Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-04-09 | generate stub CertSpec objects from config file | Andrew Cady | |
(CertSpec is the new name for AcmeCertRequest) | |||
2016-04-09 | stub parsing of yaml config file | Andrew Cady | |
2016-04-09 | import Data.Yaml.Config | Andrew Cady | |
2016-04-09 | Separate CLI into subcommands | Andrew Cady | |
Viz. 'update' and 'certify' 'certify' is just the previous CLI. 'update' is unimplemented. The binary was renamed from 'acme-certify' to 'acme' to reflect this. | |||
2016-04-09 | Trivial, formatting | Andrew Cady | |
2016-04-09 | Move generation of CSR into `certify` function | Andrew Cady | |
2016-04-08 | More renames/cleanup related to HttpProvisioner | Andrew Cady | |
2016-04-08 | Improve HttpProvisioner interface | Andrew Cady | |
These still need to be renamed | |||
2016-04-08 | More refactoring | Andrew Cady | |
2016-04-08 | Change type of HttpProvisioner | Andrew Cady | |
Now it is parameterized on domain name. This will allow to provision to a different directory for each (sub)domain. | |||
2016-04-08 | slight refactor | Andrew Cady | |
2016-01-28 | non-semantic changes | Andrew Cady | |
2016-01-28 | http 300 response is not success | Andrew Cady | |
2016-01-27 | Re-order some definitions (no semantic changes) | Andrew Cady | |
2016-01-27 | remove Keys type from Network.ACME.Encoding | Andrew Cady | |
2016-01-27 | Embed issuer certificate in binary | Andrew Cady | |
This permits the program to be run from outside the source directory. | |||
2016-01-27 | clean up http-served files after challenges complete | Andrew Cady | |
2016-01-26 | bump stack resolver to lts-5.0 | Andrew Cady | |
2016-01-26 | Improve documentation | Andrew Cady | |
2016-01-26 | Pre-generate DH params | Andrew Cady | |
The program now outputs a combined PEM certificate. A new option allows DH-param generation to be disabled. | |||
2016-01-26 | use Control.Error | Andrew Cady | |
2016-01-25 | generate DH params; use PEM for final output | Andrew Cady | |
this needs to be made optional and the DH params should be cached, because generating them is very slow. | |||
2016-01-25 | move genReq into the library | Andrew Cady | |
2016-01-25 | Change API of "certify" | Andrew Cady | |
It now expects a callback to provision the challenge responses. This needs to be improved so that it will also do cleanup. | |||
2016-01-24 | update documentation | Andrew Cady | |
2016-01-24 | poll for challenge results before getting certificate | Andrew Cady | |
2016-01-24 | fix warnings | Andrew Cady | |
2016-01-24 | Oops; don't use "show" with DomainName type | Andrew Cady | |
2016-01-24 | Don't save CSR to disk; cleanup | Andrew Cady | |
2016-01-24 | use BasePrelude | Andrew Cady | |
2016-01-24 | split out another module | Andrew Cady | |
2016-01-24 | rename module & files; remove unused deps | Andrew Cady | |
2016-01-24 | Function 'certify' now returns certificate data | Andrew Cady | |
(previously it saved to a file) | |||
2016-01-24 | validate domain names | Andrew Cady | |
2016-01-24 | validate URIs | Andrew Cady | |
2016-01-24 | Validate email address | Andrew Cady | |
2016-01-24 | Remove unused imports, extensions, & definitions | Andrew Cady | |
2016-01-23 | change package name to "acme-certify" | Andrew Cady | |
2016-01-23 | add support for multi-domain (subjectAltName) certificates | Andrew Cady | |
2016-01-22 | Use subjectAltName X509v3 extension | Andrew Cady | |
2016-01-22 | use HsOpenSSL version that actually works | Andrew Cady | |
2016-01-22 | move key reading function into exported library | Andrew Cady | |
2016-01-22 | Factored out Network.ACME library | Andrew Cady | |
2016-01-22 | Avoid calling "openssl req" external process | Andrew Cady | |
This required patching HsOpenSSL. stack.yaml has been updated to pull the patched version from github. stack.yaml was also updated to lts-4.2. | |||
2016-01-21 | helper function to replace "flip unless" ugliness | Andrew Cady | |
2016-01-21 | Fail earlier | Andrew Cady | |
Checks that the output dirs are writable and that writing to the challenge dir results in a file hosted at the proper URL. I once had a linksys router that would forward incoming TCP connections to a machine on my LAN, but would not route connections from that machine to itself over the public IP. This check would break on such a configuration; I suppose it might be made optional. | |||
2016-01-21 | add option --domain-dir | Andrew Cady | |
also renamed --dir to --challenge-dir | |||
2016-01-21 | update documentation to reflect new code | Andrew Cady | |
2016-01-21 | Generate RSA keys and CSRs using HsOpenSSL | Andrew Cady | |
Unfortunately, an external process is still needed to convert x509 CSRs from PEM to DER. | |||
2016-01-21 | It _does_ work! | Andrew Cady | |
The fix was: don't repeat the request after seeing "pending." Turns out the cert was actually being issued. Besides that, a "--staging" option was added to allow testing against Let's Encrypt staging servers. This is necessary for success because I am now rate-limited! Error reporting is improved and code is cleaned up somewhat. |