acmed

Commit Graph

Author	SHA1	Message	Date
Rodolphe Breard	44c6f99456	ACMEd v0.12.0	4 years ago
Rodolphe Breard	82674904c1	Allow to specify a target in the Makefile	4 years ago
Rodolphe Breard	8c0d208fe5	Add the `openssl_vendored` feature rel #4	4 years ago
Rodolphe Breard	9ec48e7e03	Add the `root_certificates` parameter Being able to define root certificates in the command line is not enough for two reasons: 1. It is always global, you cannot define a root certificate for a specific endpoint. 2. Daemon scripts and unit files are not meant to be changed every time you need to add a root certificate. For those reasons, it is now to possible to define root certificates in the configuration. Those defined in the `global` section will be used on every endpoint, just like those added via the command line. Those defined in an endpoint will be used in this endpoint only.	4 years ago
Rodolphe Breard	de6561cd24	ACMEd v0.12.0	4 years ago
Rodolphe Breard	0db5e6898f	Stop to require the `orders` field on account creation RFC 8555 states that: - when an account is successfully created, the server "returns this account object" (section 7.3); - the `orders` field in account objects is mandatory (section 7.1.2). Despite that, Boulder does not returns the `orders` field when an account is created. This non-standard behavior prevented ACMEd from creating account and testing them for existence. In order to allow ACMEd to retrieve certificates from CAs using Boulder, the `orders` field is no longer mandatory and the account existence is tested when the order is requested. https://github.com/letsencrypt/boulder/issues/3335	4 years ago
Rodolphe Breard	8477d927a1	Add support for NIST P-521 curve and ES512 signatures	4 years ago
Rodolphe Breard	1a1c1bed91	Allow to specify subject attributes for certificates	4 years ago
Rodolphe Breard	0456737458	ACMEd v0.11.0	4 years ago
Rodolphe Breard	2e526f63e2	Update the CHANGELOG	4 years ago
Rodolphe Breard	8c116f0b55	Add external account binding	4 years ago
Rodolphe Breard	51cfd49f08	Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.	4 years ago
Rodolphe Breard	f126ee22d0	ACMEd v0.10.0	4 years ago
Rodolphe Breard	64e7d80f7c	Improve the CHANGELOG	4 years ago
Rodolphe Breard	52fe2c60ba	Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`.	4 years ago
Rodolphe Breard	2f39e798d1	Add Unix style globing for config file inclusion Close #6	4 years ago
Rodolphe Breard	25450aebbf	Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738	4 years ago
Rodolphe Breard	62db048a46	Allow to define a custom delay for renewal	4 years ago
Rodolphe Breard	582593de29	Allow to specify the account key type and signature alg in the config	4 years ago
Rodolphe Breard	a5b59e7ba1	Refactor the Makefile The previous version of the Makefile used features which are specific to GNU Make and therefore does not works on BSD systems. This new version, which is much more simpler, works both on GNU Make and BSD Make (tested on FreeBSD 12.1).	4 years ago
Rodolphe Breard	f2e23b20fd	ACMEd v0.9.0	4 years ago
Rodolphe Breard	d7693fc95f	Update the change log	4 years ago
Rodolphe Breard	501b1aa9d8	Replace `reqwest` by `attohttpc` `reqwest` is a very good crate, however ACMEd does not require most of its functionalities. For this job, `attohttpc` is also great and comes with much less dependencies. rel #1	4 years ago
Rodolphe Breard	da12bf93ba	Add support for user and groups names	4 years ago
Rodolphe Breard	942d0a9ba7	ACMEd v0.8.0	4 years ago
Rodolphe Breard	26ce6fdf40	Refactor the HTTP back-end The previous HTTP back-end was tightly coupled with the threads, which was very inconvenient. It is now completely decoupled so a new threading model may be implemented.	4 years ago
rollniak	4b51b40a44	`Make install` now work with the busybox toolchain.	5 years ago
Rodolphe Breard	8be37b7fc6	ACMEd v0.7.0	5 years ago
Rodolphe Breard	39430009ac	Add internationalized domain names support	5 years ago
Rodolphe Breard	9eda92662d	Allow --pid-file to be used with --foreground The PID file is now always written whether or not ACMEd is running in the foreground. Previously, it was written only when running in the background. Fix #7	5 years ago
Rodolphe Breard	e338469b7a	Fix the type of the externalAccountRequired field	5 years ago
Rodolphe Breard	e6ff3b97ba	Replace * by _ in file names	5 years ago
Rodolphe Breard	8752b0d1d5	ACMEd v0.6.1	5 years ago
Rodolphe Breard	f9a71cbde6	Fix the "foregroung" typo I made the typo once and then copy/pasted it everywhere.	5 years ago
Rodolphe Breard	bdb0dcd05f	Update the change log	5 years ago
Rodolphe Breard	f2be8baebe	ACMEd 0.6.0	6 years ago
Rodolphe Breard	1e6aba52dc	Add rate limits for HTTPS requests	6 years ago
Rodolphe Breard	1cffa14c20	Renew certificates in parallel	6 years ago
Rodolphe Breard	08c9410028	Improve the logging format In order to renew different certificate at the same time, log messages must display which certificate they are referring to.	6 years ago
Rodolphe Breard	4303ed61d7	Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.	6 years ago
Rodolphe Breard	75f79bcef5	Clean the hooks right after the current challenge has been validated Cleaning hooks after the certificate has been retrieved is a mistake since a failure somewhere in the process will prevent all called hook to be cleaned. With the current implementation, only the currently failed hook is left without being cleaned.	6 years ago
Rodolphe Breard	b31a689b26	Fix the http-01-echo default hook	6 years ago
Rodolphe Breard	9c497994d8	Add an option to stop or continue after a failed hook	6 years ago
Rodolphe Breard	6177fffb7e	ACMEd 0.5.0	6 years ago
Rodolphe Breard	c06cb6aad7	Add env variable definition in the global section	6 years ago
Rodolphe Breard	d24c78ee17	Allow to configure per-domain environment variables	6 years ago
Rodolphe Breard	8d9ef17e1c	Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.	6 years ago
Rodolphe Breard	03850d20e6	Add environment variables to hook templates	6 years ago
Rodolphe Breard	73df1bb951	Allow tacd to listen on a unix socket	6 years ago
Rodolphe Breard	7eed211434	Allow the config file to include other files	6 years ago

1 2

74 Commits (913199c10674d26338d09b3d971d7484a069a0f2)