This repository has been archived by the owner. It is now read-only.
Open
Conversation
Marked fullchain as a deprecated_property_alias
bump acme-client gem to 2.0.3
Pebble v2.x has breaking changes that need some futher overhaul here, but for now use the v1.0.1 version so tests can pass once more. Also ensure that available packages are updated in Debian-based testing platforms.
Test fixes
Need lazy evaluation when using attributes in resources
Upgrades acme-client version to 2.0.6 which supports faraday 1.0.0 which is required by chef
Update default.rb (Closes #120)
Member
|
Why do you need this? If I recall correctly we needed this for ACME v2 support which is part of the stable 4.1.0 release. Currently upstream master is the latest stable version (4.1.2) so there is no longer a need for this custom fork. You can get rid of it and just upload 4.1.2 to your Chef server or reference it in the cookbooks that depend on it. |
Member
Author
|
Chef testing fails because it can't install the acme-client gem. Didn't we pin all the mirrored cookbooks so we can't have any problems when somebody updates them and we don't support it? |
Member
|
There's a difference in pinning and forking cookbooks. We had to fork this one because the changes we needed weren't released in a stable release yet. The cookbook should still be pinned. E.g. in |
# Problem Currently, if a certificate has a large number of alt-names in it, and one (or more) of them fail, the entire certificate is rejected. Unfortunately, there is no diagnostics returned to point out what has failed, only that something has. This makes it difficult to debug the problem from the server admin point of view. # Fix Adjust the block that triggers the fail so that it includes some additional information about what the failure is, and include it in the output
Adds a bit more information to authz failure
Fix 'satus' typo in cert creation ruby_block
fixes #51 As the ability to install DNS challenges into the infrastructure depends on the site, I implemented this in a way that allows cfookbook authores to specify how to supply this to the infrastructure using custom ruby blocks. There must be two blocks given to the resource if you want to use DNS validation: `install_authz_block` and `remove_authz_block` There is an example in the README explaining how to use this.
implement an interface to support DNS challenges
Signed-off-by: Robert Detjens <detjensrobert@osuosl.org>
Signed-off-by: Robert Detjens <detjensrobert@osuosl.org>
Since nginx 1.15, the ssl directive has been deprecated. See https://nginx.org/en/CHANGES
feat: Add Elliptic Curve (EC) Key Support for Certificates
Add missing default for ec_curve
Add support for short-lived IP certificates
`default` is not a valid profile name, though `classic` is. Update the default and allowed profile names from https://letsencrypt.org/docs/profiles/. Closes #150
Fix default profile name
As mentioned in https://letsencrypt.org/docs/profiles/: For the vast majority of Let's Encrypt subscribers, you should never have to worry about this: we automatically select the best profile for you, and ensure that it complies with all of the requirements and best practices that govern the Web PKI. This solves an issue where some servers don't appear to know what the `classic` profile is: ``` Acme::Client::Error::Malformed ------------------------------ Order includes unrecognized profile name "classic" ```
Allow nil profiles by default
…-selfsigned-certs Add EC Certificate Support to selfsigned Resource
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates our branch to the latest version. @jeroenj how do i update the live branch? Just create a PR with the metadatata.rb version update?