1
0
Commit Graph

187 Commits

Author SHA1 Message Date
Nicolas Duchon
a16a97fe11
fix: restrict private key permissions (#1016)
* fix: restrict private file permissions by default

* fix: check perms of /etc/acme.sh private keys

* fix: typo
2023-03-27 19:03:21 +02:00
Nicolas Duchon
87c27d22a6
feat: use EAB if available no matter the ACME CI (#981)
* ci: setup Pebble with docker-compose + .env file

* refactor: move acme.sh hooks further down the file

* feat: user EAB with other CAs than Zero SSL

* tests: ACME External Account Binding (EAB)

* ci: add local Pebble EAB testing
2022-12-06 12:28:48 +01:00
Nicolas Duchon
68005e6938
Revert "fix: register ACME account with EAB first (#976)"
This reverts commit 77cc9d5241cf711d607d6ba42b2d383e1a28bc10.
2022-12-03 22:15:40 +01:00
Jeroen
77cc9d5241
fix: register ACME account with EAB first (#976)
* check EAB_KID and HMAC_KEY before registering the ACME account using the provided email.

* Update letsencrypt_service

copy/past error

Co-authored-by: root <root@jump20dst.int.cvovolt.be>
2022-12-03 20:50:23 +01:00
Nicolas Duchon
b9e7d59bed
feat: per-container Pre-Hooks and Post-Hooks 2022-03-02 18:46:15 +01:00
TreeN0de
9da38f37b4
feat: acme.sh pre and post hooks 2022-02-25 19:07:22 +01:00
Nicolas Duchon
44bd2fa437
Merge pull request #904 from nginx-proxy/dhparam-rfc7919
Use RFC 7919 DH groups + Remove DH generation
2021-12-16 03:07:08 +01:00
Nicolas Duchon
9b935a09a5
style: coherent coding style on check_dh_group
+ removal of an unneeded local keyword
2021-12-16 02:00:04 +01:00
Nicolas Duchon
e0aaa93eb6
refactor: better check_dh_group() logic
Replaces existing group if it does not match the DHPARAM_BITS key size.
2021-12-14 23:34:15 +01:00
Nicolas Duchon
67d4194fb6
feat: use pre generated RFC7919 DH groups
Co-authored-by: polarathene <5098581+polarathene@users.noreply.github.com>
2021-12-14 23:32:39 +01:00
Nicolas Duchon
2f7ac9708a
style: add comments to docker-gen template 2021-12-12 19:41:46 +01:00
Nicolas Duchon
8fdd196d4f
fix: trim whitespaces from per-container env vars 2021-12-12 19:41:24 +01:00
Nicolas Duchon
dddd7a5a82
fix: prevent endless loop of wildcard enumeration 2021-12-08 15:37:15 +01:00
Nicolas Duchon
e9abac8b12
chore: project name change 2021-04-05 00:27:52 +02:00
Logan Kennelly
ffffdc86bd Fix unintentional file globbing during wildcard lookup
Matching globs are common because the script runs in the certs
directory.

The test uses a suffix match as the test domains don't include
subdomains, although such cases should probably be considered.

Fix the le3.wtf test. The existing add_location_configuration modifies
"default"; a second add is not necessary.

Fixes #763
2021-03-15 18:14:22 -07:00
Danil Smirnov
42ddbcb580 Renaming and adding documentation 2020-12-29 15:09:03 +02:00
Danil Smirnov
b47755b875 Making time to wait configurable 2020-12-29 13:13:45 +02:00
Nicolas Duchon
c610b59006
Add CA_BUNDLE environment variable
Allows acme.sh to use an alternative trusted root CA
2020-12-28 11:31:01 +01:00
Nicolas Duchon
be654b5d27
Add OCSP Must-Staple extension feature (#740) 2020-12-25 18:23:33 +01:00
Nicolas Duchon
1752a420fa
Merge pull request #727 from buchdag/ci-fix
Fix LETSENCRYPT_KEYSIZE feature and tests
2020-12-08 23:58:58 +01:00
Benoit Garret
5f0bde1be4 Allow ZEROSSL_API_KEY on the letsencrypt container 2020-12-07 21:57:50 +01:00
Nicolas Duchon
6bfdd87109
Fix private keys types 2020-12-07 21:10:14 +01:00
Nicolas Duchon
082ad32f49
Fix the private_keys test 2020-12-07 21:05:32 +01:00
Nicolas Duchon
73b7186d6d
Raise back docker-gen debounce a bit 2020-12-07 00:57:22 +01:00
Nicolas Duchon
3d0cd89668
Remove array variable indirection hack
Replaced by declare -n builtin of Bash 4.3
2020-12-07 00:56:09 +01:00
Nicolas Duchon
f069d50d33
Fix tests self cleanup 2020-11-29 02:55:13 +01:00
Nicolas Duchon
1966e52a61
Support for preferred chain 2020-11-29 02:55:11 +01:00
Nicolas Duchon
d119a7e5f4
Go template formatting adjustments 2020-11-27 14:47:28 +01:00
Nicolas Duchon
e9aa88f091
Add support for Zero SSL API key 2020-11-27 14:47:28 +01:00
Nicolas Duchon
f8a24a6dff
Use acme.sh maximum debug level 2020-11-27 14:46:48 +01:00
Nicolas Duchon
d36dea9dda
More robust ACME account registration 2020-11-27 14:46:48 +01:00
Nicolas Duchon
5778216fad
Rename LETSENCRYPT_ACME_CA_URI > ACME_CA_URI 2020-11-27 14:46:48 +01:00
Nicolas Duchon
83aa3c9fda
Support for Zero SSL 2020-11-27 14:46:47 +01:00
Nicolas Duchon
a90c82a1a7
Add support for elliptic curve 512 bits keys 2020-11-27 14:46:47 +01:00
Nicolas Duchon
8052f04b07
Store and use image version based on git describe 2020-11-27 14:46:47 +01:00
Nicolas Duchon
54e73a994b
Backward compatibility with REUSE_PRIVATE_KEYS 2020-11-27 14:46:46 +01:00
Nicolas Duchon
14a019fedb
Fix private key reuse 2020-11-27 14:46:46 +01:00
Nicolas Duchon
e2d05afa25
Better debugging of acme.sh call parameters 2020-11-27 14:46:46 +01:00
Nicolas Duchon
cfc274642b
Reload nginx after creating the default cert 2020-11-27 14:46:46 +01:00
Nicolas Duchon
3e4b0a43dd
Linefeed typo 2020-11-27 14:46:45 +01:00
Nicolas Duchon
fde553364c
Use acme.sh --register-account in the service loop 2020-11-27 14:46:45 +01:00
Gilles Filippini
195b19d221
Use email-less staging conf for test certificates 2020-11-27 14:46:45 +01:00
Nicolas Duchon
aa62af0052
Code styling 2020-11-27 14:46:45 +01:00
Nicolas Duchon
0c165134b9
Update docs and comments 2020-11-27 14:46:45 +01:00
Gilles Filippini
3b1e1ba851
Enable proxied containers ACME email override 2020-11-27 14:46:44 +01:00
Gilles Filippini
3b6d87e8c2
Use default config for empty DEFAULT_EMAIL only 2020-11-27 14:46:44 +01:00
Nicolas Duchon
7cf0a52bce
Refactor update_certs() into two functions 2020-11-27 14:46:44 +01:00
Gilles Filippini
4504e3b4ca
Remove unused function from entrypoint 2020-11-27 14:46:44 +01:00
Gilles Filippini
f66c1d55bf
Links should be created on RENEW_SKIP as well 2020-11-27 14:46:43 +01:00
Nicolas Duchon
c821d809f6
Change ACME client to acme.sh 2020-11-27 14:44:01 +01:00