Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
304 Commits
12 Branches
27 Tags
2.2 MiB
Tree: d9fdc8cb08
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd9fdc8cb08'
${ noResults }
acmed/man/en/acmed.toml.5

774 lines
23 KiB
Raw Normal View History

ACMEd v0.7.0
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
ACMEd v0.12.0
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow the config file to include other files
6 years ago
Add Unix style globing for config file inclusion Close #6
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add env variable definition in the global section
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add an option to stop or continue after a failed hook
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Fix config key: hook_type -> type
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Allow to specify subject attributes for certificates
4 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Add support for NIST P-521 curve and ES512 signatures
4 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Add support for NIST P-521 curve and ES512 signatures
4 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.
4 years ago
Add external account binding
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document how certificates are identified
5 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Allow to configure per-domain environment variables
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify subject attributes for certificates
4 years ago
Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`.
4 years ago
Allow to specify subject attributes for certificates
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add support for NIST P-521 curve and ES512 signatures
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the CSR's digest algorithm
4 years ago
Allow to specify subject attributes for certificates
4 years ago
Allow to specify the CSR's digest algorithm
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Fix the man pages syntax
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`.
4 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Fix the man pages syntax
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Fix the man pages syntax
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Fix the man pages syntax
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`.
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Fix the man pages syntax
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd September 26, 2020
  8. .Dt ACMED.TOML 5
  9. .Os
  10. .Sh NAME
  11. .Nm acmed.toml
  12. .Nd ACMEd configuration file
  13. .Sh DESCRIPTION
  14. .Nm
  15. is the configuration file for
  16. .Xr acmed 8 .
  17. It is written in the
  18. .Em TOML
  19. format. The allowed elements are described below.
  20. .Bl -tag
  21. .It Ic include
  22. Array containing the path to configuration file to include. The path can be either relative or absolute. If relative, it is relative to the configuration file which included it.
  23. .Pp
  24. In case or overlapping global option definition, the one of the last included file will be used. For example, if a file
  25. .Em A
  26. includes files
  27. .Em B
  28. and
  29. .Em C
  30. and all three defines the same global option, the final value will be the one defined in file
  31. .Em C .
  32. .Pp
  33. Unix style globing is supported.
  34. .It Ic global
  35. Table containing the global configuration options.
  36. .Bl -tag
  37. .It Cm accounts_directory Ar string
  38. Specify the directory where the accounts private and public keys are stored.
  39. .It Cm certificates_directory Ar string
  40. Specify the directory where the certificates and their associated private keys are stored.
  41. .It Cm cert_file_mode Ar integer
  42. Specify the permissions to use for newly-created certificates files. See
  43. .Xr chmod 2
  44. for more details.
  45. .It Cm cert_file_user Ar username|user_id Ft string
  46. Specify the user who will own newly-created certificates files. See
  47. .Xr chown 2
  48. for more details.
  49. .It Cm cert_file_group Ar group_name|group_id Ft string
  50. Specify the group who will own newly-created certificates files. See
  51. .Xr chown 2
  52. for more details.
  53. .It Ic env Ar table
  54. Table of environment variables that will be accessible from hooks.
  55. .It Cm pk_file_mode Ar integer
  56. Specify the permissions to use for newly-created private-key files. See
  57. .Xr chmod 2
  58. for more details.
  59. .It Cm pk_file_user Ar username|user_id Ft string
  60. Specify the user who will own newly-created private-key files. See
  61. .Xr chown 2
  62. for more details.
  63. .It Cm pk_file_group Ar group_name|group_id Ft string
  64. Specify the group who will own newly-created private-key files. See
  65. .Xr chown 2
  66. for more details.
  67. .It Cm renew_delay Ar string
  68. Period of time between the certificate renewal and its expiration date. The format is described in the
  69. .Sx TIME PERIODS
  70. section. Default is 3w.
  71. .El
  72. .It Ic rate-limit
  73. Array of table where each element defines a HTTPS rate limit.
  74. .Bl -tag
  75. .It Cm name Ar string
  76. The name the rate limit is registered under. Must be unique.
  77. .It Cm number Ar integer
  78. Number of requests authorized withing the time period.
  79. .It Cm period Ar string
  80. Period of time during which a maximal number of requests is authorized. The format is described in the
  81. .Sx TIME PERIODS
  82. section.
  83. .El
  84. .It Ic endpoint
  85. Array of table where each element defines a Certificate Authority
  86. .Pq CA
  87. which may be used to request certificates.
  88. .Bl -tag
  89. .It Cm name Ar string
  90. The name the endpoint is registered under. Must be unique.
  91. .It Cm rate_limits Ar array
  92. Array containing the names of the HTTPS rate limits to apply.
  93. .It Cm tos_agreed Ar boolean
  94. Set whether or not the user agrees to the Terms Of Service
  95. .Pq TOS .
  96. .It Cm url Ar string
  97. The endpoint's directory URL.
  98. .It Cm renew_delay Ar string
  99. Period of time between the certificate renewal and its expiration date. The format is described in the
  100. .Sx TIME PERIODS
  101. section. Default is the value defined in the global section.
  102. .El
  103. .It Ic hook
  104. Array of table where each element defines a command that will be launched at a defined point. See section
  105. .Sx WRITING A HOOK
  106. for more details.
  107. .Bl -tag
  108. .It Cm allow_failure Ar boolean
  109. Defines if an error return value for this hook is allowed or not. If not allowed, a failure in this hook will fail the whole certificate request process. Default is false.
  110. .It Cm name Ar string
  111. The name the hook is registered under. Must be unique.
  112. .It Cm type Ar array
  113. Array of strings. Possible types are:
  114. .Bl -dash -compact
  115. .It
  116. challenge-http-01
  117. .It
  118. challenge-http-01-clean
  119. .It
  120. challenge-dns-01
  121. .It
  122. challenge-dns-01-clean
  123. .It
  124. challenge-tls-alpn-01
  125. .It
  126. challenge-tls-alpn-01-clean
  127. .It
  128. file-pre-create
  129. .It
  130. file-pre-edit
  131. .It
  132. file-post-create
  133. .It
  134. file-post-edit
  135. .It
  136. post-operation
  137. .El
  138. .It Ic cmd Ar string
  139. The name of the command that will be launched.
  140. .It Ic args Ar array
  141. Array of strings representing the command's arguments.
  142. .It Ic stdin Ar string
  143. Path to the file that will be written into the command's standard intput. Mutually exclusive with
  144. .Em stdin_str .
  145. .It Ic stdin_str Ar string
  146. String that will be written into the command's standard input. Mutually exclusive with
  147. .Em stdin .
  148. .It Ic stdout Ar string
  149. Path to the file where the command's standard output if written.
  150. .It Ic stderr Ar string
  151. Path to the file where the command's standard error output if written.
  152. .El
  153. .It Ic group
  154. Array of table allowing to group several hooks as one. A group is considered as new hook.
  155. .Bl -tag
  156. .It Cm name Ar string
  157. The name the group is registered under. This name is considered as a hook name. Must be unique.
  158. .It Cm hooks Ar array
  159. Array containing the names of the hooks that are grouped. The hooks are guaranteed to be called sequentially in the declaration order.
  160. .El
  161. .It Ic account
  162. Array of table representing an account on one or several endpoint.
  163. .Bl -tag
  164. .It Ic name Ar string
  165. The name the account is registered under. Must be unique.
  166. .It Ic contacts Ar array
  167. Array of tables describing describing the account holder's contact information. Each table must have one and only one key-value pair. Possible keys and their associated values are:
  168. .Bl -tag
  169. .It Ic mailto Ar string
  170. A mailto URI as defined by
  171. .Em RFC 6068 .
  172. This URI cannot contains neither "hfields" nor more than one "addr-spec" in the "to" component.
  173. .El
  174. .It Cm key_type Ar string
  175. Name of the asymmetric cryptography algorithm used to generate the key pair. Possible values are:
  176. .Bl -dash -compact
  177. .It
  178. rsa2048
  179. .It
  180. rsa4096
  181. .It
  182. ecdsa_p256
  183. .Aq default
  184. .It
  185. ecdsa_p384
  186. .It
  187. ecdsa_p521
  188. .El
  189. .It Cm signature_algorithm Ar string
  190. Name of the signature algorithm used to sign the messages sent to the endpoint as defined in
  191. .Em RFC 7518 .
  192. The default value is derived from the key type. Possible values are:
  193. .Bl -dash -compact
  194. .It
  195. RS256
  196. .It
  197. ES256
  198. .It
  199. ES384
  200. .It
  201. ES512
  202. .El
  203. .It Ic env Ar table
  204. Table of environment variables that will be accessible from hooks.
  205. .It Ic hooks Ar array
  206. Names of hooks that will be called during operations on the account storage file. The hooks are guaranteed to be called sequentially in the declaration order.
  207. .It Ic external_account Ar table
  208. Table containing the information required to bind the account to an external one. Possible fields and values are:
  209. .Bl -tag
  210. .It Ic identifier Ar string
  211. ASCII string identifying the key.
  212. .It Ic key Ar string
  213. Private key encoded in base64url without padding.
  214. .It Ic signature_algorithm Ar string
  215. Name of the signature algorithm used to sign the external account binding message sent to the endpoint as defined in
  216. .Em RFC 7518 .
  217. Possible values are:
  218. .Bl -dash -compact
  219. .It
  220. HS256
  221. .Aq default
  222. .It
  223. HS384
  224. .It
  225. HS512
  226. .El
  227. .El
  228. .El
  229. .It Ic certificate
  230. Array of table representing a certificate that will be requested to a CA.
  231. .Pp
  232. Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
  233. .Bl -tag
  234. .It Ic account Ar string
  235. Name of the account to use.
  236. .It Ic endpoint Ar string
  237. Name of the endpoint to use.
  238. .It Ic env Ar table
  239. Table of environment variables that will be accessible from hooks.
  240. .It Ic identifiers Ar array
  241. Array of tables listing the identifiers that should be included in the certificate along with the challenge to use for each one. The
  242. .Em dns
  243. and
  244. .Em ip
  245. fields are mutually exclusive.
  246. .Bl -tag
  247. .It Ic challenge Ar string
  248. The name of the challenge to use to prove the identifier's ownership. Possible values are:
  249. .Bl -dash -compact
  250. .It
  251. http-01
  252. .It
  253. dns-01
  254. .It
  255. tls-alpn-01
  256. .El
  257. .It Ic dns Ar string
  258. The domain name.
  259. .It Ic ip Ar string
  260. The IP address.
  261. .It Ic env Ar table
  262. Table of environment variables that will be accessible from hooks.
  263. .El
  264. .It subject_attributes Ar table
  265. Table where the certificate's subject attributes are specified. Possible keys are:
  266. .Bl -dash -compact
  267. .It
  268. country_name
  269. .It
  270. locality_name
  271. .It
  272. state_or_province_name
  273. .It
  274. street_address
  275. .It
  276. organization_name
  277. .It
  278. organizational_unit_name
  279. .It
  280. name
  281. .It
  282. given_name
  283. .It
  284. initials
  285. .It
  286. title
  287. .It
  288. surname
  289. .It
  290. pseudonym
  291. .It
  292. generation_qualifier
  293. .It
  294. friendly_name
  295. .El
  296. .It Ic key_type Ar string
  297. Name of the asymmetric cryptography algorithm used to generate the certificate's key pair. Possible values are:
  298. .Bl -dash -compact
  299. .It
  300. rsa2048
  301. .Aq default
  302. .It
  303. rsa4096
  304. .It
  305. ecdsa_p256
  306. .It
  307. ecdsa_p384
  308. .It
  309. ecdsa_p521
  310. .El
  311. .It Ic csr_digest Ar string
  312. Name of the certificate's signing request digest algorithm. Possible values are:
  313. .Bl -dash -compact
  314. .It
  315. sha256
  316. .Aq default
  317. .It
  318. sha384
  319. .It
  320. sha512
  321. .El
  322. .It Ic kp_reuse Ar boolean
  323. Set whether or not the private key should be reused when renewing the certificate. Default is false.
  324. .It Ic directory Ar string
  325. Path to the directory where certificates and their associated private keys are stored.
  326. .It Ic hooks Ar array
  327. Names of hooks that will be called when requesting a new certificate. The hooks are guaranteed to be called sequentially in the declaration order.
  328. .It Cm renew_delay Ar string
  329. Period of time between the certificate renewal and its expiration date. The format is described in the
  330. .Sx TIME PERIODS
  331. section. Default is the value defined in the associated endpoint.
  332. .El
  333. .El
  334. .Sh WRITING A HOOK
  335. When requesting a certificate from a CA using ACME, there are three steps that are hard to automatize. The first one is solving challenges in order to prove the ownership of every identifier to be included: it requires to interact with the configuration of other services, hence depends on how the infrastructure works. The second one is restarting all the services that use a given certificate, for the same reason. The last one is archiving: although several default methods can be implemented, sometimes admins wants or are required to do it in a different way.
  336. .Pp
  337. In order to allow full automation of the three above steps without imposing arbitrary restrictions or methods,
  338. .Xr acmed 8
  339. uses hooks. Fundamentally, a hook is a command line template that will be called at a specific time of the process. Such an approach allows admins to use any executable script or program located on the machine to customize the process.
  340. .Pp
  341. For a given certificate, hooks are guaranteed to be called sequentially in the declaration order. It is therefore possible to have a hook that depends on another one. Nevertheless, several certificates may be renewed at the same time. Hence, hooks shall not use globing or any other action that may disrupt hooks called by a different certificate.
  342. .Pp
  343. A hook has a type that will influence both the moment it is called and the available template variables. It is possible to declare several types. In such a case, the hook will be invoked whenever one of its type request it. When called, the hook only have access to template variable for the current type. If a hook uses a template variable that does not exists for the current type it is invoked for, the variable is empty.
  344. .Pp
  345. When writing a hook, the values of
  346. .Em args ,
  347. .Em stdin ,
  348. .Em stdin_str ,
  349. .Em stdout
  350. and
  351. .Em stderr
  352. are considered as template strings whereas
  353. .Em cmd
  354. is not. The template syntax is
  355. .Em Handlebars .
  356. See the
  357. .Sx STANDARDS
  358. section for a link to the
  359. .Em Handlebars
  360. specifications.
  361. .Pp
  362. The available types and the associated template variable are described below.
  363. .Bl -tag
  364. .It Ic challenge-http-01
  365. Invoked when the ownership of an identifier must be proved using the
  366. .Em http-01
  367. challenge. The available template variables are:
  368. .Bl -tag -compact
  369. .It Cm challenge Ar string
  370. The name of the challenge type
  371. .Aq http-01 .
  372. Mostly used in hooks with multiple types.
  373. .It Cm identifier Ar string
  374. The identifier name whom ownership is currently being validated.
  375. .It Cm identifier_tls_alpn Ar string
  376. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  377. .It Cm env Ar array
  378. Array containing all the environment variables.
  379. .It Cm file_name Ar string
  380. Name of the file containing the proof. This is not a full path and does not include the
  381. .Ql .well-known/acme-challenge/
  382. prefix.
  383. .It Cm is_clean_hook Ar bool
  384. False
  385. .It Cm proof Ar string
  386. The content of the proof that must be written to
  387. .Em file_name .
  388. .El
  389. .It Ic challenge-http-01-clean
  390. Invoked once an identifier ownership has been proven using the
  391. .Em http-01
  392. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  393. .Em challenge-http-01
  394. hook, excepted
  395. .Em is_clean_hook
  396. which is set to
  397. .Em true .
  398. .It Ic challenge-dns-01
  399. Invoked when the ownership of an identifier must be proved using the
  400. .Em dns-01
  401. challenge. The available template variables are:
  402. .Bl -tag -compact
  403. .It Cm challenge Ar string
  404. The name of the challenge type
  405. .Aq dns-01 .
  406. Mostly used in hooks with multiple types.
  407. .It Cm identifier Ar string
  408. The identifier name whom ownership is currently being validated.
  409. .It Cm identifier_tls_alpn Ar string
  410. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  411. .It Cm env Ar array
  412. Array containing all the environment variables.
  413. .It Cm is_clean_hook Ar bool
  414. False
  415. .It Cm proof Ar string
  416. The content of the proof that must be written to a
  417. .Ql TXT
  418. entry of the DNS zone for the
  419. .Ql _acme-challenge
  420. subdomain.
  421. .El
  422. .It Ic challenge-dns-01-clean
  423. Invoked once an identifier ownership has been proven using the
  424. .Em dns-01
  425. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  426. .Em challenge-dns-01
  427. hook, excepted
  428. .Em is_clean_hook
  429. which is set to
  430. .Em true .
  431. .It Ic challenge-tls-alpn-01
  432. Invoked when the ownership of an identifier must be proved using the
  433. .Em tls-alpn-01
  434. challenge. The available template variables are:
  435. .Bl -tag -compact
  436. .It Cm challenge Ar string
  437. The name of the challenge type
  438. .Aq tls-alpn-01 .
  439. Mostly used in hooks with multiple types.
  440. .It Cm identifier Ar string
  441. The identifier name whom ownership is currently being validated.
  442. .It Cm identifier_tls_alpn Ar string
  443. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  444. .It Cm env Ar array
  445. Array containing all the environment variables.
  446. .It Cm is_clean_hook Ar bool
  447. False
  448. .It Cm proof Ar string
  449. Plain-text representation of the
  450. .Em acmeIdentifier
  451. extension that should be used in the self-signed certificate presented when a TLS connection is initiated with the
  452. .Qd acme-tls/1
  453. ALPN extension value.
  454. .Xr acmed 8
  455. will not generate the certificate itself since it can be done using
  456. .Xr tacd 8 .
  457. .El
  458. .It Ic challenge-tls-alpn-01-clean
  459. Invoked once an identifier ownership has been proven using the
  460. .Em tls-alpn-01
  461. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  462. .Em challenge-tls-alpn-01
  463. hook, excepted
  464. .Em is_clean_hook
  465. which is set to
  466. .Em true .
  467. .It Ic file-pre-create
  468. Invoked
  469. .Em before
  470. a non-existent file
  471. .Em created .
  472. The available template variables are:
  473. .Bl -tag -compact
  474. .It Cm env Ar array
  475. Array containing all the environment variables.
  476. .It Cm file_directory Ar string
  477. Name of the directory where the impacted file is located.
  478. .It Cm file_name Ar string
  479. Name of the impacted file.
  480. .It Cm file_path Ar string
  481. Full path to the impacted file.
  482. .El
  483. .It Ic file-pre-edit
  484. Invoked
  485. .Em before
  486. an existent file
  487. .Em modified .
  488. The available template variables are the same as those available for the
  489. .Em file-pre-create
  490. type.
  491. .It Ic file-post-create
  492. Invoked
  493. .Em after
  494. a non-existent file
  495. .Em created .
  496. The available template variables are the same as those available for the
  497. .Em file-pre-create
  498. type.
  499. .It Ic file-post-edit
  500. Invoked
  501. .Em after
  502. an existent file
  503. .Em modified .
  504. The available template variables are the same as those available for the
  505. .Em file-pre-create
  506. type.
  507. .It Ic post-operation
  508. Invoked at the end of the certificate request process. The available template variables are:
  509. .Bl -tag -compact
  510. .It Cm key_type Ar string
  511. Name of the asymmetric cryptography algorithm used to generate the certificate's key pair.
  512. .It Cm identifiers Ar string
  513. Array containing the identifiers included in the requested certificate.
  514. .It Cm env Ar array
  515. Array containing all the environment variables.
  516. .It Cm is_success Ar boolean
  517. True if the certificate request is successful.
  518. .It Cm status Ar string
  519. Human-readable status. If the certificate request failed, it contains the error description.
  520. .El
  521. .El
  522. .Sh DEFAULT HOOKS
  523. Because many people have the same needs, ACMEd comes with a set of hooks that should serve most situations. Hook names being unique, the following names and any other name starting by those is reserved and should not be used.
  524. .Bl -tag
  525. .It Pa git
  526. This hook uses
  527. .Xr git 1
  528. to archive private keys, public keys and certificates. It is possible to customize the commit username and email by using respectively the
  529. .Ev GIT_USERNAME
  530. and
  531. .Ev GIT_EMAIL
  532. environment variables.
  533. .It Pa http-01-echo
  534. This hook is designed to solve the http-01 challenge. For this purpose, it will write the proof into
  535. .Pa {{env.HTTP_ROOT}}/{{identifier}}/.well-known/acme-challenge/{{file_name}} .
  536. .Pp
  537. The web server must be configured so the file
  538. .Pa http://{{identifier}}/.well-known/acme-challenge/{{file_name}}
  539. can be accessed from the CA.
  540. .Pp
  541. If
  542. .Ev HTTP_ROOT
  543. is not specified, it will be set to
  544. .Pa /var/www .
  545. .It Pa tls-alpn-01-tacd-tcp
  546. This hook is designed to solve the tls-alpn-01 challenge using
  547. .Xr tacd 8 .
  548. It requires
  549. .Xr pkill 1
  550. to support the
  551. .Em -F
  552. option.
  553. .Pp
  554. .Xr tacd 8
  555. will listen on the host defined by the
  556. .Ev TACD_HOST
  557. environment variable (default is the identifier to be validated) and on the port defined by the
  558. .Ev TACD_PORT
  559. environment variable (default is 5001).
  560. .Pp
  561. .Xr tacd 8
  562. will store its pid into
  563. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  564. If
  565. .Ev TACD_PID_ROOT
  566. is not specified, it will be set to
  567. .Pa /run .
  568. .It Pa tls-alpn-01-tacd-unix
  569. This hook is designed to solve the tls-alpn-01 challenge using
  570. .Xr tacd 8 .
  571. It requires
  572. .Xr pkill 1
  573. to support the
  574. .Em -F
  575. option.
  576. .Pp
  577. .Xr tacd 8
  578. will listen on the unix socket
  579. .Pa {{env.TACD_SOCK_ROOT}}/tacd_{{identifier}}.sock .
  580. If
  581. .Ev TACD_SOCK_ROOT
  582. is not specified, it will be set to
  583. .Pa /run .
  584. .Pp
  585. .Xr tacd 8
  586. will store its pid into
  587. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  588. If
  589. .Ev TACD_PID_ROOT
  590. is not specified, it will be set to
  591. .Pa /run .
  592. .El
  593. .Sh TIME PERIODS
  594. ACMEd uses its own time period format, which is vaguely inspired by the ISO 8601 one. Periods are formatted as
  595. .Ar PM[PM...]
  596. where
  597. .Ar M
  598. is case sensitive character representing a length and
  599. .Ar P
  600. is an integer representing a multiplayer for the following length. The authorized length are:
  601. .Bl -dash -compact
  602. .It
  603. .Ar s :
  604. second
  605. .It
  606. .Ar m :
  607. minute
  608. .It
  609. .Ar h :
  610. hour
  611. .It
  612. .Ar d :
  613. day
  614. .It
  615. .Ar w :
  616. week
  617. .El
  618. The
  619. .Ar PM
  620. couples can be specified multiple times and in any order.
  621. .Pp
  622. For example,
  623. .Dq 1d42s and
  624. .Dq 40s20h4h2s
  625. both represents a period of one day and forty-two seconds.
  626. .Sh FILES
  627. .Bl -tag
  628. .It Pa /etc/acmed/acmed.toml
  629. Default
  630. .Xr acmed 8
  631. configuration file.
  632. .It Pa /etc/acmed/accounts
  633. Default accounts private and public keys directory.
  634. .It Pa /etc/acmed/certs
  635. Default certificates and associated private keys directory.
  636. .El
  637. .Sh EXAMPLES
  638. The following example defines a typical endpoint, account and certificate for a domain, several subdomains and an IP address.
  639. .Bd -literal -offset indent
  640. [[endpoint]]
  641. name = "example name"
  642. url = "https://acme.example.org/directory"
  643. tos_agreed = true
  645. [[account]]
  646. name = "my test account"
  647. email = "certs@exemple.net"
  649. [[certificate]]
  650. endpoint = "example name"
  651. account = "my test account"
  652. identifiers = [
  653. { dns = "exemple.net", challenge = "http-01"},
  654. { dns = "1.exemple.net", challenge = "dns-01"},
  655. { dns = "2.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5010"},
  656. { dns = "3.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5011"},
  657. { ip = "203.0.113.1", challenge = "http-01"},
  658. ]
  659. hooks = ["git", "http-01-echo", "tls-alpn-01-tacd-tcp", "some-dns-01-hook"]
  660. env.HTTP_ROOT = "/srv/http"
  661. .Ed
  662. .Pp
  663. It is possible to use
  664. .Xr echo 1
  665. to solve the
  666. .Em http-01
  667. challenge and
  668. .Xr rm 1
  669. to clean it.
  670. .Xr mkdir 1
  671. and
  672. .Xr chmod 1
  673. are used to prevent issues related to file access.
  674. .Bd -literal -offset indent
  675. [[hook]]
  676. name = "http-01-echo-mkdir"
  677. type = ["challenge-http-01"]
  678. cmd = "mkdir"
  679. args = [
  680. "-m", "0755",
  681. "-p", "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge"
  682. ]
  684. [[hook]]
  685. name = "http-01-echo-echo"
  686. type = ["challenge-http-01"]
  687. cmd = "echo"
  688. args = ["{{proof}}"]
  689. stdout = "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  691. [[hook]]
  692. name = "http-01-echo-chmod"
  693. type = ["challenge-http-01-clean"]
  694. cmd = "chmod"
  695. args = [
  696. "a+r",
  697. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  698. ]
  700. [[hook]]
  701. name = "http-01-echo-clean"
  702. type = ["challenge-http-01-clean"]
  703. cmd = "rm"
  704. args = [
  705. "-f",
  706. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  707. ]
  708. .Ed
  709. .Pp
  710. The hooks from the previous example can be grouped in order to reduce the number of hooks to define in the certificate.
  711. .Bd -literal -offset indent
  712. [[group]]
  713. name = "http-01-echo-var-www"
  714. hooks = [
  715. "http-01-echo-mkdir",
  716. "http-01-echo-echo",
  717. "http-01-echo-chmod",
  718. "http-01-echo-clean"
  719. ]
  721. [[certificate]]
  722. # Some fields omitted
  723. hooks = ["http-01-echo"]
  724. env.HTTP_ROOT = "/srv/http"
  725. .Ed
  726. .Pp
  727. It is also possible to use
  728. .Xr sendmail 8
  729. in a hook in order to notif someone when the certificate request process is done.
  730. .Bd -literal -offset indent
  731. [[hook]]
  732. name = "email-report"
  733. type = ["post-operation"]
  734. cmd = "sendmail"
  735. args = [
  736. "-f", "noreply.certs@example.net",
  737. "contact@example.net"
  738. ]
  739. stdin_str = """Subject: Certificate renewal {{#if is_success}}succeeded{{else}}failed{{/if}} for {{identifiers.[0]}}
  741. The following certificate has {{#unless is_success}}*not* {{/unless}}been renewed.
  742. identifiers: {{#each identifiers}}{{#if @index}}, {{/if}}{{this}}{{/each}}
  743. key type: {{key_type}}
  744. status: {{status}}"""
  745. .Ed
  746. .Sh SEE ALSO
  747. .Xr acmed 8 ,
  748. .Xr tacd 8
  749. .Sh STANDARDS
  750. .Bl -hyphen
  751. .It
  752. .Rs
  753. .%A Tom Preston-Werner
  754. .%D July 2018
  755. .%T TOML v0.5.0
  756. .%U https://github.com/toml-lang/toml
  757. .Re
  758. .It
  759. .Rs
  760. .%A Yehuda Katz
  761. .%T Handlebars
  762. .%U https://handlebarsjs.com/
  763. .Re
  764. .It
  765. .Rs
  766. .%A M. Jones
  767. .%D May 2015
  768. .%R RFC 7518
  769. .%T JSON Web Algorithms (JWA)
  770. .Re
  771. .El
  772. .Sh AUTHORS
  773. .An Rodolphe Bréard
  774. .Aq rodolphe@breard.tf