Evgeniy Khramtsov
49c4aa238f
Change file mode of ACME certficates
2017-11-19 10:10:21 +03:00
Evgeniy Khramtsov
e709d6561c
Re-read ACME certificates on config reload
2017-11-19 09:56:05 +03:00
Evgeniy Khramtsov
f06805534c
Fix renew_certificates ejabberdctl command
...
Thanks to Konstantinos Kallas
2017-11-17 18:37:49 +03:00
Evgeniy Khramtsov
4f12359b9c
Don't forget to include intermediate ACME certificate
...
Thanks to Konstantinos Kallas
2017-11-17 17:17:19 +03:00
Evgeniy Khramtsov
f599c2ef82
Fix ACME options validation
2017-11-17 15:55:33 +03:00
Evgeniy Khramtsov
224a3e13c9
Improve ACME options validation
2017-11-17 13:06:04 +03:00
Evgeniy Khramtsov
4835537776
Move ejabberdctl ACME commands to other location
2017-11-17 12:50:27 +03:00
Evgeniy Khramtsov
ce98226603
Make ACME code working with ejabberd_pkix
2017-11-17 11:59:40 +03:00
Evgeniy Khramtsov
b04c6b7d75
Merge branch 'lets_encrypt_acme_support' of git://github.com/angelhof/ejabberd into angelhof-lets_encrypt_acme_support
...
Conflicts:
rebar.config
src/ejabberd_pkix.erl
2017-11-15 10:01:30 +03:00
Konstantinos Kallas
ce99db0595
Explain what is needed for the acme configuration and other small changes
...
1. Add a request handler in ejabberd_http and explain how to configure the http listener so that the challenges can be solved.
2. Make acme configuration optional by providing defaults in ejabberd_acme.
3. Save the CA that the account has been created in so that it creates a new account when connecting to a new CA.
4. Small spec change in acme configuration.
2017-11-14 14:12:33 +02:00
Konstantinos Kallas
f55a8d045d
Solve Travis build xref problem
...
Travis build failed on xref because some functions that I used did not exist in OTP versions 17.5, 18.3
Those functions are: ets:take/2, lists:join/2, erlang:timestamp/0.
2017-09-06 18:10:38 +03:00
Konstantinos Kallas
80b44d8c15
Remove some unused variable warnings, replace lists:join with string join
2017-08-25 12:08:16 +03:00
Konstantinos Kallas
62903155fd
Show SANs in list_Certificates
2017-08-22 14:44:19 +03:00
Konstantinos Kallas
25ca6e5582
Acquire certificates for all subdomains of a host and include them in SAN
2017-08-22 13:36:34 +03:00
Konstantinos Kallas
10f7b5a548
Remove partial RSA key support
2017-08-22 10:25:37 +03:00
Konstantinos Kallas
f2876bdad7
Add certfile when acquired
2017-08-22 10:12:42 +03:00
Konstantinos Kallas
9b3e160e18
Remove some debugging INFO_MSGs
2017-08-19 17:47:05 +03:00
Konstantinos Kallas
15dd88385f
Delete a development acme module
2017-08-19 16:58:06 +03:00
Konstantinos Kallas
dd42d52ff9
Merge remove_account_option branch
2017-08-19 13:36:42 +03:00
Konstantinos Kallas
e45f7ddfec
Cleanup some comments:
2017-08-19 13:32:13 +03:00
Konstantinos Kallas
7cc7b74f1e
Add acme certificates for all configured hosts in ejabberd_pkix
2017-08-19 12:50:40 +03:00
Konstantinos Kallas
ddfe8742c7
Add behaviour ejabberd_config in ejabberd_acme in order to validate the config
2017-08-19 11:35:15 +03:00
Konstantinos Kallas
051e2c639c
Change some specs
2017-08-12 18:00:46 +03:00
Konstantinos Kallas
a72a7f830a
Add support to revoke a certificate by providing the pem
...
This is important so that a user can revoke a certificate that is not acquired or logged from our acme client
2017-08-12 17:14:23 +03:00
Konstantinos Kallas
73f0b6707a
Move the ca_url to the config file
2017-08-12 15:59:54 +03:00
Konstantinos Kallas
1aadb797b3
Remove the new account option from get certificate. There is no reason for having this
2017-08-11 14:10:55 +03:00
Konstantinos Kallas
7140c8d844
Format expired certificates differently in list_certificates
2017-08-11 13:28:17 +03:00
Konstantinos Kallas
2b1fea01cd
Renew certificate now renews all saved certificates that are close to expire
...
Before this commit renew_certificate only checked the hosts in the config file and renewd the certificates for those. However the user can request certificates apart from the hosts in the config file so he should be able to also renew them.
2017-08-10 18:54:26 +03:00
Konstantinos Kallas
c20bfb3422
Revoke Certificate: Jose Private Key
...
Instead of signing the jose object with the account private key, it now signs the object using the certificate private key. This is useful in case the user wants to revoke a old certificate whose account key doesn't exist anymore.
2017-08-10 17:23:13 +03:00
Konstantinos Kallas
011b7ac3f2
Support getting certificates for domains not specified in the configuration file
2017-08-10 15:26:35 +03:00
Konstantinos Kallas
97a4d57f2e
Remove some debugging functions
2017-08-08 18:00:37 +03:00
Konstantinos Kallas
9756b452d6
Implement renew_certificate command
...
This command renews the certificates for all domains that already have a certificate that has expired or is close to expiring. It is meant to be run automatically more often than the renewal process because if the certificates are valid nothing happens
2017-08-08 16:38:19 +03:00
Konstantinos Kallas
7fa9a387ae
Try catch when formatting certificates
2017-08-08 12:45:57 +03:00
Konstantinos Kallas
48254a1e10
Change certificate notAfter to 90 days
...
As stated in Let's Encrypt FAQ: https://letsencrypt.org/docs/faq/
2017-08-08 12:23:13 +03:00
Konstantinos Kallas
e6e8e64f84
Improve return format of get_certificates command
2017-08-02 21:10:49 +03:00
Konstantinos Kallas
ac7105d39e
Implement verbose list_certificates option
2017-08-02 19:36:11 +03:00
Konstantinos Kallas
3abe3aeeec
Finish revoke_certificate and add specs
...
1. Add a try catch in the final revoke_certificate function
2. Also delete the certificate from persistent memory when it is done revoked
2017-07-29 19:10:06 +03:00
Konstantinos Kallas
cc6f4b90fb
Support certificate revocation
2017-07-27 18:25:44 +03:00
Konstantinos Kallas
92e38190aa
Encode strings using a library function and not my custom made
2017-07-25 14:13:40 +03:00
Konstantinos Kallas
09918b5912
Add a try catch arounf list certificates
2017-07-23 21:47:22 +03:00
Konstantinos Kallas
9ce1f12b66
Pretty print list-certificates
2017-07-18 13:28:44 +03:00
Konstantinos Kallas
2e18122cd9
Print validity in list-certificates
2017-07-17 13:40:53 +03:00
Konstantinos Kallas
8fe551cc68
Add a stub for the list-certificates command
2017-07-17 11:39:27 +03:00
Konstantinos Kallas
09c3496ff1
Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations
2017-07-17 10:48:57 +03:00
Konstantinos Kallas
fa3108e6e2
Save acquired certificates in persistent storage
2017-07-17 10:42:09 +03:00
Konstantinos Kallas
9cf596c67b
Change the persistent data structure from a record to a proplist
...
This is done so that possible future updates to the data structure don't break existing code.
With this change it will be possible to update the data structure and keep the same old persistent data file, which will still have the expected list format but with more properties
2017-07-17 09:59:38 +03:00
Konstantinos Kallas
478a12637d
Separate the persistent data structure functions
2017-07-17 09:40:36 +03:00
Konstantinos Kallas
4d977535f2
Make some persistent data wrapper functions
2017-07-17 09:35:37 +03:00
Konstantinos Kallas
77a96b0ec6
Solve acme challenges using built in http server
2017-07-12 19:23:52 +03:00
Konstantinos Kallas
5199ede4a2
Changle acme file permissions
...
Also changed some specs
2017-07-11 11:11:00 +03:00