Tree: c5c9d17885

dependabot/add-v2-config-file

dependabot/cargo/anyhow-1.0.81

dependabot/cargo/async-process-2.1.0

dependabot/cargo/clap-4.5.3

dependabot/cargo/log-0.4.21

dependabot/cargo/nix-0.28.0

dependabot/cargo/openssl-0.10.64

dependabot/cargo/reqwest-0.11.27

dependabot/cargo/serde-1.0.197

dependabot/cargo/serde_json-1.0.114

dependabot/cargo/thiserror-1.0.58

main

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.2.1

v0.20.0

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.8.0

v0.9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'c5c9d17885'

${ noResults }

Commit Graph

42 Commits (c5c9d17885b4784fa8ac6351e1da53f01079eb5b)

 

All Branches   

Search

Author	SHA1	Message	Date
Rodolphe Breard	c5c9d17885	Update the README	6 years ago
Rodolphe Breard	84d2c94bad	Use the base64-encoded account name for file names The account public and private keys are stored in files with names derives from the account name itself. Because the account name may contain characters incompatible with a file name, it needs to be sanitized. Additionally, the account files does not need to be publicly accessed, therefore their name should only be deterministic. This last property allows to use a simple solution for sanitation: encode the name in base64. This way, it is deterministic, unique for each account and only contains safe characters. Note the base64 variant used is, as for the ACME protocol, the one with the URL and filename safe alphabet https://tools.ietf.org/html/rfc4648#section-5	6 years ago
Rodolphe Breard	2c7b716584	Retry request rejected with a recoverable error Some errors, like the badNonce one, are recoverable. Hence, the client is expected to retry. ACMEd will now re-send the associated request until it succeed or the max retries number is reached. Each retry is preceded by a small waiting time in order to let the server recover in case it was faulty.	6 years ago
Rodolphe Breard	f1a3ae6eb7	Update the example config file	6 years ago
Rodolphe Breard	f30663cc7c	Update a test	6 years ago
Rodolphe Breard	9144c26b1f	Allow not to have hooks or groups Before this commit, the configuration would be considered invalid if at least one hook and one group were not present. For obvious reasons, groups, which are simply an ordered aggregation of hooks, should be optional. On the other hand, hooks may seem mandatory since it is the only way to validate a challenge. However, this is false in some circumstances, for example in a test environment when running the client against a test server that does not perform challenge validation. https://github.com/letsencrypt/pebble#skipping-validation	6 years ago
Rodolphe Breard	e2787c3299	Require the explicit terms of service agreement As stated in the RFC 8555, the client should explicitly ask the user for the terms of service agreement. In the case of ACMEd, the retained method is to ask for a `tos_agreed` field to be set to true or false in the configuration. This field has been set in the endpoint object rather than in the account one because the same account can be used on multiple endpoints.	6 years ago
Rodolphe Breard	e66b5a5254	Use account objects instead of an email field Defining an account solely by an email address is not the best strategy since the ACME protocol does not require it and also allows for more contacts information. Although this commit does not change the "one email" policy, it sets the bases so it could evolve in the future.	6 years ago
Rodolphe Breard	9576a0b755	Update the rustc badge	6 years ago
Rodolphe Breard	11255d4275	Update the minimal rustc version	6 years ago
Rodolphe Breard	6258175c5e	Reduce the executable size In release mode, the executable size should be kept to the bare minimum in order to be used in environments with low storage and reduce the data consumption when pre-built packages are downloaded. Because performance is absolutely not needed, it allows to a quite aggressive compiling strategy (opt-level = 'z'). https://doc.rust-lang.org/cargo/reference/manifest.html#the-profile-sections Fixes #1	6 years ago
Rodolphe Breard	99f7ceabec	Remove the `acme-lib` dependency Although the `acme-lib` crate comes very handy when creating a simple ACME client, a more advanced one may not want to use it. First of all, `acme-lib` does not support all of the ACME specification, some very interesting one are not implemented. Also, it does not store the account public key, which does not allow to revoke certificates. In addition to those two critical points, I would also add `acme-lib` has some troubles with its own dependencies: it uses both `openssl` and `ring`, which is redundant and contribute to inflate the size of the binary. Some of the dependencies also makes an excessive use of logging: even if logging is very useful, in some cases it really is too much and debugging becomes a nightmare. ref #1	6 years ago
Rodolphe Breard	5cb3801be0	v0.2.1	6 years ago
Rodolphe Breard	9ff70d2d7f	Fix the invalid CSR generation Due to a bug in the `acme-lib` dependency, the Certificate Signing Request was not built correctly. This issue caused the ACME server to reject such CSR when ordiring more than two domains. algesten/acme-lib#3	6 years ago
Rodolphe Breard	f5adb2f774	Update the version number	6 years ago
Rodolphe Breard	a406cd7e16	v0.2.0	6 years ago
Rodolphe Breard	b8fed59235	Enhance code formatting	6 years ago
Rodolphe Breard	60ece288ec	Wait for a hook to end before starting the next one Not doing so may result in race conditions, hence breaking the promise that hooks are called in sequential order. Also, debug output has been added to the hooks.	6 years ago
Rodolphe Breard	4c8489669f	Update the example configuration file	6 years ago
Rodolphe Breard	ae48966b75	Remove the inappropriate flag conflict There is no reasons why any current log system would be inaccessible when running either in the background or the foreground.	6 years ago
Rodolphe Breard	406424e932	Daemonize the process	6 years ago
Rodolphe Breard	ff9bdb3491	Send logs to syslog	6 years ago
Rodolphe Breard	f4f339b8c2	Add hooks before and after a file is created or edited It is considered a good practice to archive old certificates and private keys instead of simply dropping them away. Because ACMEd should not impose a way of doing things to system administrators, hooks are the way to go.	6 years ago
Rodolphe Breard	558fd63ab5	Rename post_operation_hook to post_operation_hooks	6 years ago
Rodolphe Breard	d0bf5bfc01	Add hook groups Some configurations may require to run the same bunch of hooks for several domains. In order to limit repetition, it is now possible to create a group that will reference to hooks or hook groups.	6 years ago
Rodolphe Breard	a1fe7b6d5f	Handle errors when writing to stdin When hooks are called, there is an option to feed stdin with a custom string. However, if any error happen, the .unwrap() causes the daemon to panic. This fix transforms it into an error than can be handled.	6 years ago
Rodolphe Breard	b3cbeaab4a	Allow to reuse a key pair instead of creating a new one at each renewal The default behavior of most ACME clients is to generate a new key pair at each renewal. While this choice is respectable and perfectly justified in most configuration, it is also quite incompatible with the use of HTTP Public Key Pinning (HPKP). Although HPKP is not wildly supported and sometimes deprecated, users wishing to use it should not be blocked. https://tools.ietf.org/html/rfc7469 https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning	6 years ago
Rodolphe Breard	3a9cbdd926	Fix some stuff in the readme	6 years ago
Rodolphe Breard	27aecdc2a4	Replace the space by %20	6 years ago
Rodolphe Breard	ece0f8dc42	Fix the readme	6 years ago
Rodolphe Breard	fd50694318	Add badges to the readme	6 years ago
Rodolphe Breard	ad5f418f85	Add question about the FOSS	6 years ago
Rodolphe Breard	6c48ef901e	Specify the OpenSSL dependency in the readme	6 years ago
Rodolphe Breard	37d390eea4	Add a travis-ci integration script	6 years ago
Rodolphe Breard	39d73f1b10	Acknowledge the minimal required Rust version	6 years ago
Rodolphe Breard	a6c9a8bf9b	Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/	6 years ago
Rodolphe Breard	8d49775e56	Expand the readme	6 years ago
Rodolphe Breard	df75e35f47	Update the toml dependency	6 years ago
Rodolphe Breard	416be4b219	Fix references in tests	6 years ago
Rodolphe Breard	5753d768f7	Add a README.md file	6 years ago
Rodolphe Breard	051e95ca37	Add a config file example	6 years ago
Rodolphe Breard	4ddefb73a5	Initial commit	6 years ago