jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
8,315 Commits 33 Branches 583 Tags
6a7fc17c609a7918362302fb3a46bbf5a7d12cce
Commit Graph

80 Commits

Author SHA1 Message Date
Girish Ramakrishnan
81b721be2b Fix buffer warnings 2019-03-21 20:06:14 -07:00
Girish Ramakrishnan
ff359c477f acme: Wait for 5mins 
often, let's encrypt is failing to get the new DNS. not sure why
 2019-01-21 10:45:43 -08:00
Girish Ramakrishnan
4142d7a050 Fix error handling of all the execSync usage 2018-11-23 13:11:15 -08:00
Girish Ramakrishnan
a0306c69e1 remove unused acme1.js 
it got merged to acme2.js
 2018-11-23 13:11:15 -08:00
Girish Ramakrishnan
c09aa2a498 Make LE work with hyphenated domains 2018-11-01 19:08:05 -07:00
Girish Ramakrishnan
8dd3c55ecf Use async unlink 2018-09-28 17:05:53 -07:00
Girish Ramakrishnan
1ee902a541 typoe 2018-09-28 17:01:56 -07:00
Girish Ramakrishnan
5a8a4e7907 acme2: Display any errors when cleaning up challenge 2018-09-28 14:33:08 -07:00
Girish Ramakrishnan
3b5be641f0 acme2: fix challenge subdomain calculation in cleanup 2018-09-28 13:24:34 -07:00
Girish Ramakrishnan
a34fe120fb TXT values must be quoted 2018-09-27 20:17:39 -07:00
Girish Ramakrishnan
e69004548b waitForDnsRecord: use subdomain as argument 
this allows to hyphenate the subdomain correctly in all places

the original issue was that altDomain in caas was not working
because waitForDnsRecord was not hyphenating.
 2018-09-22 11:26:33 -07:00
Girish Ramakrishnan
ed14115ff1 Fix new account return value 
https://tools.ietf.org/html/draft-ietf-acme-acme-07#section-7.3
 2018-09-17 15:30:16 -07:00
Girish Ramakrishnan
6d9c6ffba3 acme2: register new account returns 201 2018-09-17 15:19:19 -07:00
Girish Ramakrishnan
6ba574432a calculate subdomain correctly for non-wildcard domains 2018-09-12 15:55:20 -07:00
Girish Ramakrishnan
96075c7c20 Fix double callback 2018-09-12 14:43:15 -07:00
Girish Ramakrishnan
64665542bc select app's cert based on domain's wildcard flag 
this also removes the confusing type field in the bundle. we instead
check the current nginx config to see what cert is in use.
 2018-09-12 14:22:54 -07:00
Girish Ramakrishnan
c138c4bb5f acme2: implement wildcard certs 2018-09-11 23:15:50 -07:00
Girish Ramakrishnan
35f69cfea9 acme2: wait for dns 2018-09-11 19:41:41 -07:00
Girish Ramakrishnan
d0dde04695 acme2: dns authorization 2018-09-10 21:46:53 -07:00
Girish Ramakrishnan
2f38a4018c pass domain arg to getCertificate API 2018-09-10 20:48:47 -07:00
Girish Ramakrishnan
f38b87c660 lint 2018-09-10 20:30:38 -07:00
Girish Ramakrishnan
9bac2acc37 Fix callback use 2018-09-10 17:39:13 -07:00
Girish Ramakrishnan
68536b6d7d acme2 implementation 2018-09-10 16:26:24 -07:00
Girish Ramakrishnan
017460b497 acme -> acme1 2018-09-10 10:57:48 -07:00
Girish Ramakrishnan
8e500e0243 caas: make the cert provider use domain fallback certs 2018-01-30 14:18:34 -08:00
Johannes Zellner
07626dacb5 Ensure certificates needs to be multidomain aware 2017-11-20 20:01:50 +01:00
Girish Ramakrishnan
48a52fae2e LE agreement URL has changed 2017-11-17 10:35:58 -08:00
Girish Ramakrishnan
504662b466 acme: link url is absolute in le-staging 
Part of #217
 2017-02-15 10:40:05 -08:00
Johannes Zellner
456cb22ac0 this and that typo 2016-12-30 11:32:56 +01:00
Girish Ramakrishnan
bc75d07391 Remove ursa dependancy 
ursa uses native code and doing a npm rebuild often runs out of
memory in low memory cloudrons
 2016-12-30 00:13:35 -08:00
Johannes Zellner
b1be65d9ce Add fallback certificate backend 2016-12-05 17:01:23 +01:00
Johannes Zellner
eacc4412ba We don't use tabs but 4 spaces 2016-12-05 16:07:06 +01:00
Girish Ramakrishnan
bafc35f99e Revert "Use in-place replacement ursa-purejs for native ursa" 
This reverts commit 8e033dc387.

Lots of things in ursa-purejs is unimplemented. We get errors like:

    /home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:331
          throw new Error("Unsupported operation : sign");
          ^
    Error: Unsupported operation : sign
        at Object.sign (/home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:331:13)
        at Object.sign (/home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:624:27)
        at /home/yellowtent/box/src/cert/acme.js:112:50
        at /home/yellowtent/box/src/cert/acme.js:70:16
 2016-10-13 21:41:04 -07:00
Johannes Zellner
8e033dc387 Use in-place replacement ursa-purejs for native ursa 
The native modules often cause headaches with rebuilds
 2016-10-13 11:23:57 +02:00
Girish Ramakrishnan
c12ee50b3b dump the body for debugging 2016-10-11 19:29:23 -07:00
Girish Ramakrishnan
9b83a4d776 add certificate interface file 2016-10-07 14:09:20 -07:00
Girish Ramakrishnan
c1bb264065 Set a timeout for superagent 
The default is 'no timeout' and it will wait for the response forever.

https://github.com/visionmedia/superagent/issues/17#issuecomment-207742985
 2016-09-12 13:06:18 -07:00
Girish Ramakrishnan
451c770b5c ACME agreement url has changed 2016-08-02 10:40:17 -07:00
Girish Ramakrishnan
8cfbf92adc fix acme prod setting detection 2016-06-22 15:55:53 -05:00
Girish Ramakrishnan
9e8179a235 up link is relative 2016-03-29 14:02:53 -07:00
Girish Ramakrishnan
2c4cf0a505 Download intermediate cert following the 'up' Link 2016-03-29 12:51:05 -07:00
Girish Ramakrishnan
75ed9c4a63 Check for key file instead of csr file 
1) csr file in older backups got corrupt
2) new key results in a new cert request in LE (for rate limits)
 2016-03-19 18:49:55 -07:00
Girish Ramakrishnan
14ef71002f write the DER cert properly into the csr file 2016-03-19 14:07:58 -07:00
Girish Ramakrishnan
017c32c3dd fix certificate renewal 
Do the whole acme flow for certificate renewal. the idea here is
simply reuse the key and the csr. In this case, it does not count
as a new certificate issuance.

https://github.com/diafygi/letsencrypt-nosudo/issues/55
 2016-03-19 02:44:05 -07:00
girish@cloudron.io
7f2b3eb835 acme: disable renewal via url fetch for now 
this does not seem to work.

From cf85854177:

// RenewCertificate attempts to renew an existing certificate.
// Let's Encrypt may return the same certificate. You should load your
// current x509.Certificate and use the Equal method to compare to the "new"
// certificate. If it's identical, you'll need to run NewCertificate and/or
// start a new certificate flow.
 2016-03-14 22:22:57 -07:00
Girish Ramakrishnan
b942033512 acme: debug output the domain 2016-03-14 16:21:03 -07:00
girish@cloudron.io
4e94c8ea56 updateContact gets 202 and not 200 2016-01-13 16:46:01 -08:00
girish@cloudron.io
26c9bcbc28 fix this and that 2016-01-13 15:00:33 -08:00
girish@cloudron.io
cd35ab5932 acme: update contact information before getting a cert 
part of #544

there were two approaches considered:
1. pipe through owner email from appstore. this requires to save this
   value in settingsdb and we need to remember this in case user changes
   the email. another issue is that selfhost installer tooling needs to
   require this new value.

2. simply update owner email each time. this is the chosen approach.
 2016-01-13 14:06:31 -08:00
girish@cloudron.io
5eb3c208f1 allow email to be configured 2016-01-13 12:15:27 -08:00