aboutsummaryrefslogtreecommitdiff
path: root/net/acme-acmesh/files
Commit message (Collapse)AuthorAge
* acme-acmesh: Provide a 'combined' certificate bundle as wellToke Høiland-Jørgensen2022-12-14
| | | | | | | | | | | | | | | The haproxy hotplug script creates a 'combined' certificate bundle that contains both the certificate chain and the private key. However, having a daemon hotplug script write into CERT_DIR is not great; so let's provide the bundle as part of the main acme framework, keeping it in $domain_dir and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a collection of links for everything, that no consumers should need to write into. Also make sure to set the umask correctly so the combined file is not world-readable (since it contains the private key). Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* acme-acmesh: Don't hard-code certificate directoryToke Høiland-Jørgensen2022-12-14
| | | | | | | | | The acme-acmesh package hardcoded the certificate path in its hook script. Now that we export it as a variable we can avoid hard-coding and use the variable version instead. Also factor out the linking of certificates into a function so it's not repeated. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* acme-acmesh: use $challenge_dirGlen Huang2022-12-14
| | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* acme: ensure symlinks for renewed certificatesGlen Huang2022-11-28
| | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* acme: make certificates use .crt as the extensionGlen Huang2022-11-18
| | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* acme: add dns_wait optionGlen Huang2022-10-24
| | | | | | | | | | | acme.sh by default use public DNS resolvers to check if TXT record was correctly added when using DNS-01. This can be undesirable in a private environment where the DNS server is not publicly accessible. This option allows bypassing such check and simply waiting for a specific length of time for the TXT record to take effect. Signed-off-by: Glen Huang <i@glenhuang.com>
* amce: use procd to restart servicesGlen Huang2022-10-24
| | | | | | | Directly calling `/etc/init.d/<service> reload` in a hotplug script can inadvertently start a stopped service. Signed-off-by: Glen Huang <i@glenhuang.com>
* acme: fix acme pathGlen Huang2022-08-22
| | | | Signed-off-by: Glen Huang <heyhgl@gmail.com>
* acme: use the hotplug systemGlen Huang2022-08-16
Signed-off-by: Glen Huang <heyhgl@gmail.com>