mirror of
https://github.com/go-acme/lego.git
synced 2024-11-24 08:52:18 +02:00
chore: fix grammar and typo (#1978)
Co-authored-by: Dominik Menke <git@dmke.org>
This commit is contained in:
parent
f582d12f65
commit
3cefc7a51b
12
CHANGELOG.md
12
CHANGELOG.md
@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
|
|||||||
- **[dnsprovider]** azure: Allow for the use of MSI
|
- **[dnsprovider]** azure: Allow for the use of MSI
|
||||||
- **[dnsprovider]** constellix: improve challenge.
|
- **[dnsprovider]** constellix: improve challenge.
|
||||||
- **[dnsprovider]** godaddy: allow parallel solve.
|
- **[dnsprovider]** godaddy: allow parallel solve.
|
||||||
- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created
|
- **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created
|
||||||
- **[dnsprovider]** transip: updated the client to v6
|
- **[dnsprovider]** transip: updated the client to v6
|
||||||
|
|
||||||
### Fixed:
|
### Fixed:
|
||||||
@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
|
|||||||
|
|
||||||
## [v3.0.1] - 2019-08-14
|
## [v3.0.1] - 2019-08-14
|
||||||
|
|
||||||
There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
There was a problem when creating the tag v3.0.1, this tag has been invalidated.
|
||||||
|
|
||||||
## [v3.0.0] - 2019-08-05
|
## [v3.0.0] - 2019-08-05
|
||||||
|
|
||||||
@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
|||||||
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
|
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
|
||||||
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
|
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
|
||||||
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
|
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
|
||||||
- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
|
- CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together.
|
||||||
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
|
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
|
||||||
- lib: Added a memcached provider for the HTTP challenge.
|
- lib: Added a memcached provider for the HTTP challenge.
|
||||||
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
|
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
|
||||||
@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
|||||||
- lib: The library will now skip challenge solving if a valid Authz already exists.
|
- lib: The library will now skip challenge solving if a valid Authz already exists.
|
||||||
|
|
||||||
### Removed:
|
### Removed:
|
||||||
- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
|
- lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder.
|
||||||
|
|
||||||
### Fixed:
|
### Fixed:
|
||||||
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
|
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
|
||||||
- lib: Loading an account from file should fail if a integral part is nil
|
- lib: Loading an account from file should fail if an integral part is nil
|
||||||
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
|
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
|
||||||
- lib: If a registration encounteres a conflict, the old registration is now recovered.
|
- lib: If a registration encounteres a conflict, the old registration is now recovered.
|
||||||
- CLI: The account.json file no longer has the executable flag set.
|
- CLI: The account.json file no longer has the executable flag set.
|
||||||
@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
|
|||||||
|
|
||||||
### Changed:
|
### Changed:
|
||||||
- lib: NewClient does no longer accept the optPort parameter
|
- lib: NewClient does no longer accept the optPort parameter
|
||||||
- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain.
|
- lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain.
|
||||||
- lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
|
- lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
|
||||||
- lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
|
- lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
|
||||||
- lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.
|
- lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.
|
||||||
|
@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel
|
|||||||
|
|
||||||
- Use the issue search to see if the issue has already been reported.
|
- Use the issue search to see if the issue has already been reported.
|
||||||
- Also look for closed issues to see if your issue has already been fixed.
|
- Also look for closed issues to see if your issue has already been fixed.
|
||||||
- If both of the above do not apply create a new issue and include as much information as possible.
|
- If both of the above do not apply, create a new issue and include as much information as possible.
|
||||||
|
|
||||||
Bug reports should include all information a person could need to reproduce your problem without the need to
|
Bug reports should include all information a person could need to reproduce your problem without the need to
|
||||||
follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.
|
follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.
|
||||||
|
@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) {
|
|||||||
return GetFromResponse(resp)
|
return GetFromResponse(resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetFromResponse Extracts a nonce from a HTTP response.
|
// GetFromResponse Extracts a nonce from an HTTP response.
|
||||||
func GetFromResponse(resp *http.Response) (string, error) {
|
func GetFromResponse(resp *http.Response) (string, error) {
|
||||||
if resp == nil {
|
if resp == nil {
|
||||||
return "", errors.New("nil response")
|
return "", errors.New("nil response")
|
||||||
|
@ -71,12 +71,12 @@ type Meta struct {
|
|||||||
|
|
||||||
// externalAccountRequired (optional, boolean):
|
// externalAccountRequired (optional, boolean):
|
||||||
// If this field is present and set to "true",
|
// If this field is present and set to "true",
|
||||||
// then the CA requires that all new- account requests include an "externalAccountBinding" field
|
// then the CA requires that all new-account requests include an "externalAccountBinding" field
|
||||||
// associating the new account with an external account.
|
// associating the new account with an external account.
|
||||||
ExternalAccountRequired bool `json:"externalAccountRequired"`
|
ExternalAccountRequired bool `json:"externalAccountRequired"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExtendedAccount a extended Account.
|
// ExtendedAccount an extended Account.
|
||||||
type ExtendedAccount struct {
|
type ExtendedAccount struct {
|
||||||
Account
|
Account
|
||||||
// Contains the value of the response header `Location`
|
// Contains the value of the response header `Location`
|
||||||
@ -91,7 +91,7 @@ type Account struct {
|
|||||||
// The status of this account.
|
// The status of this account.
|
||||||
// Possible values are: "valid", "deactivated", and "revoked".
|
// Possible values are: "valid", "deactivated", and "revoked".
|
||||||
// The value "deactivated" should be used to indicate client-initiated deactivation
|
// The value "deactivated" should be used to indicate client-initiated deactivation
|
||||||
// whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6)
|
// whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6)
|
||||||
Status string `json:"status,omitempty"`
|
Status string `json:"status,omitempty"`
|
||||||
|
|
||||||
// contact (optional, array of string):
|
// contact (optional, array of string):
|
||||||
@ -321,7 +321,7 @@ type RenewalInfoResponse struct {
|
|||||||
// SuggestedWindow contains two fields, start and end,
|
// SuggestedWindow contains two fields, start and end,
|
||||||
// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
|
// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
|
||||||
SuggestedWindow Window `json:"suggestedWindow"`
|
SuggestedWindow Window `json:"suggestedWindow"`
|
||||||
// ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is.
|
// ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is.
|
||||||
// For example, it may be a page explaining the CA's dynamic load-balancing strategy,
|
// For example, it may be a page explaining the CA's dynamic load-balancing strategy,
|
||||||
// or a page documenting which certificates are affected by a mass revocation event.
|
// or a page documenting which certificates are affected by a mass revocation event.
|
||||||
// Callers SHOULD provide this URL to their operator, if present.
|
// Callers SHOULD provide this URL to their operator, if present.
|
||||||
|
@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
|
|||||||
// ParsePEMPrivateKey parses a private key from key, which is a PEM block.
|
// ParsePEMPrivateKey parses a private key from key, which is a PEM block.
|
||||||
// Borrowed from Go standard library, to handle various private key and PEM block types.
|
// Borrowed from Go standard library, to handle various private key and PEM block types.
|
||||||
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
|
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
|
||||||
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238)
|
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
|
||||||
func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
||||||
keyBlockDER, _ := pem.Decode(key)
|
keyBlockDER, _ := pem.Decode(key)
|
||||||
if keyBlockDER == nil {
|
if keyBlockDER == nil {
|
||||||
|
@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
|
|||||||
}
|
}
|
||||||
|
|
||||||
if respOrder.Status == acme.StatusValid {
|
if respOrder.Status == acme.StatusValid {
|
||||||
// if the certificate is available right away, short cut!
|
// if the certificate is available right away, shortcut!
|
||||||
ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
|
ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
|
||||||
if errR != nil {
|
if errR != nil {
|
||||||
return nil, errR
|
return nil, errR
|
||||||
|
@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {
|
|||||||
|
|
||||||
if in != nil && in.Truncated {
|
if in != nil && in.Truncated {
|
||||||
tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
|
tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
|
||||||
// If the TCP request succeeds, the err will reset to nil
|
// If the TCP request succeeds, the "err" will reset to nil
|
||||||
in, _, err = tcp.Exchange(m, ns)
|
in, _, err = tcp.Exchange(m, ns)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) {
|
|||||||
|
|
||||||
ok, err := check.checkDNSPropagation(test.fqdn, test.value)
|
ok, err := check.checkDNSPropagation(test.fqdn, test.value)
|
||||||
if test.expectError {
|
if test.expectError {
|
||||||
assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn)
|
assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn)
|
||||||
assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn)
|
assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn)
|
||||||
} else {
|
} else {
|
||||||
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
|
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
|
||||||
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)
|
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)
|
||||||
|
@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
|
func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
|
||||||
// For all valid preSolvers, first submit the challenges so they have max time to propagate
|
// For all valid preSolvers, first submit the challenges, so they have max time to propagate
|
||||||
for _, authSolver := range authSolvers {
|
for _, authSolver := range authSolvers {
|
||||||
authz := authSolver.authz
|
authz := authSolver.authz
|
||||||
if solvr, ok := authSolver.solver.(preSolver); ok {
|
if solvr, ok := authSolver.solver.(preSolver); ok {
|
||||||
|
@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string {
|
|||||||
return net.JoinHostPort(s.iface, s.port)
|
return net.JoinHostPort(s.iface, s.port)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Present generates a certificate with a SHA-256 digest of the keyAuth provided
|
// Present generates a certificate with an SHA-256 digest of the keyAuth provided
|
||||||
// as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
|
// as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
|
||||||
func (s *ProviderServer) Present(domain, token, keyAuth string) error {
|
func (s *ProviderServer) Present(domain, token, keyAuth string) error {
|
||||||
if s.port == "" {
|
if s.port == "" {
|
||||||
|
@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error {
|
|||||||
|
|
||||||
ew.writeln(`Credentials:`)
|
ew.writeln(`Credentials:`)
|
||||||
ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`)
|
ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`)
|
||||||
ew.writeln(` - "SOFTLAYER_USERNAME": User name (IBM Cloud is <accountID>_<emailAddress>)`)
|
ew.writeln(` - "SOFTLAYER_USERNAME": Username (IBM Cloud is <accountID>_<emailAddress>)`)
|
||||||
ew.writeln()
|
ew.writeln()
|
||||||
|
|
||||||
ew.writeln(`Additional Configuration:`)
|
ew.writeln(`Additional Configuration:`)
|
||||||
@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error {
|
|||||||
|
|
||||||
ew.writeln(`Credentials:`)
|
ew.writeln(`Credentials:`)
|
||||||
ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`)
|
ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`)
|
||||||
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`)
|
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`)
|
||||||
ew.writeln()
|
ew.writeln()
|
||||||
|
|
||||||
ew.writeln(`Additional Configuration:`)
|
ew.writeln(`Additional Configuration:`)
|
||||||
|
@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`:
|
|||||||
$ lego --email "you@example.com" --domains="example.com" --dns "manual" run
|
$ lego --email "you@example.com" --domains="example.com" --dns "manual" run
|
||||||
```
|
```
|
||||||
|
|
||||||
What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions:
|
What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
|
||||||
|
|
||||||
```txt
|
```txt
|
||||||
No key found for account you@example.com. Generating a P256 key.
|
No key found for account you@example.com. Generating a P256 key.
|
||||||
|
@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare.
|
|||||||
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
||||||
|
|
||||||
The main resources Lego cares for are the DNS entries for your Zones.
|
The main resources Lego cares for are the DNS entries for your Zones.
|
||||||
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||||
|
|
||||||
Hence, you should create an API token with the following permissions:
|
Hence, you should create an API token with the following permissions:
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
||||||
|
|
||||||
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
||||||
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
|
DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
|
||||||
|
|
||||||
To authenticate you need to provide a valid API token.
|
To authenticate you need to provide a valid API token.
|
||||||
HTTP Basic Authentication is intentionally not supported.
|
HTTP Basic Authentication is intentionally not supported.
|
||||||
@ -69,7 +69,7 @@ HTTP Basic Authentication is intentionally not supported.
|
|||||||
### API tokens
|
### API tokens
|
||||||
|
|
||||||
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
||||||
Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
|
Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||||
|
|
||||||
Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
||||||
- `AKAMAI_{SECTION}_HOST`
|
- `AKAMAI_{SECTION}_HOST`
|
||||||
|
@ -64,7 +64,7 @@ The server must provide:
|
|||||||
- `POST` `/present`
|
- `POST` `/present`
|
||||||
- `POST` `/cleanup`
|
- `POST` `/cleanup`
|
||||||
|
|
||||||
The URL of the server must be define by `HTTPREQ_ENDPOINT`.
|
The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
|
||||||
|
|
||||||
### Mode
|
### Mode
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
|
|||||||
| Environment Variable Name | Description |
|
| Environment Variable Name | Description |
|
||||||
|-----------------------|-------------|
|
|-----------------------|-------------|
|
||||||
| `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
|
| `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
|
||||||
| `SOFTLAYER_USERNAME` | User name (IBM Cloud is <accountID>_<emailAddress>) |
|
| `SOFTLAYER_USERNAME` | Username (IBM Cloud is <accountID>_<emailAddress>) |
|
||||||
|
|
||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||||
|
@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords
|
|||||||
|
|
||||||
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
||||||
|
|
||||||
> 1. please login at Joker.com, visit 'My Domains',
|
> 1. please log in at Joker.com, visit 'My Domains',
|
||||||
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
||||||
>
|
>
|
||||||
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
||||||
|
@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
You can login using your account name + username or using your email address.
|
You can log in using your account name + username or using your email address.
|
||||||
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
||||||
|
|
||||||
|
|
||||||
|
@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
|
|
||||||
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
||||||
|
|
||||||
When requesting the consumer key, the following configuration can be use to define access rights:
|
When requesting the consumer key, the following configuration can be used to define access rights:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
## Description
|
## Description
|
||||||
|
|
||||||
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
||||||
This are special tokens with limited access for ACME requests only.
|
These are special tokens with limited access for ACME requests only.
|
||||||
|
|
||||||
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th
|
|||||||
|
|
||||||
### Least privilege policy for production purposes
|
### Least privilege policy for production purposes
|
||||||
|
|
||||||
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
|
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
|
||||||
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
||||||
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
|
|||||||
|
|
||||||
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
||||||
|
|
||||||
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
|
Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
|||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||||
|
|
||||||
## Credential inforamtion
|
## Credential information
|
||||||
|
|
||||||
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains
|
|||||||
| Environment Variable Name | Description |
|
| Environment Variable Name | Description |
|
||||||
|-----------------------|-------------|
|
|-----------------------|-------------|
|
||||||
| `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
|
| `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
|
||||||
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions |
|
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions |
|
||||||
|
|
||||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||||
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
|
||||||
|
@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
|
|||||||
and you need to pick the one where your domain's DNS settings are set up.
|
and you need to pick the one where your domain's DNS settings are set up.
|
||||||
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
||||||
|
|
||||||
For this example, let's assume you have setup CloudFlare for your domain.
|
For this example, let's assume you have set up CloudFlare for your domain.
|
||||||
|
|
||||||
Execute this command:
|
Execute this command:
|
||||||
|
|
||||||
|
@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options:
|
|||||||
|
|
||||||
## Port Usage
|
## Port Usage
|
||||||
|
|
||||||
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges.
|
||||||
If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
|
If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
|
||||||
lego to listen on that interface:port for any incoming challenges.
|
lego to listen on that interface:port for any incoming challenges.
|
||||||
|
|
||||||
If you are using this option, make sure you proxy all of the following traffic to these ports.
|
If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports.
|
||||||
|
|
||||||
**HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].
|
**HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the
|
|||||||
There are also situations, where this verification step doesn't work as expected:
|
There are also situations, where this verification step doesn't work as expected:
|
||||||
|
|
||||||
- A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
|
- A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
|
||||||
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet.
|
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet.
|
||||||
|
|
||||||
The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.
|
The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
|
|||||||
and you need to pick the one where your domain's DNS settings are set up.
|
and you need to pick the one where your domain's DNS settings are set up.
|
||||||
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
|
||||||
|
|
||||||
For this example, let's assume you have setup CloudFlare for your domain.
|
For this example, let's assume you have set up CloudFlare for your domain.
|
||||||
|
|
||||||
Execute this command:
|
Execute this command:
|
||||||
|
|
||||||
@ -107,4 +107,4 @@ RandomizedDelaySec=1h
|
|||||||
WantedBy=timers.target
|
WantedBy=timers.target
|
||||||
```
|
```
|
||||||
|
|
||||||
[^loadspikes]: See [Github issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.
|
[^loadspikes]: See [GitHub issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.
|
||||||
|
@ -4,7 +4,7 @@ date: 2019-03-03T16:39:46+01:00
|
|||||||
draft: false
|
draft: false
|
||||||
---
|
---
|
||||||
|
|
||||||
Lego can be use as a Go Library.
|
Lego can be used as a Go Library.
|
||||||
|
|
||||||
<!--more-->
|
<!--more-->
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# certs/
|
# certs/
|
||||||
|
|
||||||
This directory contains a CA certificate (`pebble.minica.pem`) and a private key
|
This directory contains a CA certificate (`pebble.minica.pem`) and a private key
|
||||||
(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See
|
(`pebble.minica.key.pem`) that are used to issue an end-entity certificate (See
|
||||||
`certs/localhost`) for the Pebble HTTPS server.
|
`certs/localhost`) for the Pebble HTTPS server.
|
||||||
|
|
||||||
To get your **testing code** to use Pebble without HTTPS errors you should
|
To get your **testing code** to use Pebble without HTTPS errors you should
|
||||||
@ -14,12 +14,11 @@ code!!! The CA's private key is **public** and anyone can use it to issue
|
|||||||
certificates that will be trusted by a system with the Pebble CA in the trust
|
certificates that will be trusted by a system with the Pebble CA in the trust
|
||||||
store.
|
store.
|
||||||
|
|
||||||
To re-create all of the Pebble certificates run:
|
To re-create all certificates used by Pebble, run:
|
||||||
|
|
||||||
minica -ca-cert pebble.minica.pem \
|
minica -ca-cert pebble.minica.pem \
|
||||||
-ca-key pebble.minica.key.pem \
|
-ca-key pebble.minica.key.pem \
|
||||||
-domains localhost,pebble \
|
-domains localhost,pebble \
|
||||||
-ip-addresses 127.0.0.1
|
-ip-addresses 127.0.0.1
|
||||||
|
|
||||||
From the `test/certs/` directory after [installing
|
From the `test/certs/` directory after [installing MiniCA](https://github.com/jsha/minica#installation)
|
||||||
MiniCA](https://github.com/jsha/minica#installation)
|
|
||||||
|
@ -29,7 +29,7 @@ const (
|
|||||||
|
|
||||||
// caServerNameEnvVar is the environment variable name that can be used to
|
// caServerNameEnvVar is the environment variable name that can be used to
|
||||||
// specify the CA server name that can be used to
|
// specify the CA server name that can be used to
|
||||||
// authenticate an ACME server with a HTTPS certificate not issued by a CA in
|
// authenticate an ACME server with an HTTPS certificate not issued by a CA in
|
||||||
// the system-wide trusted root list.
|
// the system-wide trusted root list.
|
||||||
caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
|
caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
|
||||||
|
|
||||||
|
10
platform/config/env/env.go
vendored
10
platform/config/env/env.go
vendored
@ -95,7 +95,7 @@ func getOneWithFallback(main string, names ...string) (string, string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetOrDefaultInt returns the given environment variable value as an integer.
|
// GetOrDefaultInt returns the given environment variable value as an integer.
|
||||||
// Returns the default if the envvar cannot be coopered to an int, or is not found.
|
// Returns the default if the env var cannot be coopered to an int, or is not found.
|
||||||
func GetOrDefaultInt(envVar string, defaultValue int) int {
|
func GetOrDefaultInt(envVar string, defaultValue int) int {
|
||||||
v, err := strconv.Atoi(GetOrFile(envVar))
|
v, err := strconv.Atoi(GetOrFile(envVar))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -105,8 +105,8 @@ func GetOrDefaultInt(envVar string, defaultValue int) int {
|
|||||||
return v
|
return v
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetOrDefaultSecond returns the given environment variable value as an time.Duration (second).
|
// GetOrDefaultSecond returns the given environment variable value as a time.Duration (second).
|
||||||
// Returns the default if the envvar cannot be coopered to an int, or is not found.
|
// Returns the default if the env var cannot be coopered to an int, or is not found.
|
||||||
func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration {
|
func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration {
|
||||||
v := GetOrDefaultInt(envVar, -1)
|
v := GetOrDefaultInt(envVar, -1)
|
||||||
if v < 0 {
|
if v < 0 {
|
||||||
@ -117,7 +117,7 @@ func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetOrDefaultString returns the given environment variable value as a string.
|
// GetOrDefaultString returns the given environment variable value as a string.
|
||||||
// Returns the default if the envvar cannot be find.
|
// Returns the default if the env var cannot be found.
|
||||||
func GetOrDefaultString(envVar, defaultValue string) string {
|
func GetOrDefaultString(envVar, defaultValue string) string {
|
||||||
v := GetOrFile(envVar)
|
v := GetOrFile(envVar)
|
||||||
if v == "" {
|
if v == "" {
|
||||||
@ -128,7 +128,7 @@ func GetOrDefaultString(envVar, defaultValue string) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetOrDefaultBool returns the given environment variable value as a boolean.
|
// GetOrDefaultBool returns the given environment variable value as a boolean.
|
||||||
// Returns the default if the envvar cannot be coopered to a boolean, or is not found.
|
// Returns the default if the env var cannot be coopered to a boolean, or is not found.
|
||||||
func GetOrDefaultBool(envVar string, defaultValue bool) bool {
|
func GetOrDefaultBool(envVar string, defaultValue bool) bool {
|
||||||
v, err := strconv.ParseBool(GetOrFile(envVar))
|
v, err := strconv.ParseBool(GetOrFile(envVar))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -48,7 +48,7 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest {
|
|||||||
|
|
||||||
for _, key := range keys {
|
for _, key := range keys {
|
||||||
if e.domainKey != key && !e.isManagedKey(key) {
|
if e.domainKey != key && !e.isManagedKey(key) {
|
||||||
panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key))
|
panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed, or it's not the key of the domain.", key))
|
||||||
}
|
}
|
||||||
|
|
||||||
if e.domainKey == key {
|
if e.domainKey == key {
|
||||||
|
@ -204,7 +204,7 @@ func getAuthorizer(config *Config) (autorest.Authorizer, error) {
|
|||||||
return auth.NewAuthorizerFromEnvironment()
|
return auth.NewAuthorizerFromEnvironment()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetches metadata from environment or he instance metadata service.
|
// Fetches metadata from environment or the instance metadata service.
|
||||||
// borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go
|
// borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go
|
||||||
func getMetadata(config *Config, field string) (string, error) {
|
func getMetadata(config *Config, field string) (string, error) {
|
||||||
metadataEndpoint := config.MetadataEndpoint
|
metadataEndpoint := config.MetadataEndpoint
|
||||||
|
@ -200,7 +200,7 @@ func (c *Client) LookupViewID(ctx context.Context, configName, viewName string)
|
|||||||
return view.ID, nil
|
return view.ID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// LookupParentZoneID Return the entityId of the parent zone by recursing from the root view.
|
// LookupParentZoneID returns the entityId of the parent zone by iterating through the root labels.
|
||||||
// Also return the simple name of the host.
|
// Also return the simple name of the host.
|
||||||
func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) {
|
func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) {
|
||||||
if fqdn == "" {
|
if fqdn == "" {
|
||||||
|
@ -63,7 +63,7 @@ type DNSProvider struct {
|
|||||||
// For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN.
|
// For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN.
|
||||||
//
|
//
|
||||||
// The email and API key should be avoided, if possible.
|
// The email and API key should be avoided, if possible.
|
||||||
// Instead setup a API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
|
// Instead, set up an API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
|
||||||
// You can split the Zone:Read and DNS:Edit permissions across multiple API tokens:
|
// You can split the Zone:Read and DNS:Edit permissions across multiple API tokens:
|
||||||
// in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly.
|
// in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly.
|
||||||
func NewDNSProvider() (*DNSProvider, error) {
|
func NewDNSProvider() (*DNSProvider, error) {
|
||||||
|
@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare.
|
|||||||
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
|
||||||
|
|
||||||
The main resources Lego cares for are the DNS entries for your Zones.
|
The main resources Lego cares for are the DNS entries for your Zones.
|
||||||
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
|
||||||
|
|
||||||
Hence, you should create an API token with the following permissions:
|
Hence, you should create an API token with the following permissions:
|
||||||
|
|
||||||
|
@ -105,7 +105,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
|||||||
|
|
||||||
tokens, err := identifier.GetToken(context.TODO(), auth)
|
tokens, err := identifier.GetToken(context.TODO(), auth)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("conoha: failed to login: %w", err)
|
return nil, fmt.Errorf("conoha: failed to log in: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := internal.NewClient(config.Region, tokens.Access.Token.ID)
|
client, err := internal.NewClient(config.Region, tokens.Access.Token.ID)
|
||||||
|
@ -29,7 +29,7 @@ func TestNewDNSProvider(t *testing.T) {
|
|||||||
EnvAPIUsername: "api_username",
|
EnvAPIUsername: "api_username",
|
||||||
EnvAPIPassword: "api_password",
|
EnvAPIPassword: "api_password",
|
||||||
},
|
},
|
||||||
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "missing credentials",
|
desc: "missing credentials",
|
||||||
@ -99,7 +99,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
|
|||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
desc: "complete credentials, but login failed",
|
desc: "complete credentials, but login failed",
|
||||||
expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
|
||||||
tenant: "tenant_id",
|
tenant: "tenant_id",
|
||||||
username: "api_username",
|
username: "api_username",
|
||||||
password: "api_password",
|
password: "api_password",
|
||||||
|
@ -23,7 +23,7 @@ type TokenTransport struct {
|
|||||||
Transport http.RoundTripper
|
Transport http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewTokenTransport Creates a HTTP transport for API authentication.
|
// NewTokenTransport Creates an HTTP transport for API authentication.
|
||||||
func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
|
func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
|
||||||
if apiKey == "" {
|
if apiKey == "" {
|
||||||
return nil, errors.New("credentials missing: API key")
|
return nil, errors.New("credentials missing: API key")
|
||||||
|
@ -16,7 +16,7 @@ Additional = '''
|
|||||||
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
|
||||||
|
|
||||||
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
|
||||||
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
|
DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
|
||||||
|
|
||||||
To authenticate you need to provide a valid API token.
|
To authenticate you need to provide a valid API token.
|
||||||
HTTP Basic Authentication is intentionally not supported.
|
HTTP Basic Authentication is intentionally not supported.
|
||||||
@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported.
|
|||||||
### API tokens
|
### API tokens
|
||||||
|
|
||||||
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
|
||||||
Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
|
Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
[Configuration]
|
[Configuration]
|
||||||
|
@ -17,7 +17,7 @@ import (
|
|||||||
const defaultBaseURL string = "https://api.domeneshop.no/v0"
|
const defaultBaseURL string = "https://api.domeneshop.no/v0"
|
||||||
|
|
||||||
// Client implements a very simple wrapper around the Domeneshop API.
|
// Client implements a very simple wrapper around the Domeneshop API.
|
||||||
// For now it will only deal with adding and removing TXT records, as required by ACME providers.
|
// For now, it will only deal with adding and removing TXT records, as required by ACME providers.
|
||||||
// https://api.domeneshop.no/docs/
|
// https://api.domeneshop.no/docs/
|
||||||
type Client struct {
|
type Client struct {
|
||||||
apiToken string
|
apiToken string
|
||||||
|
@ -16,7 +16,7 @@ type TokenTransport struct {
|
|||||||
Transport http.RoundTripper
|
Transport http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewTokenTransport Creates a HTTP transport for API authentication.
|
// NewTokenTransport Creates an HTTP transport for API authentication.
|
||||||
func NewTokenTransport(apiKey string) (*TokenTransport, error) {
|
func NewTokenTransport(apiKey string) (*TokenTransport, error) {
|
||||||
if apiKey == "" {
|
if apiKey == "" {
|
||||||
return nil, errors.New("credentials missing: API key")
|
return nil, errors.New("credentials missing: API key")
|
||||||
|
@ -110,7 +110,7 @@ func (c Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostnam
|
|||||||
return &apiResp, nil
|
return &apiResp, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// doRetry the API is really unstable so we need to retry on EOF.
|
// doRetry the API is really unstable, so we need to retry on EOF.
|
||||||
func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error {
|
func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error {
|
||||||
operation := func() error {
|
operation := func() error {
|
||||||
return c.do(ctx, method, uri, body, result)
|
return c.do(ctx, method, uri, body, result)
|
||||||
|
@ -62,7 +62,7 @@ type DNSProvider struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS:
|
// NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS:
|
||||||
// Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
// Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||||
//
|
//
|
||||||
// 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
|
// 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
|
||||||
// 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`
|
// 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`
|
||||||
|
@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run
|
|||||||
'''
|
'''
|
||||||
|
|
||||||
Additional = '''
|
Additional = '''
|
||||||
Akamai credentials are automatically detected in the following locations and prioritized in the following order:
|
Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
|
||||||
|
|
||||||
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
|
||||||
- `AKAMAI_{SECTION}_HOST`
|
- `AKAMAI_{SECTION}_HOST`
|
||||||
|
@ -14,11 +14,7 @@ import (
|
|||||||
"github.com/go-acme/lego/v4/providers/dns/glesys/internal"
|
"github.com/go-acme/lego/v4/providers/dns/glesys/internal"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const minTTL = 60
|
||||||
// defaultBaseURL is the GleSYS API endpoint used by Present and CleanUp.
|
|
||||||
defaultBaseURL = "https://api.glesys.com/domain"
|
|
||||||
minTTL = 60
|
|
||||||
)
|
|
||||||
|
|
||||||
// Environment variables names.
|
// Environment variables names.
|
||||||
const (
|
const (
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Package httpreq implements a DNS provider for solving the DNS-01 challenge through a HTTP server.
|
// Package httpreq implements a DNS provider for solving the DNS-01 challenge through an HTTP server.
|
||||||
package httpreq
|
package httpreq
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -17,7 +17,7 @@ The server must provide:
|
|||||||
- `POST` `/present`
|
- `POST` `/present`
|
||||||
- `POST` `/cleanup`
|
- `POST` `/cleanup`
|
||||||
|
|
||||||
The URL of the server must be define by `HTTPREQ_ENDPOINT`.
|
The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
|
||||||
|
|
||||||
### Mode
|
### Mode
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ func evaluateBody(body string, hostname string) error {
|
|||||||
case codeAbuse:
|
case codeAbuse:
|
||||||
return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname)
|
return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname)
|
||||||
case codeBadAgent:
|
case codeBadAgent:
|
||||||
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body)
|
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on GitHub", body)
|
||||||
case codeBadAuth:
|
case codeBadAuth:
|
||||||
return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
|
return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
|
||||||
case codeInterval:
|
case codeInterval:
|
||||||
|
@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
|
|||||||
|
|
||||||
[Configuration]
|
[Configuration]
|
||||||
[Configuration.Credentials]
|
[Configuration.Credentials]
|
||||||
SOFTLAYER_USERNAME = "User name (IBM Cloud is <accountID>_<emailAddress>)"
|
SOFTLAYER_USERNAME = "Username (IBM Cloud is <accountID>_<emailAddress>)"
|
||||||
SOFTLAYER_API_KEY = "Classic Infrastructure API key"
|
SOFTLAYER_API_KEY = "Classic Infrastructure API key"
|
||||||
[Configuration.Additional]
|
[Configuration.Additional]
|
||||||
SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"
|
SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||||
|
@ -55,7 +55,7 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai
|
|||||||
statusCode, err := c.do(req, domain)
|
statusCode, err := c.do(req, domain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
|
if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
|
||||||
// Look up for the next sub domain
|
// Look up for the next subdomain
|
||||||
subIndex := strings.Index(domainName, ".")
|
subIndex := strings.Index(domainName, ".")
|
||||||
return c.GetDomainByName(ctx, domainName[subIndex+1:])
|
return c.GetDomainByName(ctx, domainName[subIndex+1:])
|
||||||
}
|
}
|
||||||
|
@ -108,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||||||
defer func() {
|
defer func() {
|
||||||
errL := d.client.Account.Logout()
|
errL := d.client.Account.Logout()
|
||||||
if errL != nil {
|
if errL != nil {
|
||||||
log.Infof("inwx: failed to logout: %v", errL)
|
log.Infof("inwx: failed to log out: %v", errL)
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
@ -158,7 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||||||
defer func() {
|
defer func() {
|
||||||
errL := d.client.Account.Logout()
|
errL := d.client.Account.Logout()
|
||||||
if errL != nil {
|
if errL != nil {
|
||||||
log.Infof("inwx: failed to logout: %v", errL)
|
log.Infof("inwx: failed to log out: %v", errL)
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
@ -199,7 +199,7 @@ func (d *DNSProvider) twoFactorAuth(info *goinwx.LoginResponse) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if d.config.SharedSecret == "" {
|
if d.config.SharedSecret == "" {
|
||||||
return errors.New("two factor authentication but no shared secret is given")
|
return errors.New("two-factor authentication but no shared secret is given")
|
||||||
}
|
}
|
||||||
|
|
||||||
tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now())
|
tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now())
|
||||||
|
@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords
|
|||||||
|
|
||||||
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
|
||||||
|
|
||||||
> 1. please login at Joker.com, visit 'My Domains',
|
> 1. please log in at Joker.com, visit 'My Domains',
|
||||||
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
|
||||||
>
|
>
|
||||||
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
|
||||||
|
@ -192,7 +192,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||||||
|
|
||||||
err = d.client.RemoveSubdomain(ctx, authZone, subDomain)
|
err = d.client.RemoveSubdomain(ctx, authZone, subDomain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("loopia: failed to remove sub-domain: %w", err)
|
return fmt.Errorf("loopia: failed to remove subdomain: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -149,10 +149,10 @@ func TestDNSProvider_Cleanup(t *testing.T) {
|
|||||||
callGetTXTRecords: true,
|
callGetTXTRecords: true,
|
||||||
callRemoveSubdomain: true,
|
callRemoveSubdomain: true,
|
||||||
|
|
||||||
expectedError: `loopia: failed to remove sub-domain: unknown error: "UNKNOWN_ERROR"`,
|
expectedError: `loopia: failed to remove subdomain: unknown error: "UNKNOWN_ERROR"`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "Dont call removeSubdomain when records",
|
desc: "Don't call removeSubdomain when records",
|
||||||
|
|
||||||
getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}},
|
getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}},
|
||||||
callAddTXTRecord: true,
|
callAddTXTRecord: true,
|
||||||
|
@ -18,17 +18,16 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Notes about namecheap's tool API:
|
// Notes about namecheap's tool API:
|
||||||
// 1. Using the API requires registration. Once registered, use your account
|
// 1. Using the API requires registration.
|
||||||
// name and API key to access the API.
|
// Once registered, use your account name and API key to access the API.
|
||||||
// 2. There is no API to add or modify a single DNS record. Instead you must
|
// 2. There is no API to add or modify a single DNS record.
|
||||||
// read the entire list of records, make modifications, and then write the
|
// Instead, you must read the entire list of records, make modifications,
|
||||||
// entire updated list of records. (Yuck.)
|
// and then write the entire updated list of records. (Yuck.)
|
||||||
// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take
|
// 3. Namecheap's DNS updates can be slow to propagate.
|
||||||
// as long as an hour.
|
// I've seen them take as long as an hour.
|
||||||
// 4. Namecheap requires you to whitelist the IP address from which you call
|
// 4. Namecheap requires you to whitelist the IP address from which you call its APIs.
|
||||||
// its APIs. It also requires all API calls to include the whitelisted IP
|
// It also requires all API calls to include the whitelisted IP address as a form or query string value.
|
||||||
// address as a form or query string value. This code uses a namecheap
|
// This code uses a namecheap service to query the client's IP address.
|
||||||
// service to query the client's IP address.
|
|
||||||
|
|
||||||
// Environment variables names.
|
// Environment variables names.
|
||||||
const (
|
const (
|
||||||
|
@ -201,5 +201,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return fmt.Errorf("nicmanager: no record found to cleanup")
|
return fmt.Errorf("nicmanager: no record found to clean up")
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run
|
|||||||
Additional = '''
|
Additional = '''
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
You can login using your account name + username or using your email address.
|
You can log in using your account name + username or using your email address.
|
||||||
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
@ -161,7 +161,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if *domainRecords.OpcTotalItems == 0 {
|
if *domainRecords.OpcTotalItems == 0 {
|
||||||
return errors.New("oraclecloud: no record to CleanUp")
|
return errors.New("oraclecloud: no record to clean up")
|
||||||
}
|
}
|
||||||
|
|
||||||
var deleteHash *string
|
var deleteHash *string
|
||||||
@ -173,7 +173,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if deleteHash == nil {
|
if deleteHash == nil {
|
||||||
return errors.New("oraclecloud: no record to CleanUp")
|
return errors.New("oraclecloud: no record to clean up")
|
||||||
}
|
}
|
||||||
|
|
||||||
recordOperation := dns.RecordOperation{
|
recordOperation := dns.RecordOperation{
|
||||||
|
@ -17,7 +17,7 @@ Additional = '''
|
|||||||
|
|
||||||
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
|
||||||
|
|
||||||
When requesting the consumer key, the following configuration can be use to define access rights:
|
When requesting the consumer key, the following configuration can be used to define access rights:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
@ -13,7 +13,7 @@ Additional = '''
|
|||||||
## Description
|
## Description
|
||||||
|
|
||||||
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
|
||||||
This are special tokens with limited access for ACME requests only.
|
These are special tokens with limited access for ACME requests only.
|
||||||
|
|
||||||
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ func TestServerError(t *testing.T) {
|
|||||||
err = provider.Present(fakeDomain, "", fakeKeyAuth)
|
err = provider.Present(fakeDomain, "", fakeKeyAuth)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
if !strings.Contains(err.Error(), "NOTZONE") {
|
if !strings.Contains(err.Error(), "NOTZONE") {
|
||||||
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string but it did not: %v", err)
|
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ func NewDNSProvider() (*DNSProvider, error) {
|
|||||||
return NewDNSProviderConfig(NewDefaultConfig())
|
return NewDNSProviderConfig(NewDefaultConfig())
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDNSProviderConfig takes a given config ans returns a custom configured DNSProvider instance.
|
// NewDNSProviderConfig takes a given config and returns a custom configured DNSProvider instance.
|
||||||
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
||||||
if config == nil {
|
if config == nil {
|
||||||
return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil")
|
return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil")
|
||||||
|
@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th
|
|||||||
|
|
||||||
### Least privilege policy for production purposes
|
### Least privilege policy for production purposes
|
||||||
|
|
||||||
The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
|
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
|
||||||
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
|
||||||
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
|
|||||||
|
|
||||||
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
|
||||||
|
|
||||||
Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
|
Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
[Configuration]
|
[Configuration]
|
||||||
|
@ -81,7 +81,7 @@ func TestNewDNSProvider(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// The error message for a file not existing is different on Windows and Linux.
|
// The error message for a file not existing is different on Windows and Linux.
|
||||||
// Therefore we test if the error type is the same.
|
// Therefore, we test if the error type is the same.
|
||||||
t.Run("could not open private key path", func(t *testing.T) {
|
t.Run("could not open private key path", func(t *testing.T) {
|
||||||
defer envTest.RestoreEnv()
|
defer envTest.RestoreEnv()
|
||||||
envTest.ClearEnv()
|
envTest.ClearEnv()
|
||||||
@ -144,7 +144,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// The error message for a file not existing is different on Windows and Linux.
|
// The error message for a file not existing is different on Windows and Linux.
|
||||||
// Therefore we test if the error type is the same.
|
// Therefore, we test if the error type is the same.
|
||||||
t.Run("could not open private key path", func(t *testing.T) {
|
t.Run("could not open private key path", func(t *testing.T) {
|
||||||
config := NewDefaultConfig()
|
config := NewDefaultConfig()
|
||||||
config.AccountName = "johndoe"
|
config.AccountName = "johndoe"
|
||||||
|
@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*.
|
|||||||
'''
|
'''
|
||||||
|
|
||||||
Additional = '''
|
Additional = '''
|
||||||
## Credential inforamtion
|
## Credential information
|
||||||
|
|
||||||
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ func czechHour() int {
|
|||||||
|
|
||||||
func utcToCet(utc time.Time) time.Time {
|
func utcToCet(utc time.Time) time.Time {
|
||||||
// https://en.wikipedia.org/wiki/Central_European_Time
|
// https://en.wikipedia.org/wiki/Central_European_Time
|
||||||
// As of 2011, all member states of the European Union observe summer time (daylight saving time),
|
// As of 2011, all member states of the European Union observe Summer Time (daylight saving time),
|
||||||
// from the last Sunday in March to the last Sunday in October.
|
// from the last Sunday in March to the last Sunday in October.
|
||||||
// States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1]
|
// States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1]
|
||||||
utcMonth := utc.Month()
|
utcMonth := utc.Month()
|
||||||
|
@ -37,7 +37,7 @@ cat key.json | base64
|
|||||||
|
|
||||||
[Configuration]
|
[Configuration]
|
||||||
[Configuration.Credentials]
|
[Configuration.Credentials]
|
||||||
YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions"
|
YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions"
|
||||||
YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
|
YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
|
||||||
[Configuration.Additional]
|
[Configuration.Additional]
|
||||||
YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"
|
YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
// Package memcached implements a HTTP provider for solving the HTTP-01 challenge using memcached
|
// Package memcached implements an HTTP provider for solving the HTTP-01 challenge using memcached in combination with a webserver.
|
||||||
// in combination with a webserver.
|
|
||||||
package memcached
|
package memcached
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
// Package s3 implements an HTTP provider for solving the HTTP-01 challenge using AWS S3.
|
||||||
package s3
|
package s3
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -1,5 +1,3 @@
|
|||||||
// Package s3 implements a HTTP provider for solving the HTTP-01 challenge
|
|
||||||
// using AWS S3 in combination with AWS CloudFront.
|
|
||||||
package s3
|
package s3
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Package webroot implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
// Package webroot implements an HTTP provider for solving the HTTP-01 challenge using web server's root path.
|
||||||
package webroot
|
package webroot
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
Loading…
Reference in New Issue
Block a user