openwrt-packages-dist

46 MiB

Author	SHA1	Message	Date
Leonardo Mörlein	24ddf22073	uacme: add retries Prior to this commit, the acme service attempted to obtain certificates once and then terminated, regardless of whether the certificate could be obtained or not. This commit introduces a new uci option "retries" to the "certificate" section. If this option is set to N, the acme service will attempt to obtain the certificate up to N times before terminating. There is a waiting pause between the retries to comply with the rate limits of Let'sEncrypt. The waiting pause is: - 2 minutes for staging certificates - 24 minutes for production certificates The current "Failed Validation" rate limits of Let'sEncrypt are: - staging: 60 per hour -> 1 failure every 1 minute in avg. - production: 5 per hour -> 1 failure every 12 minutes in avg. This means that we are within rate limits by a factor of two. By default the option "retries" is set to "1", which means that acme behaves as before by default. If the variable is set to "0", infinite retries are performed. This feature is helpful, when you already want to initiate the certificate request, but you are still waiting for your dns server to be configured, your network to appear or other conditions. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>	4 years ago
Leonardo Mörlein	9a6c2339b0	uacme: propagate rc of uacme in issue_cert() Before this commit, issue_cert always returned 1 no matter if uacme returned 1, 2, 3, ... With this commit, the return code of the uacme binary is propagated. Therefore the caller of issue_cert can differentiate between "no renew necessary" and "an error occurred". Signed-off-by: Leonardo Mörlein <me@irrelefant.net>	4 years ago
Leonardo Mörlein	4588a61652	uacme: allow including run-uacme With this commit, the run-acme script can be included into other scripts by setting INLCUDE_ONLY=1. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>	4 years ago
Peter Stadler	36576c4c63	uacme: adopt to new behavior of nginx Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>	4 years ago
Antti Seppälä	cf6027f0b0	uacme: add support for user-provided setup and cleanup scripts Add possibility for user to provide setup and cleanup scripts for additional flexibility. Setup-script takes precedence over the built-in behavior of uacme. This helps users with more complex use-cases to utilize uacme to update certificates without adding complexity to the provided run.sh script. Signed-off-by: Antti Seppälä <a.seppala@gmail.com>	5 years ago
Lucian Cristian	cb81ac1e06	uacme: add package lightweight client for the RFC8555 ACMEv2 protocol, written in plain C code with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS). Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>	5 years ago

6 Commits (57a77386de7dda12f60bf3021efcde7f059833c8)