This commit adds a new "Profile" column to the output of the `--list` command.
The column displays the value of the `Le_Certificate_Profile` variable stored in each domain's respective configuration file. If a profile is not set for a certificate, the column is left empty.
This enhances the utility of the list command by providing more at-a-glance information about each certificate's configuration, which is particularly useful for CAs that support different certificate profiles.
This commit introduces a new command, `--list-profiles`, to allow users to discover the certificate profiles supported by a Certificate Authority.
The command queries the `meta.profiles` object within the ACME directory JSON for the selected server and formats the output for readability. If a CA does not publish profiles in its directory, the command reports that none were found.
Usage:
acme.sh --list-profiles [--server letsencrypt]
* Fix for empty error objects in response breaking extraction of domain validation types
Fix for empty error objects in the response which mess up the extraction of domain validation types due to the closing brace in the error object prematurely matching the end of the search pattern.
This seems to be a recent change with ZeroSSL in particular where "error":{} is being included in responses.
There could potentially be a related issue if there is a complex error object ever returned in the validation check response where an embedded sub-object could lead to an incomplete extraction of the error message, roughly around line 5040.
Adapted from fix suggested here: https://github.com/acmesh-official/acme.sh/issues/4933#issuecomment-1870499018
* Add new dnsapi support for OpenProvider.eu using new REST API
* Cleanup duplicate debug log output based on DNS test run
* Resolve spellcheck error
* Configure 10 second timeout to ACME_DIRECTORY API call
* add support for AIX style netstat
* add
* fix for wiki
* minor
* minor
* wiki
* wiki
* dnsapi: dns_mydnsjp.sh fix author
The @epgdatacapbon was renamed to @tkmsst
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* dnsapi: dns_ddnss.sh remove RaidenII from authors
He made the DuckDNS script that was used for this script but he can't support the script.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* dnsapi: fix authors: use @ for GitHub profiles
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* dnsapi: dns_vultr.sh remove empty author
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* dnsapi: dns_mijnhost.sh rearrange fields, use user docs instead of API docs
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* dnsapi: fix Structured DNS Info
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* Fix logged typo when running pre hook
* Run post hook when _on_before_issue errors
---------
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Co-authored-by: Ciaran Walsh <ciaran@ciaran-walsh.com>
Co-authored-by: Lambiek12 <algemeen@lambiek12.nl>
Co-authored-by: Erwin Oegema <blablaechthema@hotmail.com>
Co-authored-by: laDanz <cdanzmann@gmail.com>
Co-authored-by: neil <github@neilpang.com>
Co-authored-by: neil <gitpc@neilpang.com>
Co-authored-by: Sergey Ponomarev <stokito@gmail.com>
Co-authored-by: David Beitey <david@davidjb.com>
Co-authored-by: Jan-willem van Kampen <Lambiek12@users.noreply.github.com>
When acme.sh is run as a non-root user different from the owner of the
webroot directory it is unable to change the owner of the files in
.well-known to that user, causing permissions errors. Avoid this by
making the files world-readable.
These files should pose no disclosure risk since they are sent in
cleartext during the HTTP Identifier Validation Challenge[1] and may
already be exposed by directory enumeration, depending on server
settings. AFAIK they should be safe to expose as world-readable in all
cases.
1. https://ietf-wg-acme.github.io/acme/#rfc.section.7.2FixesNeilpang/acme.sh#32
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.
Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.
Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
- New CLI param: --extended-key-usage <string>
- When --extended-key-usage is defined:
1. Set [v3_req]extendedKeyUsage to the provided value.
2. Store the value in domain conf Le_ExtKeyUse for reuse.
Steven Zhu
neil
Jens Spanier
Guillaume PELURE
keryfan
David Beitey
laDanz
Erwin Oegema
Szabolcs Magyar
aafbsd
tomo
Geert Hendrickx
Jan-Piet Mens
Kevin Locke
Ryo ONODERA
PMExtra
William Desportes
3VAbdAVE
oittaa
Vlad-Stefan Harbuz
neil
Matt Mower
annieoxi
Scruel Tao