15bddcbc39
Fixed RUF010 (explicit-f-string-type-conversion): Use explicit conversion flag
2024-03-10 07:56:49 -04:00
c719fce40a
Fixed UP032 (f-string): Use f-string instead of `format` call
2024-03-10 07:56:49 -04:00
d661d623dc
Fixed RUF017 (quadratic-list-summation): Avoid quadratic list summation
2024-03-10 07:56:49 -04:00
f621789298
Fixed SIM118 (in-dict-keys): Use `key in dict` instead of `key in dict.keys()`
2024-03-10 07:56:49 -04:00
57d05c1ab2
Fixed B007 (unused-loop-control-variable)
2024-03-10 07:54:51 -04:00
e8d1c037cb
Fixed SIM102 (collapsible-if): Use a single `if` statement instead of nested `if` statements
2024-03-10 07:54:51 -04:00
3d72c32b1d
Fixed W605 (invalid-escape-sequence)
2024-03-10 07:54:51 -04:00
14a5613dc8
Fixed UP031 (printf-string-formatting): Use format specifiers instead of percent format
2024-03-10 07:54:51 -04:00
13b38cc04d
Fixed F841 (unused-variable)
2024-03-10 07:54:51 -04:00
dd61844ced
Fixed EM101 (raw-string-in-exception): Exception must not use a string literal, assign to variable first
2024-03-10 07:54:51 -04:00
49124cc9ca
Fixed PLR6201 (literal-membership): Use a `set` literal when testing for membership
2024-03-10 07:54:51 -04:00
0ee64f2fe8
Fixed F401 (unused-import)
2024-03-10 07:54:21 -04:00
820a39b865
chore(python open): Refactor open and gzip.open to use context manager ( #2203 )
...
Co-authored-by: Hugh Secker-Walker <hsw+miac@hodain.net>
2023-01-15 08:28:43 -05:00
ab71abbc7c
Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT)
2022-07-28 14:42:51 -04:00
8b166f3041
Display certificate expiry dates in ISO format ( #1841 )
2020-10-16 16:22:36 -04:00
37dad9d4bb
Provision certificates from Let's Encrypt grouped by DNS zone
...
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).
Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.
Fixes #690 .
2020-05-29 15:38:18 -04:00
2f467556bd
new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392
2018-07-19 11:40:49 -04:00
2a72c800f6
replace free_tls_certificates with certbot
2018-06-29 16:46:21 -04:00
8be23d5ef6
ssl_certificates: reuse query_dns function in status_checks and simplify calls by calling normalize_ip within query_dns
2018-06-29 16:46:21 -04:00
ef6f121491
when generating a CSR in the control panel, don't set empty attributes
...
Same as in a52c56e571Fixes #1338 .
2018-01-28 09:07:54 -05:00
0088fb4553
install Python 3 packages in a virtualenv
...
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.
See #1298 , see #1264 .
2018-01-15 13:27:04 -05:00
add985ce5d
letencrypt now supports idna, remove the check/block
2017-04-17 07:45:08 -04:00
a081d04082
move the custom exclusive process code from utils.py into a new python package named exclusiveprocess
2017-01-15 11:02:23 -05:00
584cfe42c4
compare IPv6 addresses correctly with normalization ( #1052 )
2017-01-15 10:41:12 -05:00
cd717ec94e
nightly TLS certificate provisioning should omit warnings about domains it cant provision for
2016-12-07 07:02:52 -05:00
c26bc841a2
more for dnspython exception with IPv6 addresses
...
fixes #945 , corrects prev commit (#947 ) in case of multiple AAAA records, adds changelog
2016-09-23 07:41:24 -04:00
163daea41c
dnspython exception with IPv6 addresses
...
see #945 , merges #947
2016-09-23 07:35:53 -04:00
49ea9cddd1
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
2016-03-06 14:39:34 -05:00
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
faaa74c3a7
tls: hide extra reasons why domains aren't getting a new certificate during setup
2016-01-14 07:21:08 -05:00
2882e63dd8
second part of provisioning tls certificates from the control panel
2016-01-04 18:43:17 -05:00
b8d6226a9a
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
2016-01-04 18:43:17 -05:00
bac15d3919
provision tls certificates from the control panel
2016-01-04 18:43:16 -05:00
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
b1b57f9bfd
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
...
fixes #646
2016-01-04 18:43:16 -05:00
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
392d33b902
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
...
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
2015-12-26 11:01:46 -05:00
be9efe0273
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
2015-11-29 14:04:37 +00:00
766b98c4ad
refactor: move SSL-related management functions into a new module ssl_certificates.py
2015-11-29 13:59:22 +00:00
Teal Dulcet
Hugh Secker-Walker
Joshua Tauberer
David Duque
Jonathan Chun
Mathis Hoffmann