Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 09:37
    ldez commented #763
  • Jan 31 09:25
    securez commented #763
  • Jan 31 08:14
    lemass starred xenolf/lego
  • Jan 31 02:27
    alexkusuma starred xenolf/lego
  • Jan 30 15:57
    vchrisb edited #776
  • Jan 30 15:48
    bitterOrange starred xenolf/lego
  • Jan 30 15:05
    mzehrer starred xenolf/lego
  • Jan 30 14:45
    ldez commented #776
  • Jan 30 14:44
    ldez unlabeled #776
  • Jan 30 14:19
    vchrisb commented #776
  • Jan 30 13:00
    vchrisb synchronize #776
  • Jan 30 12:58
    ldez labeled #776
  • Jan 30 12:52
    vchrisb synchronize #776
  • Jan 30 12:43
    vchrisb synchronize #776
  • Jan 30 12:32
    ldez review_requested #776
  • Jan 30 12:32
    ldez unlabeled #776
  • Jan 30 12:31
    vchrisb synchronize #776
  • Jan 30 12:30
    ldez labeled #776
  • Jan 30 12:30
    ldez labeled #776
  • Jan 30 12:30
    ldez labeled #776
xenolf
@xenolf
Each authz (domain) is handled seperately
Marcus Ilgner
@milgner
interesting, that's good to hear. I'm not sure whether I'd really need it but it might make things easier
would I need to enhance the command line tool? Or does the order of arguments already control this?
Emile Vauge
@emilevauge
Hey @xenolf! Do you know if it's possible to do TLS mutual authentication with tls-sni-01 challenge ?
xenolf
@xenolf
@emilevauge Do you mean mutual authentication with the ACME endpoint?
Emile Vauge
@emilevauge
@xenolf I will explain my use case with in details: Traefik is using lego as ACME client, with tls-sni-01 challenge. During challenges, traefik is serving challenge certificates. I wonder if it's possible to use mutual authentication during those challenges, when let's encrypt is calling traefik to get challenge certificates.
In one word, I need to add Let's Encrypt client CA to traefik TLS server
xenolf
@xenolf
@emilevauge I don't think boulder sends a client certificate, if that's what you had in mind
Taco de Wolff
@tdewolff
@xenolf Do you think a new release is due? It's been almost a year ago that 0.3.1 was released
Alex Pilon
@MadMub
Hello, what is the status of this project? I have been trying to automate my server deployments with letsencrypt and found the defacto tool “certbot” to awkward to use. I would much prefer use lego especially with its Route 53 integration. Is it still not recommended to use this tool in production?
Matt Holt
@mholt
@MadMub That line exists mainly for liability reasons. I've been using lego in production for years, it's fine ;) Not perfect, but solid enough.
Alex Pilon
@MadMub
@mholt thanks matt
Alex Pilon
@MadMub
Hello, I am trying to use Lego to retrieve a SAN cert for say alex.test.com and blue.alex.test.com (I’m trying to do a blue/green deployment)
I specified both domains when using lego
lego —domains blue.alex.test.com —domains alex.test.com and the logs appear to indicate the process worked
oh hang on...
haha it all worked…..
wow
just took a really long time for my CNAME to propagate
thats amazing it all worked first try then!
Never mind!
Alex Pilon
@MadMub

Hello, I’m back again. currently I have a subdomain CNAME’d to another subdomain like so

alex.test.com —> v727.alex.test.com

When I used lego with the DNS challenge (my only option unfortunately), with route53 it appears to be following the CNAME when picking the hosted zone to place the _acme-challenge txt record. Since the hosted zone is v727.alex.test.com attempting to place _acme-challenge.alex.test.com is invalid. Is there anyway to force lego to a particular hosted zone? Instead of it looking it up

Alex Pilon
@MadMub
I think if the hosted zone it attempted to use was my “top level one” then lego would work
just read the source code and I think I can force it’s hand with AWS_HOSTED_ZONE_ID
Alex Pilon
@MadMub
I’m not sure that the PR adding that support actually works?
xenolf/lego#345
xenolf
@xenolf
@MadMub my guess is as good as yours on that one. I'm not using route53 myself.
Alex Pilon
@MadMub
i found the issue
I had brew installed lego!
and forgot
and had checked out master with go get -u
basically I’m a fool
adeslade
@adeslade
Hi all, trying out the acmev2 branch and just keeping getting EOF when registering an account
adeslade
@adeslade
Seems there is something up with the staging endpoint? the production one works fine
adeslade
@adeslade
scrap that, production one EOFs too
Daniel Albuschat
@daniel-kun
Hello there! First, thanks to all contributors of lego - great work! I'd like to use it as a Go library to implement a google dns challenge. However, from the API docs it is not clear to me how the flow of function calls should look like, and where/how to get the required data for all parameters. Is there some documentation on how to use lego as a library that I can use as a kick-start?
adeslade
@adeslade
Hi @daniel-kun, are you wanting to use v1 or v2? I have some sample code that works for v2. For v1 there is a complete example in the README.
Daniel Albuschat
@daniel-kun
Thanks @adeslade. I need DNS challenge with Google cloud DNS. Does that require v2?
adeslade
@adeslade
I'm pretty sure v1 supports that too.
The README sample is for http but I can provide an example that uses the DNS challenge.
Daniel Albuschat
@daniel-kun
I guess I'll need to do a SetChallengeProvider() and skip Set{HTTP,TLS}Address()
Lu K
@pachobo16_twitter
Hi! I'm new here. I try to use acmev2 with the staging server but I have EOF error when registering an account. Any idea why ? When I use the boulder everything is ok. It seems to be the same error as @adeslade
Ju
@avenetj
Hey anyone ever had trouble with generating certs with lego in a vpc aws with route53
Ju
@avenetj
I've tried to set up following this link : https://github.com/xenolf/lego#dns-challenge-api-details
But I'm not sure I've done it right.
2018/10/10 09:52:25 [INFO] [www.kiwi.ki] acme: Could not find solver for: tls-alpn-01
2018/10/10 09:52:25 [INFO] [www.kiwi.ki] acme: Could not find solver for: http-01
2018/10/10 09:52:25 [INFO] [jira.kiwi.ki] acme: Could not find solver for: tls-alpn-01
2018/10/10 09:52:26 Could not obtain certificates
    acme: Error -> One or more domains had a problem:
[www.kiwi.ki] error presenting token: cloudflare: failed to find zone kiwi.ki.: Zone could not be found
Ju
@avenetj
I also didn't really get the dns challenge role policy :/
renothing
@renothing
2019/02/22 17:50:09 [INFO] [xxx.com] acme: use tls-alpn-01 solver
2019/02/22 17:50:09 [INFO] [xxx.com] acme: Trying to solve TLS-ALPN-01
2019/02/22 17:50:15 Could not obtain certificates:
        acme: Error -> One or more domains had a problem:
[xxx.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url:
hi ,anybody know why it's always 400 error when I use tls mode ?
Frank Enderle
@fenderle
Is it possible that the --http.port option doesn't work at all?
Frank Enderle
@fenderle
I now used the 1.2.1 version - no problem with changing the http port there