| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot
The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
| |
|
|
| |
Signed-off-by: Kevin White <kwhite@kevbo.org>
|
| |
|
|
|
|
| |
Important security fix.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| |
|
|
|
|
|
|
|
| |
ACME clients shouldn't deal with deprecated values. They should be
processed by acme-common.
Reformatting is done by shfmt.
Signed-off-by: Glen Huang <me@glenhuang.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.
Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| |
|
|
| |
Signed-off-by: Glen Huang <i@glenhuang.com>
|
| |
|
|
| |
Signed-off-by: Glen Huang <i@glenhuang.com>
|
|
|
Signed-off-by: Glen Huang <heyhgl@gmail.com>
|