![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / acme-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.42 / (download) - annotate - [select for diffs], Tue May 16 09:02:50 2023 UTC (12 months, 2 weeks ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.41: +11 -2 lines
Diff to previous 1.41 (colored)
since apparently, the "example" conf is not free-form (adding comments would break scripts, go figure), highlight the staging servers so that people with non-standard configurations (challenge/response) get a chance at figuring things out. okay tb@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Jan 21 18:46:21 2022 UTC (2 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.40: +3 -4 lines
Diff to previous 1.40 (colored)
the wrapped cron line is going to lose people
Revision 1.40 / (download) - annotate - [select for diffs], Fri Feb 12 14:20:15 2021 UTC (3 years, 3 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.39: +4 -3 lines
Diff to previous 1.39 (colored)
Xr to ssl(8) which has clues about EC key generation that are still useful to acme-client users.
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 2 19:04:21 2021 UTC (3 years, 4 months ago) by sthen
Branch: MAIN
Changes since 1.38: +4 -6 lines
Diff to previous 1.38 (colored)
If acme-client detects an added or removed SAN in the config file compared to the existing certificate on disk, automatically request a new certificate without requiring -F. (Previously the code using -F only coped with added SANs; if one was removed in config then the certificate needed manual removal vefore acme-client would work). Name checks for -r (revocation) are kept as-is for now.
Revision 1.38 / (download) - annotate - [select for diffs], Sat Dec 19 18:05:44 2020 UTC (3 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
remove extra s
Revision 1.37 / (download) - annotate - [select for diffs], Fri Dec 18 15:03:40 2020 UTC (3 years, 5 months ago) by solene
Branch: MAIN
Changes since 1.36: +5 -2 lines
Diff to previous 1.36 (colored)
Add details to -F flag If you add alternatives domain names to acme-client.conf, using -F is required to renew the certificate with the new names. ok jmc@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Nov 4 10:34:18 2020 UTC (3 years, 6 months ago) by denis
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
Back out last commit. Some devs are not convinced.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 2 20:30:41 2020 UTC (3 years, 6 months ago) by denis
Branch: MAIN
Changes since 1.34: +3 -3 lines
Diff to previous 1.34 (colored)
acme response challenge location to issue better error code Notified to me by jmc@ Diff by Matthias Pressfreund <mpfr @ fn de>, thanks
Revision 1.34 / (download) - annotate - [select for diffs], Sun May 10 12:06:18 2020 UTC (4 years ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.33: +7 -6 lines
Diff to previous 1.33 (colored)
Allow to have multiple domain ... {} sextions with the same domain
name, by adding a new (optional) config option "domain name".
This can be used to create a rsa and an ecdsa key for the same domain
name.
The old domain name in the 'title' line continues to be used as domain
name in the abscence of the domain name argument, i.e. the change is
backward compatible with current config files.
tested by sthen@
ok florian@ sthen@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Apr 15 03:24:08 2020 UTC (4 years, 1 month ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
Use the new random interval support in cron instead of a random sleep. The random intervals used can be adjusted as needed. OK deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Jun 15 17:06:44 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.31: +2 -9 lines
Diff to previous 1.31 (colored)
Remove bugs section. It is missleading to call (parts of) acme-client staying root a bug. Discussed with deraadt@ Non-RSA account keys are (probably) coming, so remove that as well while here.
Revision 1.31 / (download) - annotate - [select for diffs], Sat Jun 8 07:52:55 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.30: +4 -18 lines
Diff to previous 1.30 (colored)
Remove A and D flag, they are superfluous.
One could always use them on the command line and acme-client would do
the right thing.
Revision 1.30 / (download) - annotate - [select for diffs], Fri Jun 7 08:07:52 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.29: +8 -3 lines
Diff to previous 1.29 (colored)
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API. With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs. Tested by Renaud Allard and benno Input & OK benno
Revision 1.29 / (download) - annotate - [select for diffs], Sun Feb 3 20:39:35 2019 UTC (5 years, 3 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.28: +69 -47 lines
Diff to previous 1.28 (colored)
flesh this page out a bit to (hopefully) make it more helpful; sthen suggested adding a random sleep (like we do with spamd) for the example cron job; help/ok sthen benno florian
Revision 1.28 / (download) - annotate - [select for diffs], Wed Jan 30 21:15:14 2019 UTC (5 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
consistently talk about domain key; ok benno
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jan 8 18:36:17 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.26: +12 -8 lines
Diff to previous 1.26 (colored)
With the change to httpd the workflow got much simpler.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Aug 2 14:39:26 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
It's an "X.509 certificate" rather than a "TLS certificate". As pointed out by sthen@, TLS isn't the only possible use. From Ross L Richardson ok shten@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Aug 2 14:37:32 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.24: +4 -4 lines
Diff to previous 1.24 (colored)
its a X.509 certificate, consistency with acme-client.conf.5 From Ross L Richardson ok sthen@
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jun 13 15:08:24 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
Rename httpd.conf "root strip" option to "request strip". "root strip" was semantically incorrect and did cause some confusion as it never stripped the root but the client's request path. Discussed with many. Heads up: this is a grammar change that also affects acme-client(1) configurations (see current.html). OK claudio@
Revision 1.23 / (download) - annotate - [select for diffs], Tue Oct 17 22:47:58 2017 UTC (6 years, 7 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.22: +7 -2 lines
Diff to previous 1.22 (colored)
add missing HISTORY; based on CVS logs and release announcements
Revision 1.22 / (download) - annotate - [select for diffs], Wed Mar 22 11:14:14 2017 UTC (7 years, 2 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.21: +8 -4 lines
Diff to previous 1.21 (colored)
Improve manpage and config file to show the more common use case. from Nick Holland (nick AT holland-consulting DOT net) ok jmc@ florian@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Mar 20 15:45:14 2017 UTC (7 years, 2 months ago) by ajacoutot
Branch: MAIN
Changes since 1.20: +4 -12 lines
Diff to previous 1.20 (colored)
Simplify cron(8) job example. input from jmc@ ok tb@ deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jan 28 17:53:17 2017 UTC (7 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.19: +3 -5 lines
Diff to previous 1.19 (colored)
- -N got changed to -D - there is no Challenges section reported by michael reed
Revision 1.19 / (download) - annotate - [select for diffs], Sat Jan 21 15:53:15 2017 UTC (7 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.18: +8 -8 lines
Diff to previous 1.18 (colored)
tweak previous;
Revision 1.18 / (download) - annotate - [select for diffs], Sat Jan 21 09:05:31 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.17: +23 -25 lines
Diff to previous 1.17 (colored)
Improve Documentation ok florian
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jan 21 08:57:05 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)
see also acme-client.conf(5) suggested by millert and Raf Czlonka ok florian
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jan 21 08:52:30 2017 UTC (7 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.15: +2 -17 lines
Diff to previous 1.15 (colored)
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jan 21 08:47:21 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.14: +4 -2 lines
Diff to previous 1.14 (colored)
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration ok florian
Revision 1.14 / (download) - annotate - [select for diffs], Sat Jan 21 08:44:35 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key
N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jan 21 08:43:09 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.12: +2 -5 lines
Diff to previous 1.12 (colored)
acme-client use configuration file [2 of 5] - add challengedir option to config file - remove -C option from command line ok florian
Revision 1.12 / (download) - annotate - [select for diffs], Sat Jan 21 08:41:42 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.11: +8 -61 lines
Diff to previous 1.11 (colored)
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ...
-c certdir -> domain certificate "path"
-f accountkey -> account key "path"
-k domainkey -> domain key "path"
-s authority -> sign with "name"
new argument:
-f configfile
the changes needed to use the new configuration are local to main.c for now.
While the configuration could be passed directly to netproc(), keyproc() etc,
the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in
each domain {} block instead.
ok florian
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 15 20:44:24 2016 UTC (7 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.10: +18 -26 lines
Diff to previous 1.10 (colored)
more fat trimming;
Revision 1.10 / (download) - annotate - [select for diffs], Wed Sep 14 14:29:35 2016 UTC (7 years, 8 months ago) by tj
Branch: MAIN
Changes since 1.9: +18 -95 lines
Diff to previous 1.9 (colored)
move default file and directory locations to a new FILES section and trim some extraneous text. ok florian jmc deraadt
Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 13 03:10:05 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +3 -5 lines
Diff to previous 1.8 (colored)
chroot is not the reason this is run as root
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 6 06:21:45 2016 UTC (7 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.7: +9 -10 lines
Diff to previous 1.7 (colored)
some indent; from michael reed
Revision 1.7 / (download) - annotate - [select for diffs], Thu Sep 1 13:42:45 2016 UTC (7 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.6: +4 -2 lines
Diff to previous 1.6 (colored)
tidy up the list;
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 1 12:17:00 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.5: +16 -4 lines
Diff to previous 1.5 (colored)
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno. (Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 1 10:15:28 2016 UTC (7 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.4: +23 -27 lines
Diff to previous 1.4 (colored)
make the page more neutral, as suggested by deraadt; add STANDARDS, as suggested by florian; help/ok deraadt florian
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 1 08:45:58 2016 UTC (7 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.3: +66 -66 lines
Diff to previous 1.3 (colored)
various cleanup;
Revision 1.3 / (download) - annotate - [select for diffs], Wed Aug 31 23:44:58 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.2: +16 -0 lines
Diff to previous 1.2 (colored)
Bring in license for man page Kristaps just added upstream in commit 33c4b38b1db65097e4301e982c9cffcb8c3e648d.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Aug 31 22:08:20 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.1: +30 -79 lines
Diff to previous 1.1 (colored)
Some man page clean up: - make it more httpd centric - remove mkdir instructions, we create the directories by default - no 2nd person wording - remove commented out lines - add author
Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 31 22:05:57 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
oops, use correct filename