Nicolas Duchon
a16a97fe11
fix: restrict private key permissions ( #1016 )
...
* fix: restrict private file permissions by default
* fix: check perms of /etc/acme.sh private keys
* fix: typo
2023-03-27 19:03:21 +02:00
Nicolas Duchon
87c27d22a6
feat: use EAB if available no matter the ACME CI ( #981 )
...
* ci: setup Pebble with docker-compose + .env file
* refactor: move acme.sh hooks further down the file
* feat: user EAB with other CAs than Zero SSL
* tests: ACME External Account Binding (EAB)
* ci: add local Pebble EAB testing
2022-12-06 12:28:48 +01:00
Nicolas Duchon
68005e6938
Revert "fix: register ACME account with EAB first ( #976 )"
...
This reverts commit 77cc9d5241cf711d607d6ba42b2d383e1a28bc10.
2022-12-03 22:15:40 +01:00
Jeroen
77cc9d5241
fix: register ACME account with EAB first ( #976 )
...
* check EAB_KID and HMAC_KEY before registering the ACME account using the provided email.
* Update letsencrypt_service
copy/past error
Co-authored-by: root <root@jump20dst.int.cvovolt.be>
2022-12-03 20:50:23 +01:00
Nicolas Duchon
b9e7d59bed
feat: per-container Pre-Hooks and Post-Hooks
2022-03-02 18:46:15 +01:00
TreeN0de
9da38f37b4
feat: acme.sh pre and post hooks
2022-02-25 19:07:22 +01:00
Nicolas Duchon
44bd2fa437
Merge pull request #904 from nginx-proxy/dhparam-rfc7919
...
Use RFC 7919 DH groups + Remove DH generation
2021-12-16 03:07:08 +01:00
Nicolas Duchon
9b935a09a5
style: coherent coding style on check_dh_group
...
+ removal of an unneeded local keyword
2021-12-16 02:00:04 +01:00
Nicolas Duchon
e0aaa93eb6
refactor: better check_dh_group() logic
...
Replaces existing group if it does not match the DHPARAM_BITS key size.
2021-12-14 23:34:15 +01:00
Nicolas Duchon
67d4194fb6
feat: use pre generated RFC7919 DH groups
...
Co-authored-by: polarathene <5098581+polarathene@users.noreply.github.com>
2021-12-14 23:32:39 +01:00
Nicolas Duchon
2f7ac9708a
style: add comments to docker-gen template
2021-12-12 19:41:46 +01:00
Nicolas Duchon
8fdd196d4f
fix: trim whitespaces from per-container env vars
2021-12-12 19:41:24 +01:00
Nicolas Duchon
dddd7a5a82
fix: prevent endless loop of wildcard enumeration
2021-12-08 15:37:15 +01:00
Nicolas Duchon
e9abac8b12
chore: project name change
2021-04-05 00:27:52 +02:00
Logan Kennelly
ffffdc86bd
Fix unintentional file globbing during wildcard lookup
...
Matching globs are common because the script runs in the certs
directory.
The test uses a suffix match as the test domains don't include
subdomains, although such cases should probably be considered.
Fix the le3.wtf test. The existing add_location_configuration modifies
"default"; a second add is not necessary.
Fixes #763
2021-03-15 18:14:22 -07:00
Danil Smirnov
42ddbcb580
Renaming and adding documentation
2020-12-29 15:09:03 +02:00
Danil Smirnov
b47755b875
Making time to wait configurable
2020-12-29 13:13:45 +02:00
Nicolas Duchon
c610b59006
Add CA_BUNDLE environment variable
...
Allows acme.sh to use an alternative trusted root CA
2020-12-28 11:31:01 +01:00
Nicolas Duchon
be654b5d27
Add OCSP Must-Staple extension feature ( #740 )
2020-12-25 18:23:33 +01:00
Nicolas Duchon
1752a420fa
Merge pull request #727 from buchdag/ci-fix
...
Fix LETSENCRYPT_KEYSIZE feature and tests
2020-12-08 23:58:58 +01:00
Benoit Garret
5f0bde1be4
Allow ZEROSSL_API_KEY on the letsencrypt container
2020-12-07 21:57:50 +01:00
Nicolas Duchon
6bfdd87109
Fix private keys types
2020-12-07 21:10:14 +01:00
Nicolas Duchon
082ad32f49
Fix the private_keys test
2020-12-07 21:05:32 +01:00
Nicolas Duchon
73b7186d6d
Raise back docker-gen debounce a bit
2020-12-07 00:57:22 +01:00
Nicolas Duchon
3d0cd89668
Remove array variable indirection hack
...
Replaced by declare -n builtin of Bash 4.3
2020-12-07 00:56:09 +01:00
Nicolas Duchon
f069d50d33
Fix tests self cleanup
2020-11-29 02:55:13 +01:00
Nicolas Duchon
1966e52a61
Support for preferred chain
2020-11-29 02:55:11 +01:00
Nicolas Duchon
d119a7e5f4
Go template formatting adjustments
2020-11-27 14:47:28 +01:00
Nicolas Duchon
e9aa88f091
Add support for Zero SSL API key
2020-11-27 14:47:28 +01:00
Nicolas Duchon
f8a24a6dff
Use acme.sh maximum debug level
2020-11-27 14:46:48 +01:00
Nicolas Duchon
d36dea9dda
More robust ACME account registration
2020-11-27 14:46:48 +01:00
Nicolas Duchon
5778216fad
Rename LETSENCRYPT_ACME_CA_URI > ACME_CA_URI
2020-11-27 14:46:48 +01:00
Nicolas Duchon
83aa3c9fda
Support for Zero SSL
2020-11-27 14:46:47 +01:00
Nicolas Duchon
a90c82a1a7
Add support for elliptic curve 512 bits keys
2020-11-27 14:46:47 +01:00
Nicolas Duchon
8052f04b07
Store and use image version based on git describe
2020-11-27 14:46:47 +01:00
Nicolas Duchon
54e73a994b
Backward compatibility with REUSE_PRIVATE_KEYS
2020-11-27 14:46:46 +01:00
Nicolas Duchon
14a019fedb
Fix private key reuse
2020-11-27 14:46:46 +01:00
Nicolas Duchon
e2d05afa25
Better debugging of acme.sh call parameters
2020-11-27 14:46:46 +01:00
Nicolas Duchon
cfc274642b
Reload nginx after creating the default cert
2020-11-27 14:46:46 +01:00
Nicolas Duchon
3e4b0a43dd
Linefeed typo
2020-11-27 14:46:45 +01:00
Nicolas Duchon
fde553364c
Use acme.sh --register-account in the service loop
2020-11-27 14:46:45 +01:00
Gilles Filippini
195b19d221
Use email-less staging conf for test certificates
2020-11-27 14:46:45 +01:00
Nicolas Duchon
aa62af0052
Code styling
2020-11-27 14:46:45 +01:00
Nicolas Duchon
0c165134b9
Update docs and comments
2020-11-27 14:46:45 +01:00
Gilles Filippini
3b1e1ba851
Enable proxied containers ACME email override
2020-11-27 14:46:44 +01:00
Gilles Filippini
3b6d87e8c2
Use default config for empty DEFAULT_EMAIL only
2020-11-27 14:46:44 +01:00
Nicolas Duchon
7cf0a52bce
Refactor update_certs() into two functions
2020-11-27 14:46:44 +01:00
Gilles Filippini
4504e3b4ca
Remove unused function from entrypoint
2020-11-27 14:46:44 +01:00
Gilles Filippini
f66c1d55bf
Links should be created on RENEW_SKIP as well
2020-11-27 14:46:43 +01:00
Nicolas Duchon
c821d809f6
Change ACME client to acme.sh
2020-11-27 14:44:01 +01:00