Joshua Tauberer
a6ae0e6da1
Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT)
2022-06-19 07:31:07 -04:00
David Duque
8b166f3041
Display certificate expiry dates in ISO format ( #1841 )
2020-10-16 16:22:36 -04:00
Joshua Tauberer
37dad9d4bb
Provision certificates from Let's Encrypt grouped by DNS zone
...
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).
Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.
Fixes #690 .
2020-05-29 15:38:18 -04:00
Joshua Tauberer
2f467556bd
new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392
2018-07-19 11:40:49 -04:00
Joshua Tauberer
2a72c800f6
replace free_tls_certificates with certbot
2018-06-29 16:46:21 -04:00
Joshua Tauberer
8be23d5ef6
ssl_certificates: reuse query_dns function in status_checks and simplify calls by calling normalize_ip within query_dns
2018-06-29 16:46:21 -04:00
Joshua Tauberer
ef6f121491
when generating a CSR in the control panel, don't set empty attributes
...
Same as in a52c56e571
.
Fixes #1338 .
2018-01-28 09:07:54 -05:00
Joshua Tauberer
0088fb4553
install Python 3 packages in a virtualenv
...
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.
See #1298 , see #1264 .
2018-01-15 13:27:04 -05:00
Joshua Tauberer
add985ce5d
letencrypt now supports idna, remove the check/block
2017-04-17 07:45:08 -04:00
Joshua Tauberer
a081d04082
move the custom exclusive process code from utils.py into a new python package named exclusiveprocess
2017-01-15 11:02:23 -05:00
Jonathan Chun
584cfe42c4
compare IPv6 addresses correctly with normalization ( #1052 )
2017-01-15 10:41:12 -05:00
Joshua Tauberer
cd717ec94e
nightly TLS certificate provisioning should omit warnings about domains it cant provision for
2016-12-07 07:02:52 -05:00
Joshua Tauberer
c26bc841a2
more for dnspython exception with IPv6 addresses
...
fixes #945 , corrects prev commit (#947 ) in case of multiple AAAA records, adds changelog
2016-09-23 07:41:24 -04:00
Mathis Hoffmann
163daea41c
dnspython exception with IPv6 addresses
...
see #945 , merges #947
2016-09-23 07:35:53 -04:00
Joshua Tauberer
49ea9cddd1
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
2016-03-06 14:39:34 -05:00
Joshua Tauberer
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
Joshua Tauberer
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
Joshua Tauberer
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
Joshua Tauberer
faaa74c3a7
tls: hide extra reasons why domains aren't getting a new certificate during setup
2016-01-14 07:21:08 -05:00
Joshua Tauberer
2882e63dd8
second part of provisioning tls certificates from the control panel
2016-01-04 18:43:17 -05:00
Joshua Tauberer
b8d6226a9a
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
2016-01-04 18:43:17 -05:00
Joshua Tauberer
bac15d3919
provision tls certificates from the control panel
2016-01-04 18:43:16 -05:00
Joshua Tauberer
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b1b57f9bfd
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
...
fixes #646
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
Joshua Tauberer
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
Joshua Tauberer
392d33b902
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
...
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
2015-12-26 11:01:46 -05:00
Joshua Tauberer
be9efe0273
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
2015-11-29 14:04:37 +00:00
Joshua Tauberer
766b98c4ad
refactor: move SSL-related management functions into a new module ssl_certificates.py
2015-11-29 13:59:22 +00:00