Daniel Berteaud
68f8f037be
Specify ISRG X1 as preferred chain
3 years ago
Daniel Berteaud
8dfda4711e
Don't restrict ACME challenges to the clear text vhost
...
There are cases (like when running behind a proxypass) where it's also needed on the SSL vhost
4 years ago
Daniel Berteaud
be54e7b798
Switch to the v2 API
4 years ago
Daniel Berteaud
d3f400a56b
Set default URI to prod
8 years ago
Daniel Berteaud
6ef45f251a
Send the 1 command to imap and not imaps to update imapd.pem on SME 8
8 years ago
Daniel Berteaud
c8a056ab56
Rename cron template metadata
8 years ago
Daniel Berteaud
ad07400004
Update hook wrapper path
8 years ago
Daniel Berteaud
d6a984d862
Update well-known directory
8 years ago
Daniel Berteaud
b9105310d9
Fix migrating cert path
8 years ago
Daniel Berteaud
ded0c3eb5e
Adapt for the rename to dehydrated
8 years ago
Daniel Berteaud
789d868e89
Fix deploy hook on sme8
...
There was two problems: the manual expand-template for the pem file was wrong, and the smeserver-letsencrypt-client rpm provided the /etc/e-smith/event/ssl-update event. So the test for it not existing was always false. But this event did nothing except expand a single config template, no ssl cert was being updated
8 years ago
Daniel Berteaud
39d2e30398
Fix cron syntax for random sleep command
8 years ago
Daniel Berteaud
73a2dbcaf8
Always add letsencrypt alias
...
so if a domain has letsencrypt support disabled, but has at least one hostname attached to this domain with letsencrypt enabled, it can validate its challenge
9 years ago
Daniel Berteaud
2417beb270
Don't force Letsencrypt support on primary domain
9 years ago
Daniel Berteaud
8a58ddb102
Add a wrapper script for letsencrypt.sh
...
This wrapper support a new ProxyPassACMEChallengesDisableOnRenew prop which allows disabling ACME challenge proxypass only during the renewal
9 years ago
Daniel Berteaud
e646cd1705
Set DOMAINS_TXT in config
9 years ago
Daniel Berteaud
a9387cd1bd
Rename config.sh to config
9 years ago
Daniel Berteaud
d772e84feb
Use chain.pem instead of fullchain.pem
...
As some older OpenSSL (like the one in Debian 7) don't like the final cert being in the intermediate chain
9 years ago
Daniel Berteaud
5467cea2c2
Fix cron template
9 years ago
Daniel Berteaud
ddb4abb9d4
Turn RevokeOldCertificates on by default
9 years ago
Daniel Berteaud
a95bccf47f
Make Renewal configurable
9 years ago
Daniel Berteaud
bae49f049e
Revoke old certs in a separated script
...
We cannot call letsencrypt.sh from a hook script, as there's a lock file
9 years ago
Daniel Berteaud
bae34ca9f1
Better AltName selection and deduplication
9 years ago
Daniel Berteaud
752f3d3a41
Add a Uri prop to choose between production or staging CA
...
And default to staging
9 years ago
Daniel Berteaud
b088baa65d
String must be quoted
9 years ago
Daniel Berteaud
6651e5dcc6
Cron syntax was wrong
9 years ago
Daniel Berteaud
9163bbd3c3
Send stdout and stderr in logs, but print stderr also
...
So a failed cron job will be emailed to the admin
9 years ago
Daniel Berteaud
233c6e4945
Add some sanity check to args passed to hook handler
9 years ago
Daniel Berteaud
eedcb47c0b
Call le_hooks.sh
9 years ago
Daniel Berteaud
3a24f881ba
Adapt hook scripts
9 years ago
Daniel Berteaud
c926162fc3
Rename hook script
...
SO it's easier to order with others
9 years ago
Daniel Berteaud
fa5b40587b
Move hook script to /etc/letsencrypt.sh/hooks_deploy_cert.d
...
And also make it working on older SME (without ssl-update event)
9 years ago
Daniel Berteaud
88a7d5fda0
Possibility to explicitely disable Self hosts
9 years ago
Daniel Berteaud
ebdeabf799
Log cron jobs
9 years ago
Daniel Berteaud
89ec028659
Don't exec letsencrypt.sh in le-update
9 years ago
Daniel Berteaud
7a46806df6
No need to specify hook on cmd line
9 years ago
Daniel Berteaud
88890c22fd
Change challenge directory
9 years ago
Daniel Berteaud
04664ce9cc
Call with the hook and run in background during events
9 years ago
Daniel Berteaud
a445ea1d08
Fix hook script and revoke old certificates
9 years ago
Daniel Berteaud
ae24a11695
Explicitely set patch to the hook script
9 years ago
Daniel Berteaud
cf96333f22
Make sure main domain is the first listed
9 years ago
Daniel Berteaud
051e021fdd
First commit
9 years ago