- 18 Feb, 2016 1 commit
-
-
Matthew Holt authored
It was implemented for almost a year but we'll probably never use it, especially since we'll match more than the path in the future.
-
- 17 Feb, 2016 1 commit
-
-
Matthew Holt authored
-
- 16 Feb, 2016 1 commit
-
-
Matthew Holt authored
Now attempt to staple OCSP even for certs that don't have an existing staple (issue #605). "tls off" short-circuits tls setup function. Now we call getEmail() when setting up an acme.Client that does renewals, rather than making a new account with empty email address. Check certificate expiry every 12 hours, and OCSP every hour.
-
- 15 Feb, 2016 1 commit
-
-
Matt Holt authored
Rotate process log
-
- 14 Feb, 2016 1 commit
-
-
Matthew Holt authored
-
- 12 Feb, 2016 2 commits
-
-
Matthew Holt authored
This fixes a regression introduced in recent commits that enabled TLS on the default ":2015" config. This fix is possible because On-Demand TLS is no longer implicit; it must be explicitly enabled by the user by setting a maximum number of certificates to issue.
-
Jacob Hands authored
-
- 11 Feb, 2016 6 commits
-
-
Matthew Holt authored
Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
-
Matthew Holt authored
If Caddy is running but not listening on port 80, reloading Caddy with a new Caddyfile that needs to obtain a TLS cert from the CA would fail, because it was just assumed that, if reloading, port 80 as already in use. That is not always the case, so we scan the servers to see if one of them is listening on port 80, and we configure the ACME client accordingly. Kind of a hack... but it works.
-
Matthew Holt authored
After 10 certificates are issued, no new certificate requests are allowed for 10 minutes after a successful issuance.
-
Matthew Holt authored
-
Matthew Holt authored
-
Matthew Holt authored
Biggest change is no longer using standard library's tls.Config.getCertificate function to get a certificate during TLS handshake. Implemented our own cache which can be changed dynamically at runtime, even during TLS handshakes. As such, restarts are no longer required after certificate renewals or OCSP updates. We also allow loading multiple certificates and keys per host, even by specifying a directory (tls got a new 'load' command for that). Renamed the letsencrypt package to https in a gradual effort to become more generic; and https is more fitting for what the package does now. There are still some known bugs, e.g. reloading where a new certificate is required but port 80 isn't currently listening, will cause the challenge to fail. There's still plenty of cleanup to do and tests to write. It is especially confusing right now how we enable "on-demand" TLS during setup and keep track of that. But this change should basically work so far.
-
- 10 Feb, 2016 4 commits
-
-
Matt Holt authored
proxy: Support unix sockets
-
eiszfuchs authored
-
Matt Holt authored
fastcgi: New function DialWithDialer to create FCGIClient with custom Dialer.
-
Vadim Petrov authored
-
- 05 Feb, 2016 2 commits
-
-
Matt Holt authored
Making directives externally registerable
-
Craig Peterson authored
-
- 04 Feb, 2016 7 commits
-
-
Matt Holt authored
templates: Add .Markdown directive
-
Miek Gieben authored
This allows any template to use: {{.Markdown "filename"}} which will convert the markdown contents of filename to HTML and then include the HTML in the template.
-
Matt Holt authored
markdown: enable definition lists
-
Matt Holt authored
When the requested host is not found, log the remote host.
-
Miek Gieben authored
-
David Darrell authored
-
David Darrell authored
-
- 01 Feb, 2016 5 commits
-
-
Matt Holt authored
letsencrypt: properly retrieve hostname from request.
-
Matt Holt authored
fastcgi: IPv6 when parsing r.RemoteAddr
-
Abiola Ibrahim authored
basicauth: fixed 'go vet' printing function value
-
MathiasB authored
-
MathiasB authored
-
- 31 Jan, 2016 1 commit
-
-
Matthew Holt authored
-
- 30 Jan, 2016 1 commit
-
-
Den Quixote authored
-
- 29 Jan, 2016 1 commit
-
-
MathiasB authored
More tests are needed for the other environmental variables. These tests were specifically made for testing of IP addresses.
-
- 28 Jan, 2016 3 commits
-
-
MathiasB authored
-
Matt Holt authored
fastcgi: Parse address from fastcgi directive, pass results to Dial()
-
Kevin Bowrin authored
This allows scheme prefixes "tcp://" and "fastcgi://" in configuration. Fixes #540
-
- 27 Jan, 2016 2 commits
-
-
Matt Holt authored
wrap lines to 80
-
jungle-boogie authored
also update copyright year.
-
- 26 Jan, 2016 1 commit
-
-
Matthew Holt authored
-