Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-01-27 | Embed issuer certificate in binary | Andrew Cady | |
This permits the program to be run from outside the source directory. | |||
2016-01-27 | clean up http-served files after challenges complete | Andrew Cady | |
2016-01-26 | bump stack resolver to lts-5.0 | Andrew Cady | |
2016-01-26 | Improve documentation | Andrew Cady | |
2016-01-26 | Pre-generate DH params | Andrew Cady | |
The program now outputs a combined PEM certificate. A new option allows DH-param generation to be disabled. | |||
2016-01-26 | use Control.Error | Andrew Cady | |
2016-01-25 | generate DH params; use PEM for final output | Andrew Cady | |
this needs to be made optional and the DH params should be cached, because generating them is very slow. | |||
2016-01-25 | move genReq into the library | Andrew Cady | |
2016-01-25 | Change API of "certify" | Andrew Cady | |
It now expects a callback to provision the challenge responses. This needs to be improved so that it will also do cleanup. | |||
2016-01-24 | update documentation | Andrew Cady | |
2016-01-24 | poll for challenge results before getting certificate | Andrew Cady | |
2016-01-24 | fix warnings | Andrew Cady | |
2016-01-24 | Oops; don't use "show" with DomainName type | Andrew Cady | |
2016-01-24 | Don't save CSR to disk; cleanup | Andrew Cady | |
2016-01-24 | use BasePrelude | Andrew Cady | |
2016-01-24 | split out another module | Andrew Cady | |
2016-01-24 | rename module & files; remove unused deps | Andrew Cady | |
2016-01-24 | Function 'certify' now returns certificate data | Andrew Cady | |
(previously it saved to a file) | |||
2016-01-24 | validate domain names | Andrew Cady | |
2016-01-24 | validate URIs | Andrew Cady | |
2016-01-24 | Validate email address | Andrew Cady | |
2016-01-24 | Remove unused imports, extensions, & definitions | Andrew Cady | |
2016-01-23 | change package name to "acme-certify" | Andrew Cady | |
2016-01-23 | add support for multi-domain (subjectAltName) certificates | Andrew Cady | |
2016-01-22 | Use subjectAltName X509v3 extension | Andrew Cady | |
2016-01-22 | use HsOpenSSL version that actually works | Andrew Cady | |
2016-01-22 | move key reading function into exported library | Andrew Cady | |
2016-01-22 | Factored out Network.ACME library | Andrew Cady | |
2016-01-22 | Avoid calling "openssl req" external process | Andrew Cady | |
This required patching HsOpenSSL. stack.yaml has been updated to pull the patched version from github. stack.yaml was also updated to lts-4.2. | |||
2016-01-21 | helper function to replace "flip unless" ugliness | Andrew Cady | |
2016-01-21 | Fail earlier | Andrew Cady | |
Checks that the output dirs are writable and that writing to the challenge dir results in a file hosted at the proper URL. I once had a linksys router that would forward incoming TCP connections to a machine on my LAN, but would not route connections from that machine to itself over the public IP. This check would break on such a configuration; I suppose it might be made optional. | |||
2016-01-21 | add option --domain-dir | Andrew Cady | |
also renamed --dir to --challenge-dir | |||
2016-01-21 | update documentation to reflect new code | Andrew Cady | |
2016-01-21 | Generate RSA keys and CSRs using HsOpenSSL | Andrew Cady | |
Unfortunately, an external process is still needed to convert x509 CSRs from PEM to DER. | |||
2016-01-21 | It _does_ work! | Andrew Cady | |
The fix was: don't repeat the request after seeing "pending." Turns out the cert was actually being issued. Besides that, a "--staging" option was added to allow testing against Let's Encrypt staging servers. This is necessary for success because I am now rate-limited! Error reporting is improved and code is cleaned up somewhat. | |||
2016-01-20 | whitespace | Andrew Cady | |
2016-01-20 | More debug logging | Andrew Cady | |
I have no idea why it doesn't work. "Let's Encrypt" servers hit my server. The file hosted on my server matches the value in the "keyAuthorization" field I get back from them. What is wrong?? Maybe it's not the code, but something related to my domain? | |||
2016-01-20 | minor fix: type sig unifies two functions | Andrew Cady | |
2016-01-20 | last step doesn't work... | Andrew Cady | |
2016-01-20 | Report HTTP status | Andrew Cady | |
2016-01-20 | Use a Wreq session. | Andrew Cady | |
Configure Wreq not to throw exceptions for non-200 status codes. | |||
2016-01-20 | Use a monad to track nonce values between requests | Andrew Cady | |
(Partially implemented.) | |||
2016-01-20 | Minor code reorg | Andrew Cady | |
"register" function was tested in ghci. | |||
2016-01-20 | remove 'writeBody'; minor cleanups | Andrew Cady | |
2016-01-20 | Remove unused functions | Andrew Cady | |
(Related to calling external openssl process.) | |||
2016-01-20 | Generate signatures without external calls | Andrew Cady | |
2016-01-20 | Generate the private key with specified filename | Andrew Cady | |
(Won't generate if file exists.) | |||
2016-01-20 | Command line options replace hard-coded values | Andrew Cady | |
2016-01-20 | Fetch directory urls along with nonce | Andrew Cady | |
2016-01-20 | Fetch nonce instead of hard-coding it | Andrew Cady | |