Update to dehydrated v0.4.0 to fix registering w/Let's Encrypt new terms

auto-ssl · Nov 17, 2017 · f33b7c6 · f33b7c6
1 parent 87d7699
commit f33b7c6
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 ROOT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 BUILD_DIR?=$(ROOT_DIR)/build
 
-DEHYDRATED_VERSION:=v0.3.1
+DEHYDRATED_VERSION:=v0.4.0
 LUA_RESTY_SHELL_VERSION:=955243d70506c21e7cc29f61d745d1a8a718994f
 SOCKPROC_VERSION:=fc8ad3f15a7b2cf2eaf39663b90010efc55e207c
 

diff --git a/README.md b/README.md
@@ -12,6 +12,8 @@ This OpenResty plugin automatically and transparently issues SSL certificates fr
 
 This uses the `ssl_certificate_by_lua` functionality in OpenResty 1.9.7.2+.
 
+By using lua-resty-auto-ssl to register SSL certificates with Let's Encrypt, you agree to the [Let's Encrypt Subscriber Agreement](https://letsencrypt.org/repository/).
+
 ## Status
 
 Used in production (but the internal APIs might still be in flux).

diff --git a/bin/letsencrypt_hooks b/bin/letsencrypt_hooks
@@ -9,7 +9,7 @@
 
 set -e -u
 
-function deploy_challenge {
+deploy_challenge() {
   local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
 
   curl --silent --show-error --fail -XPOST \
@@ -20,7 +20,7 @@ function deploy_challenge {
     "http://127.0.0.1:$HOOK_SERVER_PORT/deploy-challenge" || { echo "hook request (deploy_challenge) failed" 1>&2; exit 1; }
 }
 
-function clean_challenge {
+clean_challenge() {
   local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
 
   curl --silent --show-error --fail -XPOST \
@@ -31,7 +31,7 @@ function clean_challenge {
     "http://127.0.0.1:$HOOK_SERVER_PORT/clean-challenge" || { echo "hook request (clean_challenge) failed" 1>&2; exit 1; }
 }
 
-function deploy_cert {
+deploy_cert() {
   local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
 
   curl --silent --show-error --fail -XPOST \
@@ -43,8 +43,24 @@ function deploy_cert {
     "http://127.0.0.1:$HOOK_SERVER_PORT/deploy-cert" || { echo "hook request (deploy_cert) failed" 1>&2; exit 1; }
 }
 
-function unchanged_cert {
+unchanged_cert() {
   local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
 }
 
+invalid_challenge() {
+  local DOMAIN="${1}" RESPONSE="${2}"
+  echo "Invalid challenge: DOMAIN=${DOMAIN} RESPONSE=${RESPONSE}"
+  exit 1
+}
+
+request_failure() {
+  local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
+  echo "Failure: STATUSCODESTATUSCODE} REASON=${REASON} REQTYPE=${REQTYPE}"
+  exit 1
+}
+
+exit_hook() {
+  :
+}
+
 HANDLER=$1; shift; $HANDLER "$@"
diff --git a/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua b/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua
@@ -30,6 +30,7 @@ function _M.issue_cert(auto_ssl_instance, domain)
   local command = env_vars .. " " ..
     lua_root .. "/bin/resty-auto-ssl/dehydrated " ..
     "--cron " ..
+    "--accept-terms " ..
     "--no-lock " ..
     "--domain " .. domain .. " " ..
     "--challenge http-01 " ..