab
Implement storage of acme account
2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661
Add store_account option to acme plugin
2020-10-07 12:28:22 +02:00
Hossein Shafagh
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
csine-nflx
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
csine-nflx
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
csine-nflx
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
csine-nflx
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
csine-nflx
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
csine-nflx
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
csine-nflx
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
csine-nflx
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
Hossein Shafagh
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
Curtis Castrapel
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
Kush Bavishi
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis Castrapel
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
Curtis Castrapel
3a1da72419
nt
2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
Curtis Castrapel
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
Curtis Castrapel
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
Curtis Castrapel
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00