-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace simp_le with acme.sh #719
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As much as possible, output to stdout on error condition only in order to reduce the need for expected-std-out.txt
This might be a race condition
Closed
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR replaces the ACME client used inside the container (
simp_le
) byacme.sh
.This is a pretty significant change and will mark the second major version of this project (
v2.0.0
release).Changes and design choices where discussed in #510
The most important, not backward compatible change is that
acme.sh
relies on configuration files to work (unlikesimp_le
). This means that a Docker volume now has to be mounted to/etc/acme.sh
in order to persistacme.sh
configuration.acme.sh
also handle the ACME accounts differently thansimp_le
and the following choices were made with @pini-gh:Use one
acme.sh
configuration directory (--config-home
) per account email address.Each
acme.sh
configuration directory can hold several accounts on different ACME service providers. But only one per service provider.The
default
configuration directory holds the configuration for empty account email address.When in Let's Encrypt staging mode (
LETSENCRYPT_TEST=true
):ACME_CA_URI
is ignored)DEFAULT_EMAIL
andLETSENCRYPT_EMAIL
are ignored)This PR also update the base Alpine image to 3.12, enable ECDSA private keys (close #376), fix #638 and support the
--preferred-chain
option ofacme.sh
(close #695). The tests were reworked to rely as little as possible on pre-generated expected output, which should make writing new tests a bit easier.Finally, this PR makes
letsencrypt-nginx-proxy-companion
compatible with Zero SSL using EAB, a Zero SSL developer API key or a simple email address.Thank to @pini-gh for his contributions to this PR and to @henriquebastos for the intermediary image size reduction I borrowed from his fork.