Lego version 0.4.0

CHANGELOG.md

@@ -1,5 +1,54 @@
 # Changelog
 
+## [0.4.0] - 2017-07-13
+
+### Added:
+- CLI: The `--http-timeout` switch. This allows for an override of the default client HTTP timeout.
+- lib: The `HTTPClient` field. This allows for an override of the default HTTP timeout for library HTTP requests.
+- CLI: The `--dns-timeout` switch. This allows for an override of the default DNS timeout for library DNS requests.
+- lib: The `DNSTimeout` switch. This allows for an override of the default client DNS timeout.
+- lib: The `QueryRegistration` function on `acme.Client`. This performs a POST on the client registration's URI and gets the updated registration info.
+- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
+- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
+- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
+- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
+- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
+- lib: Added a memcached provider for the HTTP challenge.
+- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
+- CLI: The `--must-staple` flag. This enables OCSP must staple in the generated CSR.
+- lib: The library will now honor entries in your resolv.conf.
+- lib: Added a field `IssuerCertificate` to the `CertificateResource` struct.
+- lib: A new DNS provider for OVH.
+- lib: A new DNS provider for DNSMadeEasy.
+- lib: A new DNS provider for Linode.
+- lib: A new DNS provider for AuroraDNS.
+- lib: A new DNS provider for NS1.
+- lib: A new DNS provider for Azure DNS.
+- lib: A new DNS provider for Rackspace DNS.
+- lib: A new DNS provider for Exoscale DNS.
+- lib: A new DNS provider for DNSPod.
+
+### Changed:
+- lib: Exported the `PreCheckDNS` field so library users can manage the DNS check in tests.
+- lib: The library will now skip challenge solving if a valid Authz already exists.
+
+### Removed:
+- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
+
+### Fixed:
+- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
+- lib: Loading an account from file should fail if a integral part is nil
+- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
+- lib: If a registration encounteres a conflict, the old registration is now recovered.
+- CLI: The account.json file no longer has the executable flag set.
+- lib: Made the client registration more robust in case of a 403 HTTP response.
+- lib: Fixed an issue with zone lookups when they have a CNAME in another zone.
+- lib: Fixed the lookup for the authoritative zone for Google Cloud.
+- lib: Fixed a race condition in the nonce store.
+- lib: The Google Cloud provider now removes old entries before trying to add new ones.
+- lib: Fixed a condition where we could stall due to an early error condition.
+- lib: Fixed an issue where Authz object could end up in an active state after an error condition.
+
 ## [0.3.1] - 2016-04-19
 
 ### Added:

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Sebastian Erhart
+Copyright (c) 2015-2017 Sebastian Erhart
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -80,32 +80,37 @@ NAME:
 
 USAGE:
    lego [global options] command [command options] [arguments...]
-   
+
 VERSION:
-   0.3.1
-   
+   0.4.0
+
 COMMANDS:
-   run		Register an account, then create and install a certificate
-   revoke	Revoke a certificate
-   renew	Renew a certificate
-   dnshelp	Shows additional help for the --dns global option
-   help, h	Shows a list of commands or help for one command
-   
+     run      Register an account, then create and install a certificate
+     revoke   Revoke a certificate
+     renew    Renew a certificate
+     dnshelp  Shows additional help for the --dns global option
+     help, h  Shows a list of commands or help for one command
+
 GLOBAL OPTIONS:
-   --domains, -d [--domains option --domains option]			Add domains to the process
-   --csr, -c                Certificate signing request filename, if an external CSR is to be used
-   --server, -s "https://acme-v01.api.letsencrypt.org/directory"	CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
-   --email, -m 								Email used for registration and recovery contact.
-   --accept-tos, -a							By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
-   --key-type, -k "rsa2048"						Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384
-   --path "${CWD}/.lego"	Directory to use for storing the data
-   --exclude, -x [--exclude option --exclude option]			Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
-   --webroot 								Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
-   --http 								Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
-   --tls 								Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
-   --dns 								Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
-   --help, -h								show help
-   --version, -v							print the version
+   --domains value, -d value   Add domains to the process
+   --csr value, -c value       Certificate signing request filename, if an external CSR is to be used
+   --server value, -s value    CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v01.api.letsencrypt.org/directory")
+   --email value, -m value     Email used for registration and recovery contact.
+   --accept-tos, -a            By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
+   --key-type value, -k value  Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048")
+   --path value                Directory to use for storing the data (default: "/.lego")
+   --exclude value, -x value   Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
+   --webroot value             Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
+   --memcached-host value      Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts.
+   --http value                Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
+   --tls value                 Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
+   --dns value                 Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
+   --http-timeout value        Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
+   --dns-timeout value         Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
+   --dns-resolvers value       Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use Google's DNS resolvers.
+   --pem                       Generate a .pem file by concatanating the .key and .crt files together.
+   --help, -h                  show help
+   --version, -v               print the version
 ```
 
 ##### CLI Example

cli.go

@@ -32,7 +32,7 @@ func main() {
 	app.Name = "lego"
 	app.Usage = "Let's Encrypt client written in Go"
 
-	version := "0.3.1"
+	version := "0.4.0"
 	if strings.HasPrefix(gittag, "v") {
 		version = gittag
 	}