letsencrypt/acme client implemented as a shell-script
https://github.com/lukas2511/dehydrated
A client for signing certificates with an ACME-server (currently only provided by letsencrypt) implemented as a relatively simple bash-script.
It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp (all found on almost any system, curl being the only exception)
Current features:
* Signing of a list of domains
* Signing of a CSR
* Renewal if a certificate is about to expire or SAN (subdomains) changed
* Certificate revocation
- Developed at security:dehydrated
- Sources inherited from project openSUSE:Factory
-
3
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:seife:Factory/dehydrated && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
README.Fedora | 0000000163 163 Bytes | |
README.hooks | 0000000223 223 Bytes | |
README.maintainer | 0000006272 6.13 KB | |
acme-challenge.conf.apache.in | 0000000327 327 Bytes | |
acme-challenge.conf.nginx.in | 0000000528 528 Bytes | |
dehydrated-0.7.0.tar.gz | 0000086574 84.5 KB | |
dehydrated-0.7.0.tar.gz.asc | 0000000488 488 Bytes | |
dehydrated-rpmlintrc | 0000000048 48 Bytes | |
dehydrated.changes | 0000017439 17 KB | |
dehydrated.cron.in | 0000000249 249 Bytes | |
dehydrated.keyring | 0000002353 2.3 KB | |
dehydrated.service.in | 0000000420 420 Bytes | |
dehydrated.spec | 0000009409 9.19 KB | |
dehydrated.timer | 0000000168 168 Bytes | |
dehydrated.tmpfiles.d | 0000000135 135 Bytes |
Revision 20 (latest revision is 27)
Dominique Leuenberger (dimstar_suse)
accepted
request 854627
from
Daniel Molkentin (dmolkentin)
(revision 20)
- Update to dehydrated 0.7.0 (JSC#SLE-15909) Added Support for external account bindings Special support for ZeroSSL Support presets for some CAs instead of requiring URLs Allow requesting preferred chain (--preferred-chain) Added method to show CAs current terms of service (--display-terms) Allow setting path to domains.txt using cli arguments (--domains-txt) Added new cli command --cleanupdelete which deletes old files instead of archiving them Fixed No more silent failures on broken hook-scripts Better error-handling with KEEP_GOING enabled Check actual order status instead of assuming it's valid Don't include keyAuthorization in challenge validation (RFC compliance) Changed Using EC secp384r1 as default certificate type Use JSON.sh to parse JSON Use account URL instead of account ID (RFC compliance) Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options Cleanup now also removes dangling symlinks
Comments 0