diff options
-rw-r--r-- | acme-certify.hs | 6 | ||||
-rw-r--r-- | lets-encrypt-x2-cross-signed.pem | 27 | ||||
-rw-r--r-- | lets-encrypt-x3-cross-signed.pem | 27 | ||||
-rw-r--r-- | lets-encrypt-x4-cross-signed.pem | 27 | ||||
-rw-r--r-- | src/Network/ACME/Issuer.hs | 9 |
5 files changed, 93 insertions, 3 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 94891d0..84c26c6 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -34,7 +34,7 @@ import Network.ACME (HttpProvisioner, Keys (..), | |||
34 | ensureWritableDir, | 34 | ensureWritableDir, |
35 | provisionViaFile, readKeys, | 35 | provisionViaFile, readKeys, |
36 | (</>)) | 36 | (</>)) |
37 | import Network.ACME.Issuer (letsEncryptX1CrossSigned) | 37 | import Network.ACME.Issuer (letsEncryptX3CrossSigned) |
38 | import Network.URI | 38 | import Network.URI |
39 | import OpenSSL | 39 | import OpenSSL |
40 | import OpenSSL.DH | 40 | import OpenSSL.DH |
@@ -233,7 +233,7 @@ readSignedObject = | |||
233 | 233 | ||
234 | runUpdate :: UpdateOpts -> IO () | 234 | runUpdate :: UpdateOpts -> IO () |
235 | runUpdate UpdateOpts { .. } = do | 235 | runUpdate UpdateOpts { .. } = do |
236 | issuerCert <- readX509 letsEncryptX1CrossSigned | 236 | issuerCert <- readX509 letsEncryptX3CrossSigned |
237 | 237 | ||
238 | config <- Config.load "config.yaml" | 238 | config <- Config.load "config.yaml" |
239 | hostsConfig <- Config.subconfig "hosts" config | 239 | hostsConfig <- Config.subconfig "hosts" config |
@@ -369,7 +369,7 @@ runCertify CertifyOpts{..} = do | |||
369 | requestDomains = map domainName' optDomains | 369 | requestDomains = map domainName' optDomains |
370 | email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail | 370 | email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail |
371 | 371 | ||
372 | issuerCert <- readX509 letsEncryptX1CrossSigned | 372 | issuerCert <- readX509 letsEncryptX3CrossSigned -- TODO: Don't use fixed issuer certificate. It changed before; it will again. |
373 | 373 | ||
374 | seq email (return ()) | 374 | seq email (return ()) |
375 | createDirectoryIfMissing False domainDir | 375 | createDirectoryIfMissing False domainDir |
diff --git a/lets-encrypt-x2-cross-signed.pem b/lets-encrypt-x2-cross-signed.pem new file mode 100644 index 0000000..c152625 --- /dev/null +++ b/lets-encrypt-x2-cross-signed.pem | |||
@@ -0,0 +1,27 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIEqDCCA5CgAwIBAgIRAMODTJjAvWslLKN5tm+lKw4wDQYJKoZIhvcNAQELBQAw | ||
3 | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
4 | Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjM1MDFaFw0yMDEwMTkyMjM1MDFa | ||
5 | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | ||
6 | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMjCCASIwDQYJKoZIhvcNAQEBBQAD | ||
7 | ggEPADCCAQoCggEBAOEkdEJ7t5Ex2XP/OKrYzkRctzkK3ESuDb1FuZc3Z6+9UE9f | ||
8 | 0xBUa/dB2o5j5m1bwOhAqYxB/NEDif9iYQlg1gcFeJqQvRpkPk/cz3cviWvLZ69B | ||
9 | TcWNAMBr/o2E3LXylTGo6PaQoENKk3Rcsz5DaUuJIkd0UT6ZZMPNJAH5hC8odxci | ||
10 | p93DbAhMZi83dMVvk46wRjcWYdFQmMiwD09YU3ys9totlmFQrUPcCqZPnrVSuZyO | ||
11 | 707fRrMx3CD8acKjIHU+7DgbNk5mZtLf9Wakky97pg6UPmA9Skscb7q0TRw8kVhu | ||
12 | L03E2nDb7QE5dsBJ5+k1tRQGkMHlkuIQ/Wu5tIUCAwEAAaOCAZIwggGOMBIGA1Ud | ||
13 | EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy | ||
14 | BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j | ||
15 | b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv | ||
16 | ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ | ||
17 | MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH | ||
18 | AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw | ||
19 | MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM | ||
20 | LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUxbGrTkyxzWQwk37B | ||
21 | hJkFq+YD4iUwDQYJKoZIhvcNAQELBQADggEBAAcSAhaE7rvHxyUnhgkEpMR56o2I | ||
22 | IH+mlw5kknjhAuvaBIAM59MZkFbFg5CrNWt8K+G3UoxJgFwv7HvJJxqwgPpNgXC/ | ||
23 | uT3prkvwt+2lvzKJKbqdH+lo40P8EuSyyJOz2hjrRzNMHbJHYDS9OhF5WC5LOQQa | ||
24 | ydgLZ/JHxXgJypEZqcmVgQ+yYBs0XPwXjE7OE8vbx5REwu7gToMIqAoWRoWW2MxS | ||
25 | g28RGPVnHzHk2XV1nZGy9T+NYQ91vWWJr1pzNEFZ0cnA2xGwTeJ+zZ3URCfw3Z1U | ||
26 | +YAL3YUmrvdoRBlASOTmNJmXSo9qvMYPa3DEomAPoFQFZqsSN6kuqDEIqMA= | ||
27 | -----END CERTIFICATE----- | ||
diff --git a/lets-encrypt-x3-cross-signed.pem b/lets-encrypt-x3-cross-signed.pem new file mode 100644 index 0000000..0002462 --- /dev/null +++ b/lets-encrypt-x3-cross-signed.pem | |||
@@ -0,0 +1,27 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ | ||
3 | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
4 | DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow | ||
5 | SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT | ||
6 | GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC | ||
7 | AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF | ||
8 | q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 | ||
9 | SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 | ||
10 | Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA | ||
11 | a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj | ||
12 | /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T | ||
13 | AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG | ||
14 | CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv | ||
15 | bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k | ||
16 | c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw | ||
17 | VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC | ||
18 | ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz | ||
19 | MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu | ||
20 | Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF | ||
21 | AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo | ||
22 | uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ | ||
23 | wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu | ||
24 | X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG | ||
25 | PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 | ||
26 | KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== | ||
27 | -----END CERTIFICATE----- | ||
diff --git a/lets-encrypt-x4-cross-signed.pem b/lets-encrypt-x4-cross-signed.pem new file mode 100644 index 0000000..c0b4eb6 --- /dev/null +++ b/lets-encrypt-x4-cross-signed.pem | |||
@@ -0,0 +1,27 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc6bLEeMfizANBgkqhkiG9w0BAQsFADA/ | ||
3 | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
4 | DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDEwMloXDTIxMDMxNzE2NDEwMlow | ||
5 | SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT | ||
6 | GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFg0MIIBIjANBgkqhkiG9w0BAQEFAAOC | ||
7 | AQ8AMIIBCgKCAQEA4SR0Qnu3kTHZc/84qtjORFy3OQrcRK4NvUW5lzdnr71QT1/T | ||
8 | EFRr90HajmPmbVvA6ECpjEH80QOJ/2JhCWDWBwV4mpC9GmQ+T9zPdy+Ja8tnr0FN | ||
9 | xY0AwGv+jYTctfKVMajo9pCgQ0qTdFyzPkNpS4kiR3RRPplkw80kAfmELyh3FyKn | ||
10 | 3cNsCExmLzd0xW+TjrBGNxZh0VCYyLAPT1hTfKz22i2WYVCtQ9wKpk+etVK5nI7v | ||
11 | Tt9GszHcIPxpwqMgdT7sOBs2TmZm0t/1ZqSTL3umDpQ+YD1KSxxvurRNHDyRWG4v | ||
12 | TcTacNvtATl2wEnn6TW1FAaQweWS4hD9a7m0hQIDAQABo4IBfTCCAXkwEgYDVR0T | ||
13 | AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG | ||
14 | CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv | ||
15 | bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k | ||
16 | c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw | ||
17 | VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC | ||
18 | ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz | ||
19 | MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu | ||
20 | Y3JsMB0GA1UdDgQWBBTFsatOTLHNZDCTfsGEmQWr5gPiJTANBgkqhkiG9w0BAQsF | ||
21 | AAOCAQEANlaeSdstfAtqFN3jdRZJFjx9X+Ob3PIDlekPYQ1OQ1Uw43rE1FUj7hUw | ||
22 | g2MJKfs9b7M0WoQg7C20nJY/ajsg7pWhUG3J6rlkDTfVY9faeWi0qsPYXE6BpBDr | ||
23 | 5BrW/Xv8yT8U2BiEAmNggWq8dmFl82fghmLzHBM8X8NZ3ZwA1fGePA53AP5IoD+0 | ||
24 | ArpW8Ik1sSuQBjZ8oQLfN+G8OoY7MNRopyLyQQCNy4aWfE+xYnoVoa5+yr+aPiX0 | ||
25 | 7YQrY/cKawAn7QB4PyF5//IKSAVs7mAuB68wbMdE3FKfOHfJ24W4z/bIJTrTY8Y5 | ||
26 | Sr4AUhtzf8oVDrHZYWRrP4joIcOu/Q== | ||
27 | -----END CERTIFICATE----- | ||
diff --git a/src/Network/ACME/Issuer.hs b/src/Network/ACME/Issuer.hs index 451aa14..b48b551 100644 --- a/src/Network/ACME/Issuer.hs +++ b/src/Network/ACME/Issuer.hs | |||
@@ -7,3 +7,12 @@ import Data.FileEmbed | |||
7 | 7 | ||
8 | letsEncryptX1CrossSigned :: String | 8 | letsEncryptX1CrossSigned :: String |
9 | letsEncryptX1CrossSigned = unpack $(embedFile "lets-encrypt-x1-cross-signed.pem") | 9 | letsEncryptX1CrossSigned = unpack $(embedFile "lets-encrypt-x1-cross-signed.pem") |
10 | |||
11 | letsEncryptX2CrossSigned :: String | ||
12 | letsEncryptX2CrossSigned = unpack $(embedFile "lets-encrypt-x2-cross-signed.pem") | ||
13 | |||
14 | letsEncryptX3CrossSigned :: String | ||
15 | letsEncryptX3CrossSigned = unpack $(embedFile "lets-encrypt-x3-cross-signed.pem") | ||
16 | |||
17 | letsEncryptX4CrossSigned :: String | ||
18 | letsEncryptX4CrossSigned = unpack $(embedFile "lets-encrypt-x4-cross-signed.pem") | ||