From f33b7c625bb8003995876aeb9a492b283c47d07e Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Fri, 17 Nov 2017 08:42:34 -0700 Subject: [PATCH] Update to dehydrated v0.4.0 to fix registering w/Let's Encrypt new terms --- Makefile | 2 +- README.md | 2 ++ bin/letsencrypt_hooks | 24 +++++++++++++++---- .../auto-ssl/ssl_providers/lets_encrypt.lua | 1 + 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 134eb57..b1c1a6f 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ ROOT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) BUILD_DIR?=$(ROOT_DIR)/build -DEHYDRATED_VERSION:=v0.3.1 +DEHYDRATED_VERSION:=v0.4.0 LUA_RESTY_SHELL_VERSION:=955243d70506c21e7cc29f61d745d1a8a718994f SOCKPROC_VERSION:=fc8ad3f15a7b2cf2eaf39663b90010efc55e207c diff --git a/README.md b/README.md index 80be4ca..1c2613e 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ This OpenResty plugin automatically and transparently issues SSL certificates fr This uses the `ssl_certificate_by_lua` functionality in OpenResty 1.9.7.2+. +By using lua-resty-auto-ssl to register SSL certificates with Let's Encrypt, you agree to the [Let's Encrypt Subscriber Agreement](https://letsencrypt.org/repository/). + ## Status Used in production (but the internal APIs might still be in flux). diff --git a/bin/letsencrypt_hooks b/bin/letsencrypt_hooks index 914ab1b..626832e 100755 --- a/bin/letsencrypt_hooks +++ b/bin/letsencrypt_hooks @@ -9,7 +9,7 @@ set -e -u -function deploy_challenge { +deploy_challenge() { local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" curl --silent --show-error --fail -XPOST \ @@ -20,7 +20,7 @@ function deploy_challenge { "http://127.0.0.1:$HOOK_SERVER_PORT/deploy-challenge" || { echo "hook request (deploy_challenge) failed" 1>&2; exit 1; } } -function clean_challenge { +clean_challenge() { local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" curl --silent --show-error --fail -XPOST \ @@ -31,7 +31,7 @@ function clean_challenge { "http://127.0.0.1:$HOOK_SERVER_PORT/clean-challenge" || { echo "hook request (clean_challenge) failed" 1>&2; exit 1; } } -function deploy_cert { +deploy_cert() { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}" curl --silent --show-error --fail -XPOST \ @@ -43,8 +43,24 @@ function deploy_cert { "http://127.0.0.1:$HOOK_SERVER_PORT/deploy-cert" || { echo "hook request (deploy_cert) failed" 1>&2; exit 1; } } -function unchanged_cert { +unchanged_cert() { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" } +invalid_challenge() { + local DOMAIN="${1}" RESPONSE="${2}" + echo "Invalid challenge: DOMAIN=${DOMAIN} RESPONSE=${RESPONSE}" + exit 1 +} + +request_failure() { + local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" + echo "Failure: STATUSCODESTATUSCODE} REASON=${REASON} REQTYPE=${REQTYPE}" + exit 1 +} + +exit_hook() { + : +} + HANDLER=$1; shift; $HANDLER "$@" diff --git a/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua b/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua index 0373480..552c0b2 100644 --- a/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua +++ b/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua @@ -30,6 +30,7 @@ function _M.issue_cert(auto_ssl_instance, domain) local command = env_vars .. " " .. lua_root .. "/bin/resty-auto-ssl/dehydrated " .. "--cron " .. + "--accept-terms " .. "--no-lock " .. "--domain " .. domain .. " " .. "--challenge http-01 " ..