mirror of
https://github.com/go-acme/lego.git
synced 2024-12-21 23:06:56 +02:00
chore: fix grammar and typo (#1978)
Co-authored-by: Dominik Menke <git@dmke.org>
This commit is contained in:
parent
f582d12f65
commit
3cefc7a51b
12
CHANGELOG.md
12
CHANGELOG.md
@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
|
||||
- **[dnsprovider]** azure: Allow for the use of MSI
|
||||
- **[dnsprovider]** constellix: improve challenge.
|
||||
- **[dnsprovider]** godaddy: allow parallel solve.
|
||||
- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created
|
||||
- **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created
|
||||
- **[dnsprovider]** transip: updated the client to v6
|
||||
|
||||
### Fixed:
|
||||
@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
|
||||
|
||||
## [v3.0.1] - 2019-08-14
|
||||
|
||||
There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
||||
There was a problem when creating the tag v3.0.1, this tag has been invalidated.
|
||||
|
||||
## [v3.0.0] - 2019-08-05
|
||||
|
||||
@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
||||
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
|
||||
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
|
||||
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
|
||||
- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
|
||||
- CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together.
|
||||
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
|
||||
- lib: Added a memcached provider for the HTTP challenge.
|
||||
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
|
||||
@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
||||
- lib: The library will now skip challenge solving if a valid Authz already exists.
|
||||
|
||||
### Removed:
|
||||
- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
|
||||
- lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder.
|
||||
|
||||
### Fixed:
|
||||
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
|
||||
- lib: Loading an account from file should fail if a integral part is nil
|
||||
- lib: Loading an account from file should fail if an integral part is nil
|
||||
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
|
||||
- lib: If a registration encounteres a conflict, the old registration is now recovered.
|
||||
- CLI: The account.json file no longer has the executable flag set.
|
||||
@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
||||
|
||||
### Changed:
|
||||
- lib: NewClient does no longer accept the optPort parameter
|
||||
- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain.
|
||||
- lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain.
|
||||
- lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
|
||||
- lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
|
||||
- lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.
|
||||
|
@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel
|
||||
|
||||
- Use the issue search to see if the issue has already been reported.
|
||||
- Also look for closed issues to see if your issue has already been fixed.
|
||||
- If both of the above do not apply create a new issue and include as much information as possible.
|
||||
- If both of the above do not apply, create a new issue and include as much information as possible.
|
||||
|
||||
Bug reports should include all information a person could need to reproduce your problem without the need to
|
||||
follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.
|
||||
|
@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) {
|
||||
return GetFromResponse(resp)
|
||||
}
|
||||
|
||||
// GetFromResponse Extracts a nonce from a HTTP response.
|
||||
// GetFromResponse Extracts a nonce from an HTTP response.
|
||||
func GetFromResponse(resp *http.Response) (string, error) {
|
||||
if resp == nil {
|
||||
return "", errors.New("nil response")
|
||||
|
@ -71,12 +71,12 @@ type Meta struct {
|
||||
|
||||
// externalAccountRequired (optional, boolean):
|
||||
// If this field is present and set to "true",
|
||||
// then the CA requires that all new- account requests include an "externalAccountBinding" field
|
||||
// then the CA requires that all new-account requests include an "externalAccountBinding" field
|
||||
// associating the new account with an external account.
|
||||
ExternalAccountRequired bool `json:"externalAccountRequired"`
|
||||
}
|
||||
|
||||
// ExtendedAccount a extended Account.
|
||||
// ExtendedAccount an extended Account.
|
||||
type ExtendedAccount struct {
|
||||
Account
|
||||
// Contains the value of the response header `Location`
|
||||
@ -91,7 +91,7 @@ type Account struct {
|
||||
// The status of this account.
|
||||
// Possible values are: "valid", "deactivated", and "revoked".
|
||||
// The value "deactivated" should be used to indicate client-initiated deactivation
|
||||
// whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6)
|
||||
// whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6)
|
||||
Status string `json:"status,omitempty"`
|
||||
|
||||
// contact (optional, array of string):
|
||||
@ -321,7 +321,7 @@ type RenewalInfoResponse struct {
|
||||
// SuggestedWindow contains two fields, start and end,
|
||||
// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
|
||||
SuggestedWindow Window `json:"suggestedWindow"`
|
||||
// ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is.
|
||||
// ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is.
|
||||
// For example, it may be a page explaining the CA's dynamic load-balancing strategy,
|
||||
// or a page documenting which certificates are affected by a mass revocation event.
|
||||
// Callers SHOULD provide this URL to their operator, if present.
|
||||
|
@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
|
||||
// ParsePEMPrivateKey parses a private key from key, which is a PEM block.
|
||||
// Borrowed from Go standard library, to handle various private key and PEM block types.
|
||||
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
|
||||
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238)
|
||||
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
|
||||
func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
||||
keyBlockDER, _ := pem.Decode(key)
|
||||
if keyBlockDER == nil {
|
||||
|
@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
|
||||
}
|
||||
|
||||
if respOrder.Status == acme.StatusValid {
|
||||
// if the certificate is available right away, short cut!
|
||||
// if the certificate is available right away, shortcut!
|
||||
ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
|
||||
if errR != nil {
|
||||
return nil, errR
|
||||
|
@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {
|
||||
|
||||
if in != nil && in.Truncated {
|
||||
tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
|
||||
// If the TCP request succeeds, the err will reset to nil
|
||||
// If the TCP request succeeds, the "err" will reset to nil
|
||||
in, _, err = tcp.Exchange(m, ns)
|
||||
}
|
||||
|
||||
|
@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) {
|
||||
|
||||
ok, err := check.checkDNSPropagation(test.fqdn, test.value)
|
||||
if test.expectError {
|
||||
assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn)
|
||||
assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn)
|
||||
assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn)
|
||||
assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn)
|
||||
} else {
|
||||
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
|
||||
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)
|
||||
|
@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
|
||||
}
|
||||
|
||||
func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
|
||||
// For all valid preSolvers, first submit the challenges so they have max time to propagate
|
||||
// For all valid preSolvers, first submit the challenges, so they have max time to propagate
|
||||
for _, authSolver := range authSolvers {
|
||||
authz := authSolver.authz
|
||||
if solvr, ok := authSolver.solver.(preSolver); ok {
|
||||
|
@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string {
|
||||
return net.JoinHostPort(s.iface, s.port)
|
||||
}
|
||||
|
||||
// Present generates a certificate with a SHA-256 digest of the keyAuth provided
|
||||
// Present generates a certificate with an SHA-256 digest of the keyAuth provided
|
||||
// as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
|
||||
func (s *ProviderServer) Present(domain, token, keyAuth string) error {
|
||||
if s.port == "" {
|
||||
|
@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error {
|
||||
|
||||
ew.writeln(`Credentials:`)
|
||||
ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`)
|
||||
ew.writeln(` - "SOFTLAYER_USERNAME": User name (IBM Cloud is <accountID>_<emailAddress>)`)
|
||||
ew.writeln(` - "SOFTLAYER_USERNAME": Username (IBM Cloud is <accountID>_<emailAddress>)`)
|
||||
ew.writeln()
|
||||
|
||||
ew.writeln(`Additional Configuration:`)
|
||||
@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error {
|
||||
|
||||
ew.writeln(`Credentials:`)
|
||||
ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`)
|
||||
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`)
|
||||
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`)
|
||||
ew.writeln()
|
||||
|
||||
ew.writeln(`Additional Configuration:`)
|
||||
|
@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`:
|
||||
$ lego --email "you@example.com" --domains="example.com" --dns "manual" run
|
||||
```
|
||||
|
||||
What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions:
|
||||
What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
|
||||
|
||||
```txt
|
||||
No key found for account you@example.com. Generating a P256 key.
|
||||
|
@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare.
|
||||
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
||||
|
||||
The main resources Lego cares for are the DNS entries for your Zones.
|
||||
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||
It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||
|
||||
Hence, you should create an API token with the following permissions:
|
||||
|
||||
|
@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
||||
|
||||
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
||||
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
|
||||
DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
|
||||
|
||||
To authenticate you need to provide a valid API token.
|
||||
HTTP Basic Authentication is intentionally not supported.
|
||||
@ -69,7 +69,7 @@ HTTP Basic Authentication is intentionally not supported.
|
||||
### API tokens
|
||||
|
||||
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
||||
Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
|
||||
Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
|
||||
|
||||
|
||||
|
||||
|
@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
||||
Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
|
||||
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
||||
- `AKAMAI_{SECTION}_HOST`
|
||||
|
@ -64,7 +64,7 @@ The server must provide:
|
||||
- `POST` `/present`
|
||||
- `POST` `/cleanup`
|
||||
|
||||
The URL of the server must be define by `HTTPREQ_ENDPOINT`.
|
||||
The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
|
||||
|
||||
### Mode
|
||||
|
||||
|
@ -39,7 +39,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
|
||||
| Environment Variable Name | Description |
|
||||
|-----------------------|-------------|
|
||||
| `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
|
||||
| `SOFTLAYER_USERNAME` | User name (IBM Cloud is <accountID>_<emailAddress>) |
|
||||
| `SOFTLAYER_USERNAME` | Username (IBM Cloud is <accountID>_<emailAddress>) |
|
||||
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords
|
||||
|
||||
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
||||
|
||||
> 1. please login at Joker.com, visit 'My Domains',
|
||||
> 1. please log in at Joker.com, visit 'My Domains',
|
||||
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
||||
>
|
||||
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
||||
|
@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
||||
## Description
|
||||
|
||||
You can login using your account name + username or using your email address.
|
||||
You can log in using your account name + username or using your email address.
|
||||
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
||||
|
||||
|
||||
|
@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
||||
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
||||
|
||||
When requesting the consumer key, the following configuration can be use to define access rights:
|
||||
When requesting the consumer key, the following configuration can be used to define access rights:
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
## Description
|
||||
|
||||
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
||||
This are special tokens with limited access for ACME requests only.
|
||||
These are special tokens with limited access for ACME requests only.
|
||||
|
||||
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
||||
|
||||
|
@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th
|
||||
|
||||
### Least privilege policy for production purposes
|
||||
|
||||
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
|
||||
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
|
||||
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
||||
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
||||
|
||||
|
@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
|
||||
|
||||
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
||||
|
||||
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
|
||||
Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
|
||||
|
||||
|
||||
|
||||
|
@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
||||
## Credential inforamtion
|
||||
## Credential information
|
||||
|
||||
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
||||
|
||||
|
@ -52,7 +52,7 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains
|
||||
| Environment Variable Name | Description |
|
||||
|-----------------------|-------------|
|
||||
| `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
|
||||
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions |
|
||||
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions |
|
||||
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||
|
@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
|
||||
and you need to pick the one where your domain's DNS settings are set up.
|
||||
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
||||
|
||||
For this example, let's assume you have setup CloudFlare for your domain.
|
||||
For this example, let's assume you have set up CloudFlare for your domain.
|
||||
|
||||
Execute this command:
|
||||
|
||||
|
@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options:
|
||||
|
||||
## Port Usage
|
||||
|
||||
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
||||
By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
||||
If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
|
||||
lego to listen on that interface:port for any incoming challenges.
|
||||
|
||||
If you are using this option, make sure you proxy all of the following traffic to these ports.
|
||||
If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports.
|
||||
|
||||
**HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].
|
||||
|
||||
@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the
|
||||
There are also situations, where this verification step doesn't work as expected:
|
||||
|
||||
- A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
|
||||
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet.
|
||||
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet.
|
||||
|
||||
The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.
|
||||
|
||||
|
@ -36,7 +36,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
|
||||
and you need to pick the one where your domain's DNS settings are set up.
|
||||
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
||||
|
||||
For this example, let's assume you have setup CloudFlare for your domain.
|
||||
For this example, let's assume you have set up CloudFlare for your domain.
|
||||
|
||||
Execute this command:
|
||||
|
||||
@ -107,4 +107,4 @@ RandomizedDelaySec=1h
|
||||
WantedBy=timers.target
|
||||
```
|
||||
|
||||
[^loadspikes]: See [Github issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.
|
||||
[^loadspikes]: See [GitHub issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.
|
||||
|
@ -4,7 +4,7 @@ date: 2019-03-03T16:39:46+01:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
Lego can be use as a Go Library.
|
||||
Lego can be used as a Go Library.
|
||||
|
||||
<!--more-->
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
# certs/
|
||||
|
||||
This directory contains a CA certificate (`pebble.minica.pem`) and a private key
|
||||
(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See
|
||||
(`pebble.minica.key.pem`) that are used to issue an end-entity certificate (See
|
||||
`certs/localhost`) for the Pebble HTTPS server.
|
||||
|
||||
To get your **testing code** to use Pebble without HTTPS errors you should
|
||||
@ -14,12 +14,11 @@ code!!! The CA's private key is **public** and anyone can use it to issue
|
||||
certificates that will be trusted by a system with the Pebble CA in the trust
|
||||
store.
|
||||
|
||||
To re-create all of the Pebble certificates run:
|
||||
To re-create all certificates used by Pebble, run:
|
||||
|
||||
minica -ca-cert pebble.minica.pem \
|
||||
-ca-key pebble.minica.key.pem \
|
||||
-domains localhost,pebble \
|
||||
-ip-addresses 127.0.0.1
|
||||
|
||||
From the `test/certs/` directory after [installing
|
||||
MiniCA](https://github.com/jsha/minica#installation)
|
||||
From the `test/certs/` directory after [installing MiniCA](https://github.com/jsha/minica#installation)
|
||||
|
@ -29,7 +29,7 @@ const (
|
||||
|
||||
// caServerNameEnvVar is the environment variable name that can be used to
|
||||
// specify the CA server name that can be used to
|
||||
// authenticate an ACME server with a HTTPS certificate not issued by a CA in
|
||||
// authenticate an ACME server with an HTTPS certificate not issued by a CA in
|
||||
// the system-wide trusted root list.
|
||||
caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
|
||||
|
||||
|
10
platform/config/env/env.go
vendored
10
platform/config/env/env.go
vendored
@ -95,7 +95,7 @@ func getOneWithFallback(main string, names ...string) (string, string) {
|
||||
}
|
||||
|
||||
// GetOrDefaultInt returns the given environment variable value as an integer.
|
||||
// Returns the default if the envvar cannot be coopered to an int, or is not found.
|
||||
// Returns the default if the env var cannot be coopered to an int, or is not found.
|
||||
func GetOrDefaultInt(envVar string, defaultValue int) int {
|
||||
v, err := strconv.Atoi(GetOrFile(envVar))
|
||||
if err != nil {
|
||||
@ -105,8 +105,8 @@ func GetOrDefaultInt(envVar string, defaultValue int) int {
|
||||
return v
|
||||
}
|
||||
|
||||
// GetOrDefaultSecond returns the given environment variable value as an time.Duration (second).
|
||||
// Returns the default if the envvar cannot be coopered to an int, or is not found.
|
||||
// GetOrDefaultSecond returns the given environment variable value as a time.Duration (second).
|
||||
// Returns the default if the env var cannot be coopered to an int, or is not found.
|
||||
func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration {
|
||||
v := GetOrDefaultInt(envVar, -1)
|
||||
if v < 0 {
|
||||
@ -117,7 +117,7 @@ func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration
|
||||
}
|
||||
|
||||
// GetOrDefaultString returns the given environment variable value as a string.
|
||||
// Returns the default if the envvar cannot be find.
|
||||
// Returns the default if the env var cannot be found.
|
||||
func GetOrDefaultString(envVar, defaultValue string) string {
|
||||
v := GetOrFile(envVar)
|
||||
if v == "" {
|
||||
@ -128,7 +128,7 @@ func GetOrDefaultString(envVar, defaultValue string) string {
|
||||
}
|
||||
|
||||
// GetOrDefaultBool returns the given environment variable value as a boolean.
|
||||
// Returns the default if the envvar cannot be coopered to a boolean, or is not found.
|
||||
// Returns the default if the env var cannot be coopered to a boolean, or is not found.
|
||||
func GetOrDefaultBool(envVar string, defaultValue bool) bool {
|
||||
v, err := strconv.ParseBool(GetOrFile(envVar))
|
||||
if err != nil {
|
||||
|
@ -48,7 +48,7 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest {
|
||||
|
||||
for _, key := range keys {
|
||||
if e.domainKey != key && !e.isManagedKey(key) {
|
||||
panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key))
|
||||
panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed, or it's not the key of the domain.", key))
|
||||
}
|
||||
|
||||
if e.domainKey == key {
|
||||
|
@ -204,7 +204,7 @@ func getAuthorizer(config *Config) (autorest.Authorizer, error) {
|
||||
return auth.NewAuthorizerFromEnvironment()
|
||||
}
|
||||
|
||||
// Fetches metadata from environment or he instance metadata service.
|
||||
// Fetches metadata from environment or the instance metadata service.
|
||||
// borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go
|
||||
func getMetadata(config *Config, field string) (string, error) {
|
||||
metadataEndpoint := config.MetadataEndpoint
|
||||
|
@ -200,7 +200,7 @@ func (c *Client) LookupViewID(ctx context.Context, configName, viewName string)
|
||||
return view.ID, nil
|
||||
}
|
||||
|
||||
// LookupParentZoneID Return the entityId of the parent zone by recursing from the root view.
|
||||
// LookupParentZoneID returns the entityId of the parent zone by iterating through the root labels.
|
||||
// Also return the simple name of the host.
|
||||
func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) {
|
||||
if fqdn == "" {
|
||||
|
@ -63,7 +63,7 @@ type DNSProvider struct {
|
||||
// For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN.
|
||||
//
|
||||
// The email and API key should be avoided, if possible.
|
||||
// Instead setup a API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
|
||||
// Instead, set up an API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
|
||||
// You can split the Zone:Read and DNS:Edit permissions across multiple API tokens:
|
||||
// in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly.
|
||||
func NewDNSProvider() (*DNSProvider, error) {
|
||||
|
@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare.
|
||||
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
||||
|
||||
The main resources Lego cares for are the DNS entries for your Zones.
|
||||
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||
It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||
|
||||
Hence, you should create an API token with the following permissions:
|
||||
|
||||
|
@ -105,7 +105,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
||||
|
||||
tokens, err := identifier.GetToken(context.TODO(), auth)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("conoha: failed to login: %w", err)
|
||||
return nil, fmt.Errorf("conoha: failed to log in: %w", err)
|
||||
}
|
||||
|
||||
client, err := internal.NewClient(config.Region, tokens.Access.Token.ID)
|
||||
|
@ -29,7 +29,7 @@ func TestNewDNSProvider(t *testing.T) {
|
||||
EnvAPIUsername: "api_username",
|
||||
EnvAPIPassword: "api_password",
|
||||
},
|
||||
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||
expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||
},
|
||||
{
|
||||
desc: "missing credentials",
|
||||
@ -99,7 +99,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
|
||||
}{
|
||||
{
|
||||
desc: "complete credentials, but login failed",
|
||||
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||
expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||
tenant: "tenant_id",
|
||||
username: "api_username",
|
||||
password: "api_password",
|
||||
|
@ -23,7 +23,7 @@ type TokenTransport struct {
|
||||
Transport http.RoundTripper
|
||||
}
|
||||
|
||||
// NewTokenTransport Creates a HTTP transport for API authentication.
|
||||
// NewTokenTransport Creates an HTTP transport for API authentication.
|
||||
func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
|
||||
if apiKey == "" {
|
||||
return nil, errors.New("credentials missing: API key")
|
||||
|
@ -16,7 +16,7 @@ Additional = '''
|
||||
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
||||
|
||||
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
||||
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
|
||||
DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
|
||||
|
||||
To authenticate you need to provide a valid API token.
|
||||
HTTP Basic Authentication is intentionally not supported.
|
||||
@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported.
|
||||
### API tokens
|
||||
|
||||
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
||||
Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
|
||||
Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
|
||||
'''
|
||||
|
||||
[Configuration]
|
||||
|
@ -17,7 +17,7 @@ import (
|
||||
const defaultBaseURL string = "https://api.domeneshop.no/v0"
|
||||
|
||||
// Client implements a very simple wrapper around the Domeneshop API.
|
||||
// For now it will only deal with adding and removing TXT records, as required by ACME providers.
|
||||
// For now, it will only deal with adding and removing TXT records, as required by ACME providers.
|
||||
// https://api.domeneshop.no/docs/
|
||||
type Client struct {
|
||||
apiToken string
|
||||
|
@ -16,7 +16,7 @@ type TokenTransport struct {
|
||||
Transport http.RoundTripper
|
||||
}
|
||||
|
||||
// NewTokenTransport Creates a HTTP transport for API authentication.
|
||||
// NewTokenTransport Creates an HTTP transport for API authentication.
|
||||
func NewTokenTransport(apiKey string) (*TokenTransport, error) {
|
||||
if apiKey == "" {
|
||||
return nil, errors.New("credentials missing: API key")
|
||||
|
@ -110,7 +110,7 @@ func (c Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostnam
|
||||
return &apiResp, nil
|
||||
}
|
||||
|
||||
// doRetry the API is really unstable so we need to retry on EOF.
|
||||
// doRetry the API is really unstable, so we need to retry on EOF.
|
||||
func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error {
|
||||
operation := func() error {
|
||||
return c.do(ctx, method, uri, body, result)
|
||||
|
@ -62,7 +62,7 @@ type DNSProvider struct {
|
||||
}
|
||||
|
||||
// NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS:
|
||||
// Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
// Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
//
|
||||
// 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
|
||||
// 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`
|
||||
|
@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run
|
||||
'''
|
||||
|
||||
Additional = '''
|
||||
Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||
|
||||
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
||||
- `AKAMAI_{SECTION}_HOST`
|
||||
|
@ -14,11 +14,7 @@ import (
|
||||
"github.com/go-acme/lego/v4/providers/dns/glesys/internal"
|
||||
)
|
||||
|
||||
const (
|
||||
// defaultBaseURL is the GleSYS API endpoint used by Present and CleanUp.
|
||||
defaultBaseURL = "https://api.glesys.com/domain"
|
||||
minTTL = 60
|
||||
)
|
||||
const minTTL = 60
|
||||
|
||||
// Environment variables names.
|
||||
const (
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Package httpreq implements a DNS provider for solving the DNS-01 challenge through a HTTP server.
|
||||
// Package httpreq implements a DNS provider for solving the DNS-01 challenge through an HTTP server.
|
||||
package httpreq
|
||||
|
||||
import (
|
||||
|
@ -17,7 +17,7 @@ The server must provide:
|
||||
- `POST` `/present`
|
||||
- `POST` `/cleanup`
|
||||
|
||||
The URL of the server must be define by `HTTPREQ_ENDPOINT`.
|
||||
The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
|
||||
|
||||
### Mode
|
||||
|
||||
|
@ -113,7 +113,7 @@ func evaluateBody(body string, hostname string) error {
|
||||
case codeAbuse:
|
||||
return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname)
|
||||
case codeBadAgent:
|
||||
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body)
|
||||
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on GitHub", body)
|
||||
case codeBadAuth:
|
||||
return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
|
||||
case codeInterval:
|
||||
|
@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
|
||||
|
||||
[Configuration]
|
||||
[Configuration.Credentials]
|
||||
SOFTLAYER_USERNAME = "User name (IBM Cloud is <accountID>_<emailAddress>)"
|
||||
SOFTLAYER_USERNAME = "Username (IBM Cloud is <accountID>_<emailAddress>)"
|
||||
SOFTLAYER_API_KEY = "Classic Infrastructure API key"
|
||||
[Configuration.Additional]
|
||||
SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||
|
@ -55,7 +55,7 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai
|
||||
statusCode, err := c.do(req, domain)
|
||||
if err != nil {
|
||||
if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
|
||||
// Look up for the next sub domain
|
||||
// Look up for the next subdomain
|
||||
subIndex := strings.Index(domainName, ".")
|
||||
return c.GetDomainByName(ctx, domainName[subIndex+1:])
|
||||
}
|
||||
|
@ -108,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
defer func() {
|
||||
errL := d.client.Account.Logout()
|
||||
if errL != nil {
|
||||
log.Infof("inwx: failed to logout: %v", errL)
|
||||
log.Infof("inwx: failed to log out: %v", errL)
|
||||
}
|
||||
}()
|
||||
|
||||
@ -158,7 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
defer func() {
|
||||
errL := d.client.Account.Logout()
|
||||
if errL != nil {
|
||||
log.Infof("inwx: failed to logout: %v", errL)
|
||||
log.Infof("inwx: failed to log out: %v", errL)
|
||||
}
|
||||
}()
|
||||
|
||||
@ -199,7 +199,7 @@ func (d *DNSProvider) twoFactorAuth(info *goinwx.LoginResponse) error {
|
||||
}
|
||||
|
||||
if d.config.SharedSecret == "" {
|
||||
return errors.New("two factor authentication but no shared secret is given")
|
||||
return errors.New("two-factor authentication but no shared secret is given")
|
||||
}
|
||||
|
||||
tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now())
|
||||
|
@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords
|
||||
|
||||
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
||||
|
||||
> 1. please login at Joker.com, visit 'My Domains',
|
||||
> 1. please log in at Joker.com, visit 'My Domains',
|
||||
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
||||
>
|
||||
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
||||
|
@ -192,7 +192,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
|
||||
err = d.client.RemoveSubdomain(ctx, authZone, subDomain)
|
||||
if err != nil {
|
||||
return fmt.Errorf("loopia: failed to remove sub-domain: %w", err)
|
||||
return fmt.Errorf("loopia: failed to remove subdomain: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -149,10 +149,10 @@ func TestDNSProvider_Cleanup(t *testing.T) {
|
||||
callGetTXTRecords: true,
|
||||
callRemoveSubdomain: true,
|
||||
|
||||
expectedError: `loopia: failed to remove sub-domain: unknown error: "UNKNOWN_ERROR"`,
|
||||
expectedError: `loopia: failed to remove subdomain: unknown error: "UNKNOWN_ERROR"`,
|
||||
},
|
||||
{
|
||||
desc: "Dont call removeSubdomain when records",
|
||||
desc: "Don't call removeSubdomain when records",
|
||||
|
||||
getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}},
|
||||
callAddTXTRecord: true,
|
||||
|
@ -18,17 +18,16 @@ import (
|
||||
)
|
||||
|
||||
// Notes about namecheap's tool API:
|
||||
// 1. Using the API requires registration. Once registered, use your account
|
||||
// name and API key to access the API.
|
||||
// 2. There is no API to add or modify a single DNS record. Instead you must
|
||||
// read the entire list of records, make modifications, and then write the
|
||||
// entire updated list of records. (Yuck.)
|
||||
// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take
|
||||
// as long as an hour.
|
||||
// 4. Namecheap requires you to whitelist the IP address from which you call
|
||||
// its APIs. It also requires all API calls to include the whitelisted IP
|
||||
// address as a form or query string value. This code uses a namecheap
|
||||
// service to query the client's IP address.
|
||||
// 1. Using the API requires registration.
|
||||
// Once registered, use your account name and API key to access the API.
|
||||
// 2. There is no API to add or modify a single DNS record.
|
||||
// Instead, you must read the entire list of records, make modifications,
|
||||
// and then write the entire updated list of records. (Yuck.)
|
||||
// 3. Namecheap's DNS updates can be slow to propagate.
|
||||
// I've seen them take as long as an hour.
|
||||
// 4. Namecheap requires you to whitelist the IP address from which you call its APIs.
|
||||
// It also requires all API calls to include the whitelisted IP address as a form or query string value.
|
||||
// This code uses a namecheap service to query the client's IP address.
|
||||
|
||||
// Environment variables names.
|
||||
const (
|
||||
|
@ -201,5 +201,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
}
|
||||
}
|
||||
|
||||
return fmt.Errorf("nicmanager: no record found to cleanup")
|
||||
return fmt.Errorf("nicmanager: no record found to clean up")
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run
|
||||
Additional = '''
|
||||
## Description
|
||||
|
||||
You can login using your account name + username or using your email address.
|
||||
You can log in using your account name + username or using your email address.
|
||||
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
||||
'''
|
||||
|
||||
|
@ -161,7 +161,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
}
|
||||
|
||||
if *domainRecords.OpcTotalItems == 0 {
|
||||
return errors.New("oraclecloud: no record to CleanUp")
|
||||
return errors.New("oraclecloud: no record to clean up")
|
||||
}
|
||||
|
||||
var deleteHash *string
|
||||
@ -173,7 +173,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
}
|
||||
|
||||
if deleteHash == nil {
|
||||
return errors.New("oraclecloud: no record to CleanUp")
|
||||
return errors.New("oraclecloud: no record to clean up")
|
||||
}
|
||||
|
||||
recordOperation := dns.RecordOperation{
|
||||
|
@ -17,7 +17,7 @@ Additional = '''
|
||||
|
||||
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
||||
|
||||
When requesting the consumer key, the following configuration can be use to define access rights:
|
||||
When requesting the consumer key, the following configuration can be used to define access rights:
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -13,7 +13,7 @@ Additional = '''
|
||||
## Description
|
||||
|
||||
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
||||
This are special tokens with limited access for ACME requests only.
|
||||
These are special tokens with limited access for ACME requests only.
|
||||
|
||||
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
||||
|
||||
|
@ -85,7 +85,7 @@ func TestServerError(t *testing.T) {
|
||||
err = provider.Present(fakeDomain, "", fakeKeyAuth)
|
||||
require.Error(t, err)
|
||||
if !strings.Contains(err.Error(), "NOTZONE") {
|
||||
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string but it did not: %v", err)
|
||||
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -95,7 +95,7 @@ func NewDNSProvider() (*DNSProvider, error) {
|
||||
return NewDNSProviderConfig(NewDefaultConfig())
|
||||
}
|
||||
|
||||
// NewDNSProviderConfig takes a given config ans returns a custom configured DNSProvider instance.
|
||||
// NewDNSProviderConfig takes a given config and returns a custom configured DNSProvider instance.
|
||||
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
||||
if config == nil {
|
||||
return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil")
|
||||
|
@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th
|
||||
|
||||
### Least privilege policy for production purposes
|
||||
|
||||
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
|
||||
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
|
||||
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
||||
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
||||
|
||||
|
@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
|
||||
|
||||
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
||||
|
||||
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
|
||||
Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
|
||||
'''
|
||||
|
||||
[Configuration]
|
||||
|
@ -81,7 +81,7 @@ func TestNewDNSProvider(t *testing.T) {
|
||||
}
|
||||
|
||||
// The error message for a file not existing is different on Windows and Linux.
|
||||
// Therefore we test if the error type is the same.
|
||||
// Therefore, we test if the error type is the same.
|
||||
t.Run("could not open private key path", func(t *testing.T) {
|
||||
defer envTest.RestoreEnv()
|
||||
envTest.ClearEnv()
|
||||
@ -144,7 +144,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
|
||||
}
|
||||
|
||||
// The error message for a file not existing is different on Windows and Linux.
|
||||
// Therefore we test if the error type is the same.
|
||||
// Therefore, we test if the error type is the same.
|
||||
t.Run("could not open private key path", func(t *testing.T) {
|
||||
config := NewDefaultConfig()
|
||||
config.AccountName = "johndoe"
|
||||
|
@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*.
|
||||
'''
|
||||
|
||||
Additional = '''
|
||||
## Credential inforamtion
|
||||
## Credential information
|
||||
|
||||
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
||||
|
||||
|
@ -38,7 +38,7 @@ func czechHour() int {
|
||||
|
||||
func utcToCet(utc time.Time) time.Time {
|
||||
// https://en.wikipedia.org/wiki/Central_European_Time
|
||||
// As of 2011, all member states of the European Union observe summer time (daylight saving time),
|
||||
// As of 2011, all member states of the European Union observe Summer Time (daylight saving time),
|
||||
// from the last Sunday in March to the last Sunday in October.
|
||||
// States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1]
|
||||
utcMonth := utc.Month()
|
||||
|
@ -37,7 +37,7 @@ cat key.json | base64
|
||||
|
||||
[Configuration]
|
||||
[Configuration.Credentials]
|
||||
YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions"
|
||||
YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions"
|
||||
YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
|
||||
[Configuration.Additional]
|
||||
YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||
|
@ -1,5 +1,4 @@
|
||||
// Package memcached implements a HTTP provider for solving the HTTP-01 challenge using memcached
|
||||
// in combination with a webserver.
|
||||
// Package memcached implements an HTTP provider for solving the HTTP-01 challenge using memcached in combination with a webserver.
|
||||
package memcached
|
||||
|
||||
import (
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
||||
// Package s3 implements an HTTP provider for solving the HTTP-01 challenge using AWS S3.
|
||||
package s3
|
||||
|
||||
import (
|
||||
|
@ -1,5 +1,3 @@
|
||||
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge
|
||||
// using AWS S3 in combination with AWS CloudFront.
|
||||
package s3
|
||||
|
||||
import (
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Package webroot implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
||||
// Package webroot implements an HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
||||
package webroot
|
||||
|
||||
import (
|
||||
|
Loading…
Reference in New Issue
Block a user