Joshua Tauberer
|
faaa74c3a7
|
tls: hide extra reasons why domains aren't getting a new certificate during setup
|
2016-01-14 07:21:08 -05:00 |
|
Joshua Tauberer
|
2882e63dd8
|
second part of provisioning tls certificates from the control panel
|
2016-01-04 18:43:17 -05:00 |
|
Joshua Tauberer
|
b8d6226a9a
|
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
|
2016-01-04 18:43:17 -05:00 |
|
Joshua Tauberer
|
bac15d3919
|
provision tls certificates from the control panel
|
2016-01-04 18:43:16 -05:00 |
|
Joshua Tauberer
|
4b4f670adf
|
s/SSL/TLS/ in user-visible text throughout the project
|
2016-01-04 18:43:16 -05:00 |
|
Joshua Tauberer
|
b1b57f9bfd
|
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
fixes #646
|
2016-01-04 18:43:16 -05:00 |
|
Joshua Tauberer
|
b6933a73fa
|
provision and install free SSL certificates from Let's Encrypt
|
2016-01-04 18:43:16 -05:00 |
|
Joshua Tauberer
|
d53332b7cf
|
drop the CSR_COUNTRY setting and ask within the control panel
|
2015-12-26 11:48:23 -05:00 |
|
Joshua Tauberer
|
392d33b902
|
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
|
2015-12-26 11:01:46 -05:00 |
|
Joshua Tauberer
|
be9efe0273
|
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
|
2015-11-29 14:04:37 +00:00 |
|
Joshua Tauberer
|
766b98c4ad
|
refactor: move SSL-related management functions into a new module ssl_certificates.py
|
2015-11-29 13:59:22 +00:00 |