jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
4,727 Commits 33 Branches 583 Tags
b0638df94e92b621e4a58b2b0228bf09cac798e8
Commit Graph

53 Commits

Author SHA1 Message Date
Girish Ramakrishnan
504662b466 acme: link url is absolute in le-staging 
Part of #217
 2017-02-15 10:40:05 -08:00
Johannes Zellner
456cb22ac0 this and that typo 2016-12-30 11:32:56 +01:00
Girish Ramakrishnan
bc75d07391 Remove ursa dependancy 
ursa uses native code and doing a npm rebuild often runs out of
memory in low memory cloudrons
 2016-12-30 00:13:35 -08:00
Johannes Zellner
b1be65d9ce Add fallback certificate backend 2016-12-05 17:01:23 +01:00
Johannes Zellner
eacc4412ba We don't use tabs but 4 spaces 2016-12-05 16:07:06 +01:00
Girish Ramakrishnan
bafc35f99e Revert "Use in-place replacement ursa-purejs for native ursa" 
This reverts commit 8e033dc387.

Lots of things in ursa-purejs is unimplemented. We get errors like:

    /home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:331
          throw new Error("Unsupported operation : sign");
          ^
    Error: Unsupported operation : sign
        at Object.sign (/home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:331:13)
        at Object.sign (/home/yellowtent/box/node_modules/ursa-purejs/lib/ursa.js:624:27)
        at /home/yellowtent/box/src/cert/acme.js:112:50
        at /home/yellowtent/box/src/cert/acme.js:70:16
 2016-10-13 21:41:04 -07:00
Johannes Zellner
8e033dc387 Use in-place replacement ursa-purejs for native ursa 
The native modules often cause headaches with rebuilds
 2016-10-13 11:23:57 +02:00
Girish Ramakrishnan
c12ee50b3b dump the body for debugging 2016-10-11 19:29:23 -07:00
Girish Ramakrishnan
9b83a4d776 add certificate interface file 2016-10-07 14:09:20 -07:00
Girish Ramakrishnan
c1bb264065 Set a timeout for superagent 
The default is 'no timeout' and it will wait for the response forever.

https://github.com/visionmedia/superagent/issues/17#issuecomment-207742985
 2016-09-12 13:06:18 -07:00
Girish Ramakrishnan
451c770b5c ACME agreement url has changed 2016-08-02 10:40:17 -07:00
Girish Ramakrishnan
8cfbf92adc fix acme prod setting detection 2016-06-22 15:55:53 -05:00
Girish Ramakrishnan
9e8179a235 up link is relative 2016-03-29 14:02:53 -07:00
Girish Ramakrishnan
2c4cf0a505 Download intermediate cert following the 'up' Link 2016-03-29 12:51:05 -07:00
Girish Ramakrishnan
75ed9c4a63 Check for key file instead of csr file 
1) csr file in older backups got corrupt
2) new key results in a new cert request in LE (for rate limits)
 2016-03-19 18:49:55 -07:00
Girish Ramakrishnan
14ef71002f write the DER cert properly into the csr file 2016-03-19 14:07:58 -07:00
Girish Ramakrishnan
017c32c3dd fix certificate renewal 
Do the whole acme flow for certificate renewal. the idea here is
simply reuse the key and the csr. In this case, it does not count
as a new certificate issuance.

https://github.com/diafygi/letsencrypt-nosudo/issues/55
 2016-03-19 02:44:05 -07:00
girish@cloudron.io
7f2b3eb835 acme: disable renewal via url fetch for now 
this does not seem to work.

From cf85854177:

// RenewCertificate attempts to renew an existing certificate.
// Let's Encrypt may return the same certificate. You should load your
// current x509.Certificate and use the Equal method to compare to the "new"
// certificate. If it's identical, you'll need to run NewCertificate and/or
// start a new certificate flow.
 2016-03-14 22:22:57 -07:00
Girish Ramakrishnan
b942033512 acme: debug output the domain 2016-03-14 16:21:03 -07:00
girish@cloudron.io
4e94c8ea56 updateContact gets 202 and not 200 2016-01-13 16:46:01 -08:00
girish@cloudron.io
26c9bcbc28 fix this and that 2016-01-13 15:00:33 -08:00
girish@cloudron.io
cd35ab5932 acme: update contact information before getting a cert 
part of #544

there were two approaches considered:
1. pipe through owner email from appstore. this requires to save this
   value in settingsdb and we need to remember this in case user changes
   the email. another issue is that selfhost installer tooling needs to
   require this new value.

2. simply update owner email each time. this is the chosen approach.
 2016-01-13 14:06:31 -08:00
girish@cloudron.io
5eb3c208f1 allow email to be configured 2016-01-13 12:15:27 -08:00
Girish Ramakrishnan
190c2b2756 firefox is unhappy with incorrect chain 2015-12-17 19:42:49 -08:00
Girish Ramakrishnan
7c975384cd better error messages 2015-12-17 19:35:52 -08:00
Girish Ramakrishnan
fe042891a3 Add acme.getCertificate 2015-12-17 13:31:28 -08:00
Girish Ramakrishnan
a9b594373d do not pass accountKeyPem everywhere 2015-12-17 13:27:10 -08:00
Girish Ramakrishnan
5edc3cde2a set prod option based on provider 2015-12-17 13:17:46 -08:00
Girish Ramakrishnan
a636731764 allow configuring prod/staging of LE url 2015-12-17 13:12:54 -08:00
Girish Ramakrishnan
b4433af9b5 remove unused require 2015-12-17 12:55:47 -08:00
Girish Ramakrishnan
1ae2e07883 leave note on 429 error code 2015-12-15 14:25:23 -08:00
Girish Ramakrishnan
9f524da642 use admin@cloudron.io for email 
registrations are failing because the LE server is doing a MX check.
we don't have a proper email to provide here since the box is not
activated yet. we should "update" the email at some point with
the owner information.
 2015-12-15 10:39:03 -08:00
Girish Ramakrishnan
b5b67f2e6a define CA_ORIGIN 2015-12-15 00:49:00 -08:00
Girish Ramakrishnan
fe723f5a53 remove trailing slash in url 2015-12-15 00:42:18 -08:00
Girish Ramakrishnan
409096cbff Use production LE 2015-12-14 17:31:41 -08:00
Girish Ramakrishnan
89bff16053 fix crash 2015-12-14 14:08:45 -08:00
Girish Ramakrishnan
f51b61e407 do not dump the csr 2015-12-14 13:41:30 -08:00
Girish Ramakrishnan
a409dd026d use url file to download cert if present 2015-12-14 12:22:57 -08:00
Girish Ramakrishnan
4731f8e5a7 move key creation into the acme flow 2015-12-14 12:21:41 -08:00
Girish Ramakrishnan
7e05259b0e save url for renewal in .url files 2015-12-14 12:17:57 -08:00
Girish Ramakrishnan
14ab85dc4f do not pass outdir 2015-12-14 11:42:59 -08:00
Girish Ramakrishnan
0651bfc4b8 provide cert and key file in callback 2015-12-14 09:29:48 -08:00
Girish Ramakrishnan
d9a83eacd2 explicitly prune out second argument 2015-12-13 20:35:23 -08:00
Girish Ramakrishnan
7b40674c0d add a backend for caas 2015-12-13 19:09:57 -08:00
Girish Ramakrishnan
936c1989f1 refactor code a bit for renewal 2015-12-13 12:26:31 -08:00
Girish Ramakrishnan
d8a1e4aab0 more debug messages 2015-12-12 20:39:24 -08:00
Girish Ramakrishnan
be4d2afff3 fix path to cert 2015-12-12 20:30:50 -08:00
Girish Ramakrishnan
8b7833e8b1 fix debug namespacing 2015-12-11 21:49:24 -08:00
Girish Ramakrishnan
66441f133d fix typo 2015-12-11 20:09:16 -08:00
Girish Ramakrishnan
3c4adb1aed fix config path 2015-12-10 13:36:44 -08:00