Jonathan Chun
|
584cfe42c4
|
compare IPv6 addresses correctly with normalization (#1052)
|
2017-01-15 10:41:12 -05:00 |
Joshua Tauberer
|
cd717ec94e
|
nightly TLS certificate provisioning should omit warnings about domains it cant provision for
|
2016-12-07 07:02:52 -05:00 |
Joshua Tauberer
|
c26bc841a2
|
more for dnspython exception with IPv6 addresses
fixes #945, corrects prev commit (#947) in case of multiple AAAA records, adds changelog
|
2016-09-23 07:41:24 -04:00 |
Mathis Hoffmann
|
163daea41c
|
dnspython exception with IPv6 addresses
see #945, merges #947
|
2016-09-23 07:35:53 -04:00 |
Joshua Tauberer
|
49ea9cddd1
|
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
|
2016-03-06 14:39:34 -05:00 |
Joshua Tauberer
|
36cb2ef41d
|
missing elif
|
2016-02-16 09:11:54 -05:00 |
Joshua Tauberer
|
1ba44b02d4
|
forgot to catch free_tls_certificates.client.ChallengeFailed
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695, probably fixes it
|
2016-02-15 18:22:16 -05:00 |
Joshua Tauberer
|
2f24328608
|
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
Made a mistake refactoring the headless variable earlier.
fixes #696
|
2016-02-13 12:38:16 -05:00 |
Joshua Tauberer
|
faaa74c3a7
|
tls: hide extra reasons why domains aren't getting a new certificate during setup
|
2016-01-14 07:21:08 -05:00 |
Joshua Tauberer
|
2882e63dd8
|
second part of provisioning tls certificates from the control panel
|
2016-01-04 18:43:17 -05:00 |
Joshua Tauberer
|
b8d6226a9a
|
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
|
2016-01-04 18:43:17 -05:00 |
Joshua Tauberer
|
bac15d3919
|
provision tls certificates from the control panel
|
2016-01-04 18:43:16 -05:00 |
Joshua Tauberer
|
4b4f670adf
|
s/SSL/TLS/ in user-visible text throughout the project
|
2016-01-04 18:43:16 -05:00 |
Joshua Tauberer
|
b1b57f9bfd
|
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
fixes #646
|
2016-01-04 18:43:16 -05:00 |
Joshua Tauberer
|
b6933a73fa
|
provision and install free SSL certificates from Let's Encrypt
|
2016-01-04 18:43:16 -05:00 |
Joshua Tauberer
|
d53332b7cf
|
drop the CSR_COUNTRY setting and ask within the control panel
|
2015-12-26 11:48:23 -05:00 |
Joshua Tauberer
|
392d33b902
|
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
|
2015-12-26 11:01:46 -05:00 |
Joshua Tauberer
|
be9efe0273
|
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
|
2015-11-29 14:04:37 +00:00 |
Joshua Tauberer
|
766b98c4ad
|
refactor: move SSL-related management functions into a new module ssl_certificates.py
|
2015-11-29 13:59:22 +00:00 |