68f8f037be
Specify ISRG X1 as preferred chain
3 years ago
8dfda4711e
Don't restrict ACME challenges to the clear text vhost
...
There are cases (like when running behind a proxypass) where it's also needed on the SSL vhost
4 years ago
be54e7b798
Switch to the v2 API
4 years ago
d3f400a56b
Set default URI to prod
8 years ago
6ef45f251a
Send the 1 command to imap and not imaps to update imapd.pem on SME 8
8 years ago
c8a056ab56
Rename cron template metadata
8 years ago
ad07400004
Update hook wrapper path
8 years ago
d6a984d862
Update well-known directory
8 years ago
b9105310d9
Fix migrating cert path
8 years ago
ded0c3eb5e
Adapt for the rename to dehydrated
8 years ago
789d868e89
Fix deploy hook on sme8
...
There was two problems: the manual expand-template for the pem file was wrong, and the smeserver-letsencrypt-client rpm provided the /etc/e-smith/event/ssl-update event. So the test for it not existing was always false. But this event did nothing except expand a single config template, no ssl cert was being updated
9 years ago
39d2e30398
Fix cron syntax for random sleep command
9 years ago
73a2dbcaf8
Always add letsencrypt alias
...
so if a domain has letsencrypt support disabled, but has at least one hostname attached to this domain with letsencrypt enabled, it can validate its challenge
9 years ago
2417beb270
Don't force Letsencrypt support on primary domain
9 years ago
8a58ddb102
Add a wrapper script for letsencrypt.sh
...
This wrapper support a new ProxyPassACMEChallengesDisableOnRenew prop which allows disabling ACME challenge proxypass only during the renewal
9 years ago
e646cd1705
Set DOMAINS_TXT in config
9 years ago
a9387cd1bd
Rename config.sh to config
9 years ago
d772e84feb
Use chain.pem instead of fullchain.pem
...
As some older OpenSSL (like the one in Debian 7) don't like the final cert being in the intermediate chain
9 years ago
5467cea2c2
Fix cron template
9 years ago
ddb4abb9d4
Turn RevokeOldCertificates on by default
9 years ago
a95bccf47f
Make Renewal configurable
9 years ago
bae49f049e
Revoke old certs in a separated script
...
We cannot call letsencrypt.sh from a hook script, as there's a lock file
9 years ago
bae34ca9f1
Better AltName selection and deduplication
9 years ago
752f3d3a41
Add a Uri prop to choose between production or staging CA
...
And default to staging
9 years ago
b088baa65d
String must be quoted
9 years ago
6651e5dcc6
Cron syntax was wrong
9 years ago
9163bbd3c3
Send stdout and stderr in logs, but print stderr also
...
So a failed cron job will be emailed to the admin
9 years ago
233c6e4945
Add some sanity check to args passed to hook handler
9 years ago
eedcb47c0b
Call le_hooks.sh
9 years ago
3a24f881ba
Adapt hook scripts
9 years ago
c926162fc3
Rename hook script
...
SO it's easier to order with others
9 years ago
fa5b40587b
Move hook script to /etc/letsencrypt.sh/hooks_deploy_cert.d
...
And also make it working on older SME (without ssl-update event)
9 years ago
88a7d5fda0
Possibility to explicitely disable Self hosts
9 years ago
ebdeabf799
Log cron jobs
9 years ago
89ec028659
Don't exec letsencrypt.sh in le-update
9 years ago
7a46806df6
No need to specify hook on cmd line
9 years ago
88890c22fd
Change challenge directory
9 years ago
04664ce9cc
Call with the hook and run in background during events
9 years ago
a445ea1d08
Fix hook script and revoke old certificates
9 years ago
ae24a11695
Explicitely set patch to the hook script
9 years ago
cf96333f22
Make sure main domain is the first listed
9 years ago
051e021fdd
First commit
9 years ago
Daniel Berteaud