Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security/acme-client: feature & bugfix release #71

Merged
merged 11 commits into from
Feb 7, 2017
Merged

security/acme-client: feature & bugfix release #71

merged 11 commits into from
Feb 7, 2017

Conversation

fraenki
Copy link
Member

@fraenki fraenki commented Feb 5, 2017
edited
Loading

New features

  • Full integration with our HAProxy plugin (automatically injects configuration)
  • Support for restart actions (pre-defined, configd commands and custom commands)

Bugfixes

  • Fix for acme-client: DNS-01/nsupdate: doesn't allow FQDN in the name #70: relax field validations for many input fields (name, description, altNames)
  • Fix search fields
  • Fix forceful re-issue of certificates (required if altNames was changed)
  • Fix DNS-01 ISPconfig option (should be a checkbox)
  • Respect if an item is disabled
  • Do not expose lighttpd version
  • Improve some help messages

HAProxy Integration: Quick Start Guide

1. Enable HAProxy Integration

And don't forget to click the "Apply" button... :-)

le000

2. Configure Validation Method

le001

Be sure to select your HAProxy frontends:

le002

3. Configure Restart Action

le003

4. Configure Certificate

Now select the "validation method" and "restart action" for your certificate:
le004

@fraenki fraenki mentioned this pull request Feb 5, 2017
Closed
@fraenki fraenki changed the title [WIP] DO NOT MERGE! security/acme-client: feature & bugfix release security/acme-client: feature & bugfix release Feb 5, 2017
@fraenki
Copy link
Member Author

fraenki commented Feb 5, 2017

@fitch: The new HAProxy integration requires the new dependency (a725776). Any objections?

@fichtner
Copy link
Member

fichtner commented Feb 6, 2017

erm, yes... this doesn't look good, because it will also pull in haproxy and lua. where's the friction in the code between haproxy installed and not installed?

@fraenki
Copy link
Member Author

fraenki commented Feb 6, 2017

@fichtner Currently there is nothing in the code to handle an absent haproxy plugin. It assumes that HAProxy is just there. Is there a command in the backend available to query the currently installed packages?

@fichtner
Copy link
Member

fichtner commented Feb 6, 2017

@fraenki we'll have to add it if not there, let's talk this afternoon about how

@fraenki
Copy link
Member Author

fraenki commented Feb 6, 2017

@fichtner I've removed the hardcoded dependency to our HAProxy plugin and disable HAProxy integration by default now.

@fichtner fichtner self-assigned this Feb 6, 2017
@fraenki
Copy link
Member Author

fraenki commented Feb 7, 2017

@fichtner I've added two more bugfixes. I promise these are the last ones for this release. :)

@fichtner fichtner merged commit b932806 into opnsense:master Feb 7, 2017
@fichtner
Copy link
Member

fichtner commented Feb 7, 2017

Merged,thanks! :)

@lrosenman
Copy link

Fixed my issue, and we're happily using LE cert for the FW. (#70)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@fichtner fichtner

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fraenki @fichtner @lrosenman