There are quite a few bugfixes in the version of the ACME package in
master, and the old version in 18.06 have some issues as seen in #10328.
This commit ports over all changes from the master branch in one go.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
The new procd config dependency tracking requires the start method to be
called even on boot. So add a state file that is checked by the run script
to condition the special-case boot run instead of the previous independent
call to the run script.
Ref: https://github.com/openwrt/luci/pull/1769
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
As acme.sh has releases, switch to using those. Update the version accordingly.
Also rearranged some stuff in the hope that uscan will start tracking releases instead of git commits. Makefile is more simple as a result.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
fixes webroot to be defined as
_currentRoot='/www'
instead of being interpreted as
_currentRoot='"/www"'
Signed-off-by: Aleksei Nosachev <nos1609@hotmail.com>
For configurations where another web server is running on port 80, running
acme.sh in standalone mode fails. Try to detect this and refuse to run; and
allow the user to configure a webroot directory to use the running webserver for
certificate verification.
This also updates acme.sh to the latest version.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.
Signed-off-by: Daniel Halmschlager <da@halms.at>
This updates to the latest git version of acme.sh and drops the patch to
disable timestamps from the output (since that is now supported
upstream).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This version handles transitioning from a previous certificate that was
issues using the staging server, adds more debug logging, and handles
state directories better if issuing fails.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This version will use the standalone (netcat) mode of acme.sh during
verification instead of exposing uhttpd to the internet for the duration
of the verification. It will also add an ip6tables rule to also support
verification over IPv6.
Also contains an updated version of acme.sh.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This adds a package wrapping the acme.sh script from
https://github.com/Neilpang/acme.sh in Uci config and hooks to interact
correctly with uhttpd.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Yousong Zhou