Tree: eabcddb0af

dependabot/add-v2-config-file

dependabot/cargo/anyhow-1.0.81

dependabot/cargo/async-process-2.1.0

dependabot/cargo/clap-4.5.3

dependabot/cargo/log-0.4.21

dependabot/cargo/nix-0.28.0

dependabot/cargo/openssl-0.10.64

dependabot/cargo/reqwest-0.11.27

dependabot/cargo/serde-1.0.197

dependabot/cargo/serde_json-1.0.114

dependabot/cargo/thiserror-1.0.58

main

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.2.1

v0.20.0

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.8.0

v0.9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'eabcddb0af'

${ noResults }

Commit Graph

237 Commits (eabcddb0af7e96b9ebf935c7c4e07e78959cea1a)

 

All Branches   

Search

Author	SHA1	Message	Date
Rodolphe Breard	03850d20e6	Add environment variables to hook templates	6 years ago
Rodolphe Breard	73df1bb951	Allow tacd to listen on a unix socket	6 years ago
Rodolphe Breard	b7c3e4d381	Add default hooks	6 years ago
Rodolphe Breard	7eed211434	Allow the config file to include other files	6 years ago
Rodolphe Breard	2eff6cd799	Display a warning when fetching order or an authorization Orders and authorization can both contain an error which can, for example, help an user to fix a broken hook. It is therefore very useful to display it. Plus, when pooling one of those objects, having an error does not mean we should stop pooling since the error may be temporary.	6 years ago
Rodolphe Breard	03b24a0a55	Update dependencies before building	6 years ago
Rodolphe Breard	d1d393f7a6	ACMEd 0.4.0	6 years ago
Rodolphe Breard	cd391ffdaf	Fix the OpenSSL time parsing ACMEd was not able to parse some possible time representation, which could cause a certificate not being renewed at all. This commit support all current known outputs. https://github.com/openssl/openssl/blob/master/crypto/asn1/a_time.c	6 years ago
Rodolphe Breard	d0783970c8	Renew a certificate that does not include all domains At some point, someone may add new domains to an existing certificate. In such case, this certificate should be renewed as soon as possible instead of upon expiration.	6 years ago
Rodolphe Breard	a59a909cc6	Format code	6 years ago
Rodolphe Breard	a0e3c80e51	Add the is_clean_hook variable to challenge hooks	6 years ago
Rodolphe Breard	2d5e3969e1	Add the is_success variable to post-operation hooks	6 years ago
Rodolphe Breard	65b97800c1	Fix the man build	6 years ago
Rodolphe Breard	d334f5ff2e	Fix the Makefile install path	6 years ago
Rodolphe Breard	ed9bd8aaf2	Fix a typo	6 years ago
Rodolphe Breard	36fc78d619	Update the changelog	6 years ago
Rodolphe Breard	5e252d8b17	Forbid unknown configuration fields If a configuration field has a typo in its name, the configuration should show an error message instead of silently ignoring this field, which could create unwanted behavior.	6 years ago
Rodolphe Breard	d71f4ff405	Add tests for rustc 1.33.0	6 years ago
Rodolphe Breard	548f96e18c	Remove the undocumented ChallengeHookData::algorithm field	6 years ago
Rodolphe Breard	bc3bbd9c91	Allow to customize installation directories	6 years ago
Rodolphe Breard	f2e048c15c	Add a Makefile	6 years ago
Rodolphe Breard	c6037861f4	Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.	6 years ago
Rodolphe Breard	e0d260ca8c	Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc	6 years ago
Rodolphe Breard	1c65795e2b	Add build instruction for Debian-based systems	6 years ago
Rodolphe Breard	04fe98be75	Fix the example config file	6 years ago
Rodolphe Breard	163bb86d5d	Remove the now unused challenge field in the example config file	6 years ago
Rodolphe Breard	c5c372071f	Update the CHANGELOG	6 years ago
Rodolphe Breard	ed547f6a46	Update the README	6 years ago
Rodolphe Breard	0e15cc69e4	Fix the syntax error in the example configuration file	6 years ago
Rodolphe Breard	80e91cecd1	v0.3.0	6 years ago
Rodolphe Breard	6067f52c7e	Add tacd to the CHANGELOG	6 years ago
Rodolphe Breard	8a0dd48cbd	Merge branch 'root_cert'	6 years ago
Rodolphe Breard	644484cb31	Change the hook and domains definitions The previous system was too limited when it comes to flexibility using hooks. This limitation came from the false idea that, for a given certificate, all challenges must be validated with the same method. In order to prove that false, domains in a certificate can now make use of any challenge type available. In order to be more flexible, hooks are now given a type and are defined in the same registry (instead of 6). Each one will be called when considered relevant based on its type.	6 years ago
Rodolphe Breard	447d1f848f	Add an option to specify new trusted root certificates Sometimes, it is not possible to use certificates signed by a known certificate authority. Hence, in order to prevent a TLS error, it is required to explicitly add a new trusted root certificate. This is the case with Pebble, which provides the certificate. https://github.com/letsencrypt/pebble#avoiding-client-https-errors	6 years ago
Rodolphe Breard	b8aa782dd2	Use the native openssl methods for SAN construction The openssl crate does support having multiple DNS entries in the SAN extension, there is no need to re-implement it.	6 years ago
Rodolphe Breard	c632f952ed	Support OpenSSL 1.0 AlpnError::ALERT_FATAL has been added in OpenSSL 1.1.0, hence build will fail on any previous version. This commit allows older versions to fall back to AlpnError::NOACK instead.	6 years ago
Rodolphe Breard	261e0e50fd	Change the Ubuntu distribution for Travis CI By default, Travis CI builds and run the tests on Ubuntu 14.04 LTS (Trusty Tahr), which has OpenSSL 1.0.1f. Unfortunately, This version of OpenSSL does not support TLS-ALPN, which has been added in 1.0.2. In order for the tests to run, it is required to upgrade at least to Ubuntu 16.04 LTS (Xenial Xerus). https://docs.travis-ci.com/user/reference/overview/ https://docs.travis-ci.com/user/reference/xenial/ https://packages.ubuntu.com/xenial/openssl	6 years ago
Rodolphe Breard	2fc4eef60c	Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.	6 years ago
Rodolphe Breard	eb7bc09134	Move the logs to the acme_common lib	6 years ago
Rodolphe Breard	d549c3db5a	Move the daemonize role to acme_common	6 years ago
Rodolphe Breard	83563ad950	Add the Clone trait to Error	6 years ago
Rodolphe Breard	a0d8944682	Move common items to a dedicated lib In a near future, ACMEd will be composed of several binaries which will use some common functions and structures.	6 years ago
Rodolphe Breard	406bcd94d5	Update the README path	6 years ago
Rodolphe Breard	79dd765c93	Update the README	6 years ago
Rodolphe Breard	0a7deb4cdc	Add tls-alpn-01 challenge support Although the standardization is still a draft, this challenge is already supported by Let's Encrypt. https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/	6 years ago
Rodolphe Breard	c5c9d17885	Update the README	6 years ago
Rodolphe Breard	84d2c94bad	Use the base64-encoded account name for file names The account public and private keys are stored in files with names derives from the account name itself. Because the account name may contain characters incompatible with a file name, it needs to be sanitized. Additionally, the account files does not need to be publicly accessed, therefore their name should only be deterministic. This last property allows to use a simple solution for sanitation: encode the name in base64. This way, it is deterministic, unique for each account and only contains safe characters. Note the base64 variant used is, as for the ACME protocol, the one with the URL and filename safe alphabet https://tools.ietf.org/html/rfc4648#section-5	6 years ago
Rodolphe Breard	2c7b716584	Retry request rejected with a recoverable error Some errors, like the badNonce one, are recoverable. Hence, the client is expected to retry. ACMEd will now re-send the associated request until it succeed or the max retries number is reached. Each retry is preceded by a small waiting time in order to let the server recover in case it was faulty.	6 years ago
Rodolphe Breard	f1a3ae6eb7	Update the example config file	6 years ago
Rodolphe Breard	f30663cc7c	Update a test	6 years ago