diff --git a/CHANGELOG.md b/CHANGELOG.md index d9957df4..77ff2ba8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2. - **[dnsprovider]** azure: Allow for the use of MSI - **[dnsprovider]** constellix: improve challenge. - **[dnsprovider]** godaddy: allow parallel solve. -- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created +- **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created - **[dnsprovider]** transip: updated the client to v6 ### Fixed: @@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2. ## [v3.0.1] - 2019-08-14 -There was a problem when creating the tag v3.0.1, this tag has been invalidate. +There was a problem when creating the tag v3.0.1, this tag has been invalidated. ## [v3.0.0] - 2019-08-05 @@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate. - lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client. - lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR. - CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line. -- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together. +- CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together. - CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup. - lib: Added a memcached provider for the HTTP challenge. - CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage. @@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate. - lib: The library will now skip challenge solving if a valid Authz already exists. ### Removed: -- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder. +- lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder. ### Fixed: - lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone. -- lib: Loading an account from file should fail if a integral part is nil +- lib: Loading an account from file should fail if an integral part is nil - lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone. - lib: If a registration encounteres a conflict, the old registration is now recovered. - CLI: The account.json file no longer has the executable flag set. @@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate. ### Changed: - lib: NewClient does no longer accept the optPort parameter -- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain. +- lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain. - lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status. - lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates. - lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4f46d5b7..a0005cff 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel - Use the issue search to see if the issue has already been reported. - Also look for closed issues to see if your issue has already been fixed. -- If both of the above do not apply create a new issue and include as much information as possible. +- If both of the above do not apply, create a new issue and include as much information as possible. Bug reports should include all information a person could need to reproduce your problem without the need to follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour. diff --git a/acme/api/internal/nonces/nonce_manager.go b/acme/api/internal/nonces/nonce_manager.go index 154cc5ea..d089cf07 100644 --- a/acme/api/internal/nonces/nonce_manager.go +++ b/acme/api/internal/nonces/nonce_manager.go @@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) { return GetFromResponse(resp) } -// GetFromResponse Extracts a nonce from a HTTP response. +// GetFromResponse Extracts a nonce from an HTTP response. func GetFromResponse(resp *http.Response) (string, error) { if resp == nil { return "", errors.New("nil response") diff --git a/acme/commons.go b/acme/commons.go index 99a0da0f..03b5db6d 100644 --- a/acme/commons.go +++ b/acme/commons.go @@ -71,12 +71,12 @@ type Meta struct { // externalAccountRequired (optional, boolean): // If this field is present and set to "true", - // then the CA requires that all new- account requests include an "externalAccountBinding" field + // then the CA requires that all new-account requests include an "externalAccountBinding" field // associating the new account with an external account. ExternalAccountRequired bool `json:"externalAccountRequired"` } -// ExtendedAccount a extended Account. +// ExtendedAccount an extended Account. type ExtendedAccount struct { Account // Contains the value of the response header `Location` @@ -91,7 +91,7 @@ type Account struct { // The status of this account. // Possible values are: "valid", "deactivated", and "revoked". // The value "deactivated" should be used to indicate client-initiated deactivation - // whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6) + // whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6) Status string `json:"status,omitempty"` // contact (optional, array of string): @@ -321,7 +321,7 @@ type RenewalInfoResponse struct { // SuggestedWindow contains two fields, start and end, // whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate. SuggestedWindow Window `json:"suggestedWindow"` - // ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is. + // ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is. // For example, it may be a page explaining the CA's dynamic load-balancing strategy, // or a page documenting which certificates are affected by a mass revocation event. // Callers SHOULD provide this URL to their operator, if present. diff --git a/certcrypto/crypto.go b/certcrypto/crypto.go index 9f748691..2d531630 100644 --- a/certcrypto/crypto.go +++ b/certcrypto/crypto.go @@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) { // ParsePEMPrivateKey parses a private key from key, which is a PEM block. // Borrowed from Go standard library, to handle various private key and PEM block types. // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308 -// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238) +// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238 func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) { keyBlockDER, _ := pem.Decode(key) if keyBlockDER == nil { diff --git a/certificate/certificates.go b/certificate/certificates.go index f1712550..b09e66bd 100644 --- a/certificate/certificates.go +++ b/certificate/certificates.go @@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle } if respOrder.Status == acme.StatusValid { - // if the certificate is available right away, short cut! + // if the certificate is available right away, shortcut! ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain) if errR != nil { return nil, errR diff --git a/challenge/dns01/nameserver.go b/challenge/dns01/nameserver.go index f346246b..3e2ba78e 100644 --- a/challenge/dns01/nameserver.go +++ b/challenge/dns01/nameserver.go @@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) { if in != nil && in.Truncated { tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout} - // If the TCP request succeeds, the err will reset to nil + // If the TCP request succeeds, the "err" will reset to nil in, _, err = tcp.Exchange(m, ns) } diff --git a/challenge/dns01/precheck_test.go b/challenge/dns01/precheck_test.go index 05e20497..6bd73955 100644 --- a/challenge/dns01/precheck_test.go +++ b/challenge/dns01/precheck_test.go @@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) { ok, err := check.checkDNSPropagation(test.fqdn, test.value) if test.expectError { - assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn) - assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn) + assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn) + assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn) } else { assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn) assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn) diff --git a/challenge/resolver/prober.go b/challenge/resolver/prober.go index 42c2029c..021facbb 100644 --- a/challenge/resolver/prober.go +++ b/challenge/resolver/prober.go @@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) { } func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) { - // For all valid preSolvers, first submit the challenges so they have max time to propagate + // For all valid preSolvers, first submit the challenges, so they have max time to propagate for _, authSolver := range authSolvers { authz := authSolver.authz if solvr, ok := authSolver.solver.(preSolver); ok { diff --git a/challenge/tlsalpn01/tls_alpn_challenge_server.go b/challenge/tlsalpn01/tls_alpn_challenge_server.go index e0976a6b..e5581b1e 100644 --- a/challenge/tlsalpn01/tls_alpn_challenge_server.go +++ b/challenge/tlsalpn01/tls_alpn_challenge_server.go @@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string { return net.JoinHostPort(s.iface, s.port) } -// Present generates a certificate with a SHA-256 digest of the keyAuth provided +// Present generates a certificate with an SHA-256 digest of the keyAuth provided // as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec. func (s *ProviderServer) Present(domain, token, keyAuth string) error { if s.port == "" { diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index 90a750f2..01363244 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error { ew.writeln(`Credentials:`) ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`) - ew.writeln(` - "SOFTLAYER_USERNAME": User name (IBM Cloud is _)`) + ew.writeln(` - "SOFTLAYER_USERNAME": Username (IBM Cloud is _)`) ew.writeln() ew.writeln(`Additional Configuration:`) @@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error { ew.writeln(`Credentials:`) ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`) - ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`) + ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`) ew.writeln() ew.writeln(`Additional Configuration:`) diff --git a/docs/content/dns/manual.md b/docs/content/dns/manual.md index 54f81d6a..3f9cf0a8 100644 --- a/docs/content/dns/manual.md +++ b/docs/content/dns/manual.md @@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`: $ lego --email "you@example.com" --domains="example.com" --dns "manual" run ``` -What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions: +What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions: ```txt No key found for account you@example.com. Generating a P256 key. diff --git a/docs/content/dns/zz_gen_cloudflare.md b/docs/content/dns/zz_gen_cloudflare.md index e4cd6dfd..43b197c4 100644 --- a/docs/content/dns/zz_gen_cloudflare.md +++ b/docs/content/dns/zz_gen_cloudflare.md @@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare. See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details. The main resources Lego cares for are the DNS entries for your Zones. -It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. +It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. Hence, you should create an API token with the following permissions: diff --git a/docs/content/dns/zz_gen_dnsimple.md b/docs/content/dns/zz_gen_dnsimple.md index addfaaa6..5a8b5bfc 100644 --- a/docs/content/dns/zz_gen_dnsimple.md +++ b/docs/content/dns/zz_gen_dnsimple.md @@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default. While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/), -DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge. +DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge. To authenticate you need to provide a valid API token. HTTP Basic Authentication is intentionally not supported. @@ -69,7 +69,7 @@ HTTP Basic Authentication is intentionally not supported. ### API tokens You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page. -Only Account API tokens are supported, if you try to use an User API token you will receive an error message. +Only Account API tokens are supported, if you try to use a User API token you will receive an error message. diff --git a/docs/content/dns/zz_gen_edgedns.md b/docs/content/dns/zz_gen_edgedns.md index b1c89f8b..dde9dcf4 100644 --- a/docs/content/dns/zz_gen_edgedns.md +++ b/docs/content/dns/zz_gen_edgedns.md @@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here]({{< ref "dns#configuration-and-credentials" >}}). -Akamai credentials are automatically detected in the following locations and prioritized in the following order: +Akamai's credentials are automatically detected in the following locations and prioritized in the following order: 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`): - `AKAMAI_{SECTION}_HOST` diff --git a/docs/content/dns/zz_gen_httpreq.md b/docs/content/dns/zz_gen_httpreq.md index 987a6c98..f54e61ec 100644 --- a/docs/content/dns/zz_gen_httpreq.md +++ b/docs/content/dns/zz_gen_httpreq.md @@ -64,7 +64,7 @@ The server must provide: - `POST` `/present` - `POST` `/cleanup` -The URL of the server must be define by `HTTPREQ_ENDPOINT`. +The URL of the server must be defined by `HTTPREQ_ENDPOINT`. ### Mode diff --git a/docs/content/dns/zz_gen_ibmcloud.md b/docs/content/dns/zz_gen_ibmcloud.md index 41e0f466..db9a6943 100644 --- a/docs/content/dns/zz_gen_ibmcloud.md +++ b/docs/content/dns/zz_gen_ibmcloud.md @@ -39,7 +39,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run | Environment Variable Name | Description | |-----------------------|-------------| | `SOFTLAYER_API_KEY` | Classic Infrastructure API key | -| `SOFTLAYER_USERNAME` | User name (IBM Cloud is _) | +| `SOFTLAYER_USERNAME` | Username (IBM Cloud is _) | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here]({{< ref "dns#configuration-and-credentials" >}}). diff --git a/docs/content/dns/zz_gen_joker.md b/docs/content/dns/zz_gen_joker.md index b51f596b..f56fee17 100644 --- a/docs/content/dns/zz_gen_joker.md +++ b/docs/content/dns/zz_gen_joker.md @@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html): -> 1. please login at Joker.com, visit 'My Domains', +> 1. please log in at Joker.com, visit 'My Domains', > find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu > > 2. on the top right, you will find the setting for 'Dynamic DNS'. diff --git a/docs/content/dns/zz_gen_nicmanager.md b/docs/content/dns/zz_gen_nicmanager.md index bcad5eac..ab4bd674 100644 --- a/docs/content/dns/zz_gen_nicmanager.md +++ b/docs/content/dns/zz_gen_nicmanager.md @@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). ## Description -You can login using your account name + username or using your email address. +You can log in using your account name + username or using your email address. Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`. diff --git a/docs/content/dns/zz_gen_ovh.md b/docs/content/dns/zz_gen_ovh.md index 150f4c84..5d7e2317 100644 --- a/docs/content/dns/zz_gen_ovh.md +++ b/docs/content/dns/zz_gen_ovh.md @@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/). -When requesting the consumer key, the following configuration can be use to define access rights: +When requesting the consumer key, the following configuration can be used to define access rights: ```json { diff --git a/docs/content/dns/zz_gen_rcodezero.md b/docs/content/dns/zz_gen_rcodezero.md index e48c34ca..bca7dcbd 100644 --- a/docs/content/dns/zz_gen_rcodezero.md +++ b/docs/content/dns/zz_gen_rcodezero.md @@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). ## Description Generate your API Token via https://my.rcodezero.at with the `ACME` permissions. -This are special tokens with limited access for ACME requests only. +These are special tokens with limited access for ACME requests only. RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes. diff --git a/docs/content/dns/zz_gen_route53.md b/docs/content/dns/zz_gen_route53.md index cccd1d36..ff65bace 100644 --- a/docs/content/dns/zz_gen_route53.md +++ b/docs/content/dns/zz_gen_route53.md @@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th ### Least privilege policy for production purposes -The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge. +The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge. Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`. Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy. diff --git a/docs/content/dns/zz_gen_sonic.md b/docs/content/dns/zz_gen_sonic.md index 5e0ad197..bd7674a7 100644 --- a/docs/content/dns/zz_gen_sonic.md +++ b/docs/content/dns/zz_gen_sonic.md @@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname). -Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`. +Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`. diff --git a/docs/content/dns/zz_gen_vkcloud.md b/docs/content/dns/zz_gen_vkcloud.md index 59a70947..145d44d1 100644 --- a/docs/content/dns/zz_gen_vkcloud.md +++ b/docs/content/dns/zz_gen_vkcloud.md @@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here]({{< ref "dns#configuration-and-credentials" >}}). -## Credential inforamtion +## Credential information You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud. diff --git a/docs/content/dns/zz_gen_yandexcloud.md b/docs/content/dns/zz_gen_yandexcloud.md index 26812a2f..18f85236 100644 --- a/docs/content/dns/zz_gen_yandexcloud.md +++ b/docs/content/dns/zz_gen_yandexcloud.md @@ -52,7 +52,7 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains | Environment Variable Name | Description | |-----------------------|-------------| | `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud | -| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions | +| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here]({{< ref "dns#configuration-and-credentials" >}}). diff --git a/docs/content/usage/cli/Obtain-a-Certificate.md b/docs/content/usage/cli/Obtain-a-Certificate.md index e6f477b0..6ea6d323 100644 --- a/docs/content/usage/cli/Obtain-a-Certificate.md +++ b/docs/content/usage/cli/Obtain-a-Certificate.md @@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers, and you need to pick the one where your domain's DNS settings are set up. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider. -For this example, let's assume you have setup CloudFlare for your domain. +For this example, let's assume you have set up CloudFlare for your domain. Execute this command: diff --git a/docs/content/usage/cli/Options.md b/docs/content/usage/cli/Options.md index 8d7e105e..2a6ae9a7 100644 --- a/docs/content/usage/cli/Options.md +++ b/docs/content/usage/cli/Options.md @@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options: ## Port Usage -By default lego assumes it is able to bind to ports 80 and 443 to solve challenges. +By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges. If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct lego to listen on that interface:port for any incoming challenges. -If you are using this option, make sure you proxy all of the following traffic to these ports. +If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports. **HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header]. @@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the There are also situations, where this verification step doesn't work as expected: - A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt). -- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet. +- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet. The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order. diff --git a/docs/content/usage/cli/Renew-a-Certificate.md b/docs/content/usage/cli/Renew-a-Certificate.md index d45e5c45..7f04331d 100644 --- a/docs/content/usage/cli/Renew-a-Certificate.md +++ b/docs/content/usage/cli/Renew-a-Certificate.md @@ -36,7 +36,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers, and you need to pick the one where your domain's DNS settings are set up. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider. -For this example, let's assume you have setup CloudFlare for your domain. +For this example, let's assume you have set up CloudFlare for your domain. Execute this command: @@ -107,4 +107,4 @@ RandomizedDelaySec=1h WantedBy=timers.target ``` -[^loadspikes]: See [Github issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description. +[^loadspikes]: See [GitHub issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description. diff --git a/docs/content/usage/library/_index.md b/docs/content/usage/library/_index.md index 5e1d062b..b337b36d 100644 --- a/docs/content/usage/library/_index.md +++ b/docs/content/usage/library/_index.md @@ -4,7 +4,7 @@ date: 2019-03-03T16:39:46+01:00 draft: false --- -Lego can be use as a Go Library. +Lego can be used as a Go Library. diff --git a/e2e/fixtures/certs/README.md b/e2e/fixtures/certs/README.md index 7cde76f5..7b7961d7 100644 --- a/e2e/fixtures/certs/README.md +++ b/e2e/fixtures/certs/README.md @@ -1,7 +1,7 @@ # certs/ This directory contains a CA certificate (`pebble.minica.pem`) and a private key -(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See +(`pebble.minica.key.pem`) that are used to issue an end-entity certificate (See `certs/localhost`) for the Pebble HTTPS server. To get your **testing code** to use Pebble without HTTPS errors you should @@ -14,12 +14,11 @@ code!!! The CA's private key is **public** and anyone can use it to issue certificates that will be trusted by a system with the Pebble CA in the trust store. -To re-create all of the Pebble certificates run: +To re-create all certificates used by Pebble, run: minica -ca-cert pebble.minica.pem \ -ca-key pebble.minica.key.pem \ -domains localhost,pebble \ -ip-addresses 127.0.0.1 -From the `test/certs/` directory after [installing -MiniCA](https://github.com/jsha/minica#installation) +From the `test/certs/` directory after [installing MiniCA](https://github.com/jsha/minica#installation) diff --git a/lego/client_config.go b/lego/client_config.go index e75739c1..27bc1872 100644 --- a/lego/client_config.go +++ b/lego/client_config.go @@ -29,7 +29,7 @@ const ( // caServerNameEnvVar is the environment variable name that can be used to // specify the CA server name that can be used to - // authenticate an ACME server with a HTTPS certificate not issued by a CA in + // authenticate an ACME server with an HTTPS certificate not issued by a CA in // the system-wide trusted root list. caServerNameEnvVar = "LEGO_CA_SERVER_NAME" diff --git a/platform/config/env/env.go b/platform/config/env/env.go index 9da13ea9..9a1d3ce0 100644 --- a/platform/config/env/env.go +++ b/platform/config/env/env.go @@ -95,7 +95,7 @@ func getOneWithFallback(main string, names ...string) (string, string) { } // GetOrDefaultInt returns the given environment variable value as an integer. -// Returns the default if the envvar cannot be coopered to an int, or is not found. +// Returns the default if the env var cannot be coopered to an int, or is not found. func GetOrDefaultInt(envVar string, defaultValue int) int { v, err := strconv.Atoi(GetOrFile(envVar)) if err != nil { @@ -105,8 +105,8 @@ func GetOrDefaultInt(envVar string, defaultValue int) int { return v } -// GetOrDefaultSecond returns the given environment variable value as an time.Duration (second). -// Returns the default if the envvar cannot be coopered to an int, or is not found. +// GetOrDefaultSecond returns the given environment variable value as a time.Duration (second). +// Returns the default if the env var cannot be coopered to an int, or is not found. func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration { v := GetOrDefaultInt(envVar, -1) if v < 0 { @@ -117,7 +117,7 @@ func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration } // GetOrDefaultString returns the given environment variable value as a string. -// Returns the default if the envvar cannot be find. +// Returns the default if the env var cannot be found. func GetOrDefaultString(envVar, defaultValue string) string { v := GetOrFile(envVar) if v == "" { @@ -128,7 +128,7 @@ func GetOrDefaultString(envVar, defaultValue string) string { } // GetOrDefaultBool returns the given environment variable value as a boolean. -// Returns the default if the envvar cannot be coopered to a boolean, or is not found. +// Returns the default if the env var cannot be coopered to a boolean, or is not found. func GetOrDefaultBool(envVar string, defaultValue bool) bool { v, err := strconv.ParseBool(GetOrFile(envVar)) if err != nil { diff --git a/platform/tester/env.go b/platform/tester/env.go index 54890873..42c4c301 100644 --- a/platform/tester/env.go +++ b/platform/tester/env.go @@ -48,7 +48,7 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest { for _, key := range keys { if e.domainKey != key && !e.isManagedKey(key) { - panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key)) + panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed, or it's not the key of the domain.", key)) } if e.domainKey == key { diff --git a/providers/dns/azure/azure.go b/providers/dns/azure/azure.go index cf3eb50c..521209ab 100644 --- a/providers/dns/azure/azure.go +++ b/providers/dns/azure/azure.go @@ -204,7 +204,7 @@ func getAuthorizer(config *Config) (autorest.Authorizer, error) { return auth.NewAuthorizerFromEnvironment() } -// Fetches metadata from environment or he instance metadata service. +// Fetches metadata from environment or the instance metadata service. // borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go func getMetadata(config *Config, field string) (string, error) { metadataEndpoint := config.MetadataEndpoint diff --git a/providers/dns/bluecat/internal/client.go b/providers/dns/bluecat/internal/client.go index e6451343..a2649a45 100644 --- a/providers/dns/bluecat/internal/client.go +++ b/providers/dns/bluecat/internal/client.go @@ -200,7 +200,7 @@ func (c *Client) LookupViewID(ctx context.Context, configName, viewName string) return view.ID, nil } -// LookupParentZoneID Return the entityId of the parent zone by recursing from the root view. +// LookupParentZoneID returns the entityId of the parent zone by iterating through the root labels. // Also return the simple name of the host. func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) { if fqdn == "" { diff --git a/providers/dns/cloudflare/cloudflare.go b/providers/dns/cloudflare/cloudflare.go index 03acf21b..2d91fe4b 100644 --- a/providers/dns/cloudflare/cloudflare.go +++ b/providers/dns/cloudflare/cloudflare.go @@ -63,7 +63,7 @@ type DNSProvider struct { // For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN. // // The email and API key should be avoided, if possible. -// Instead setup a API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable. +// Instead, set up an API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable. // You can split the Zone:Read and DNS:Edit permissions across multiple API tokens: // in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly. func NewDNSProvider() (*DNSProvider, error) { diff --git a/providers/dns/cloudflare/cloudflare.toml b/providers/dns/cloudflare/cloudflare.toml index 9852a2f6..514790ba 100644 --- a/providers/dns/cloudflare/cloudflare.toml +++ b/providers/dns/cloudflare/cloudflare.toml @@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare. See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details. The main resources Lego cares for are the DNS entries for your Zones. -It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. +It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries. Hence, you should create an API token with the following permissions: diff --git a/providers/dns/conoha/conoha.go b/providers/dns/conoha/conoha.go index 1e4b0e18..e19ba4d4 100644 --- a/providers/dns/conoha/conoha.go +++ b/providers/dns/conoha/conoha.go @@ -105,7 +105,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { tokens, err := identifier.GetToken(context.TODO(), auth) if err != nil { - return nil, fmt.Errorf("conoha: failed to login: %w", err) + return nil, fmt.Errorf("conoha: failed to log in: %w", err) } client, err := internal.NewClient(config.Region, tokens.Access.Token.ID) diff --git a/providers/dns/conoha/conoha_test.go b/providers/dns/conoha/conoha_test.go index 8d8197f3..9db5ba79 100644 --- a/providers/dns/conoha/conoha_test.go +++ b/providers/dns/conoha/conoha_test.go @@ -29,7 +29,7 @@ func TestNewDNSProvider(t *testing.T) { EnvAPIUsername: "api_username", EnvAPIPassword: "api_password", }, - expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, + expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, }, { desc: "missing credentials", @@ -99,7 +99,7 @@ func TestNewDNSProviderConfig(t *testing.T) { }{ { desc: "complete credentials, but login failed", - expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, + expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`, tenant: "tenant_id", username: "api_username", password: "api_password", diff --git a/providers/dns/constellix/internal/auth.go b/providers/dns/constellix/internal/auth.go index 8be4f845..1a136012 100644 --- a/providers/dns/constellix/internal/auth.go +++ b/providers/dns/constellix/internal/auth.go @@ -23,7 +23,7 @@ type TokenTransport struct { Transport http.RoundTripper } -// NewTokenTransport Creates a HTTP transport for API authentication. +// NewTokenTransport Creates an HTTP transport for API authentication. func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) { if apiKey == "" { return nil, errors.New("credentials missing: API key") diff --git a/providers/dns/dnsimple/dnsimple.toml b/providers/dns/dnsimple/dnsimple.toml index e3f6f509..0dd8f06e 100644 --- a/providers/dns/dnsimple/dnsimple.toml +++ b/providers/dns/dnsimple/dnsimple.toml @@ -16,7 +16,7 @@ Additional = ''' if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default. While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/), -DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge. +DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge. To authenticate you need to provide a valid API token. HTTP Basic Authentication is intentionally not supported. @@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported. ### API tokens You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page. -Only Account API tokens are supported, if you try to use an User API token you will receive an error message. +Only Account API tokens are supported, if you try to use a User API token you will receive an error message. ''' [Configuration] diff --git a/providers/dns/domeneshop/internal/client.go b/providers/dns/domeneshop/internal/client.go index 9b48d326..b7ebb994 100644 --- a/providers/dns/domeneshop/internal/client.go +++ b/providers/dns/domeneshop/internal/client.go @@ -17,7 +17,7 @@ import ( const defaultBaseURL string = "https://api.domeneshop.no/v0" // Client implements a very simple wrapper around the Domeneshop API. -// For now it will only deal with adding and removing TXT records, as required by ACME providers. +// For now, it will only deal with adding and removing TXT records, as required by ACME providers. // https://api.domeneshop.no/docs/ type Client struct { apiToken string diff --git a/providers/dns/dynu/internal/auth.go b/providers/dns/dynu/internal/auth.go index 72d15a81..7a21a10e 100644 --- a/providers/dns/dynu/internal/auth.go +++ b/providers/dns/dynu/internal/auth.go @@ -16,7 +16,7 @@ type TokenTransport struct { Transport http.RoundTripper } -// NewTokenTransport Creates a HTTP transport for API authentication. +// NewTokenTransport Creates an HTTP transport for API authentication. func NewTokenTransport(apiKey string) (*TokenTransport, error) { if apiKey == "" { return nil, errors.New("credentials missing: API key") diff --git a/providers/dns/dynu/internal/client.go b/providers/dns/dynu/internal/client.go index d9e6e5bf..6821863b 100644 --- a/providers/dns/dynu/internal/client.go +++ b/providers/dns/dynu/internal/client.go @@ -110,7 +110,7 @@ func (c Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostnam return &apiResp, nil } -// doRetry the API is really unstable so we need to retry on EOF. +// doRetry the API is really unstable, so we need to retry on EOF. func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error { operation := func() error { return c.do(ctx, method, uri, body, result) diff --git a/providers/dns/edgedns/edgedns.go b/providers/dns/edgedns/edgedns.go index df6d93e7..1dcb4865 100644 --- a/providers/dns/edgedns/edgedns.go +++ b/providers/dns/edgedns/edgedns.go @@ -62,7 +62,7 @@ type DNSProvider struct { } // NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS: -// Akamai credentials are automatically detected in the following locations and prioritized in the following order: +// Akamai's credentials are automatically detected in the following locations and prioritized in the following order: // // 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION` // 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET` diff --git a/providers/dns/edgedns/edgedns.toml b/providers/dns/edgedns/edgedns.toml index 7929e03d..0612c78c 100644 --- a/providers/dns/edgedns/edgedns.toml +++ b/providers/dns/edgedns/edgedns.toml @@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run ''' Additional = ''' -Akamai credentials are automatically detected in the following locations and prioritized in the following order: +Akamai's credentials are automatically detected in the following locations and prioritized in the following order: 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`): - `AKAMAI_{SECTION}_HOST` diff --git a/providers/dns/glesys/glesys.go b/providers/dns/glesys/glesys.go index acdf1b44..95b5f087 100644 --- a/providers/dns/glesys/glesys.go +++ b/providers/dns/glesys/glesys.go @@ -14,11 +14,7 @@ import ( "github.com/go-acme/lego/v4/providers/dns/glesys/internal" ) -const ( - // defaultBaseURL is the GleSYS API endpoint used by Present and CleanUp. - defaultBaseURL = "https://api.glesys.com/domain" - minTTL = 60 -) +const minTTL = 60 // Environment variables names. const ( diff --git a/providers/dns/httpreq/httpreq.go b/providers/dns/httpreq/httpreq.go index 782f9a2a..81b3a698 100644 --- a/providers/dns/httpreq/httpreq.go +++ b/providers/dns/httpreq/httpreq.go @@ -1,4 +1,4 @@ -// Package httpreq implements a DNS provider for solving the DNS-01 challenge through a HTTP server. +// Package httpreq implements a DNS provider for solving the DNS-01 challenge through an HTTP server. package httpreq import ( diff --git a/providers/dns/httpreq/httpreq.toml b/providers/dns/httpreq/httpreq.toml index a3bfd677..cd6c823d 100644 --- a/providers/dns/httpreq/httpreq.toml +++ b/providers/dns/httpreq/httpreq.toml @@ -17,7 +17,7 @@ The server must provide: - `POST` `/present` - `POST` `/cleanup` -The URL of the server must be define by `HTTPREQ_ENDPOINT`. +The URL of the server must be defined by `HTTPREQ_ENDPOINT`. ### Mode diff --git a/providers/dns/hurricane/internal/client.go b/providers/dns/hurricane/internal/client.go index bbc90758..62ca7615 100644 --- a/providers/dns/hurricane/internal/client.go +++ b/providers/dns/hurricane/internal/client.go @@ -113,7 +113,7 @@ func evaluateBody(body string, hostname string) error { case codeAbuse: return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname) case codeBadAgent: - return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body) + return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on GitHub", body) case codeBadAuth: return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname) case codeInterval: diff --git a/providers/dns/ibmcloud/ibmcloud.toml b/providers/dns/ibmcloud/ibmcloud.toml index 1b562ce9..2a87c584 100644 --- a/providers/dns/ibmcloud/ibmcloud.toml +++ b/providers/dns/ibmcloud/ibmcloud.toml @@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run [Configuration] [Configuration.Credentials] - SOFTLAYER_USERNAME = "User name (IBM Cloud is _)" + SOFTLAYER_USERNAME = "Username (IBM Cloud is _)" SOFTLAYER_API_KEY = "Classic Infrastructure API key" [Configuration.Additional] SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check" diff --git a/providers/dns/internal/selectel/client.go b/providers/dns/internal/selectel/client.go index dcefa34b..1e1e4a21 100644 --- a/providers/dns/internal/selectel/client.go +++ b/providers/dns/internal/selectel/client.go @@ -55,7 +55,7 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai statusCode, err := c.do(req, domain) if err != nil { if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 { - // Look up for the next sub domain + // Look up for the next subdomain subIndex := strings.Index(domainName, ".") return c.GetDomainByName(ctx, domainName[subIndex+1:]) } diff --git a/providers/dns/inwx/inwx.go b/providers/dns/inwx/inwx.go index fdfa4e54..ab134b0c 100644 --- a/providers/dns/inwx/inwx.go +++ b/providers/dns/inwx/inwx.go @@ -108,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { defer func() { errL := d.client.Account.Logout() if errL != nil { - log.Infof("inwx: failed to logout: %v", errL) + log.Infof("inwx: failed to log out: %v", errL) } }() @@ -158,7 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { defer func() { errL := d.client.Account.Logout() if errL != nil { - log.Infof("inwx: failed to logout: %v", errL) + log.Infof("inwx: failed to log out: %v", errL) } }() @@ -199,7 +199,7 @@ func (d *DNSProvider) twoFactorAuth(info *goinwx.LoginResponse) error { } if d.config.SharedSecret == "" { - return errors.New("two factor authentication but no shared secret is given") + return errors.New("two-factor authentication but no shared secret is given") } tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now()) diff --git a/providers/dns/joker/joker.toml b/providers/dns/joker/joker.toml index 52a17c7f..786097ac 100644 --- a/providers/dns/joker/joker.toml +++ b/providers/dns/joker/joker.toml @@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html): -> 1. please login at Joker.com, visit 'My Domains', +> 1. please log in at Joker.com, visit 'My Domains', > find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu > > 2. on the top right, you will find the setting for 'Dynamic DNS'. diff --git a/providers/dns/loopia/loopia.go b/providers/dns/loopia/loopia.go index ed0fd02d..dc2623be 100644 --- a/providers/dns/loopia/loopia.go +++ b/providers/dns/loopia/loopia.go @@ -192,7 +192,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { err = d.client.RemoveSubdomain(ctx, authZone, subDomain) if err != nil { - return fmt.Errorf("loopia: failed to remove sub-domain: %w", err) + return fmt.Errorf("loopia: failed to remove subdomain: %w", err) } return nil diff --git a/providers/dns/loopia/loopia_mock_test.go b/providers/dns/loopia/loopia_mock_test.go index 79fe2b13..6416bb99 100644 --- a/providers/dns/loopia/loopia_mock_test.go +++ b/providers/dns/loopia/loopia_mock_test.go @@ -149,10 +149,10 @@ func TestDNSProvider_Cleanup(t *testing.T) { callGetTXTRecords: true, callRemoveSubdomain: true, - expectedError: `loopia: failed to remove sub-domain: unknown error: "UNKNOWN_ERROR"`, + expectedError: `loopia: failed to remove subdomain: unknown error: "UNKNOWN_ERROR"`, }, { - desc: "Dont call removeSubdomain when records", + desc: "Don't call removeSubdomain when records", getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}}, callAddTXTRecord: true, diff --git a/providers/dns/namecheap/namecheap.go b/providers/dns/namecheap/namecheap.go index eb94c9ce..c4d9c069 100644 --- a/providers/dns/namecheap/namecheap.go +++ b/providers/dns/namecheap/namecheap.go @@ -18,17 +18,16 @@ import ( ) // Notes about namecheap's tool API: -// 1. Using the API requires registration. Once registered, use your account -// name and API key to access the API. -// 2. There is no API to add or modify a single DNS record. Instead you must -// read the entire list of records, make modifications, and then write the -// entire updated list of records. (Yuck.) -// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take -// as long as an hour. -// 4. Namecheap requires you to whitelist the IP address from which you call -// its APIs. It also requires all API calls to include the whitelisted IP -// address as a form or query string value. This code uses a namecheap -// service to query the client's IP address. +// 1. Using the API requires registration. +// Once registered, use your account name and API key to access the API. +// 2. There is no API to add or modify a single DNS record. +// Instead, you must read the entire list of records, make modifications, +// and then write the entire updated list of records. (Yuck.) +// 3. Namecheap's DNS updates can be slow to propagate. +// I've seen them take as long as an hour. +// 4. Namecheap requires you to whitelist the IP address from which you call its APIs. +// It also requires all API calls to include the whitelisted IP address as a form or query string value. +// This code uses a namecheap service to query the client's IP address. // Environment variables names. const ( diff --git a/providers/dns/nicmanager/nicmanager.go b/providers/dns/nicmanager/nicmanager.go index e37efba9..e5054ef0 100644 --- a/providers/dns/nicmanager/nicmanager.go +++ b/providers/dns/nicmanager/nicmanager.go @@ -201,5 +201,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { } } - return fmt.Errorf("nicmanager: no record found to cleanup") + return fmt.Errorf("nicmanager: no record found to clean up") } diff --git a/providers/dns/nicmanager/nicmanager.toml b/providers/dns/nicmanager/nicmanager.toml index 7d902ad0..913f685b 100644 --- a/providers/dns/nicmanager/nicmanager.toml +++ b/providers/dns/nicmanager/nicmanager.toml @@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run Additional = ''' ## Description -You can login using your account name + username or using your email address. +You can log in using your account name + username or using your email address. Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`. ''' diff --git a/providers/dns/oraclecloud/oraclecloud.go b/providers/dns/oraclecloud/oraclecloud.go index de3a9eed..755cffc7 100644 --- a/providers/dns/oraclecloud/oraclecloud.go +++ b/providers/dns/oraclecloud/oraclecloud.go @@ -161,7 +161,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { } if *domainRecords.OpcTotalItems == 0 { - return errors.New("oraclecloud: no record to CleanUp") + return errors.New("oraclecloud: no record to clean up") } var deleteHash *string @@ -173,7 +173,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { } if deleteHash == nil { - return errors.New("oraclecloud: no record to CleanUp") + return errors.New("oraclecloud: no record to clean up") } recordOperation := dns.RecordOperation{ diff --git a/providers/dns/ovh/ovh.toml b/providers/dns/ovh/ovh.toml index ab8ae490..ddd51d2c 100644 --- a/providers/dns/ovh/ovh.toml +++ b/providers/dns/ovh/ovh.toml @@ -17,7 +17,7 @@ Additional = ''' Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/). -When requesting the consumer key, the following configuration can be use to define access rights: +When requesting the consumer key, the following configuration can be used to define access rights: ```json { diff --git a/providers/dns/rcodezero/rcodezero.toml b/providers/dns/rcodezero/rcodezero.toml index ee475d20..a012736f 100644 --- a/providers/dns/rcodezero/rcodezero.toml +++ b/providers/dns/rcodezero/rcodezero.toml @@ -13,7 +13,7 @@ Additional = ''' ## Description Generate your API Token via https://my.rcodezero.at with the `ACME` permissions. -This are special tokens with limited access for ACME requests only. +These are special tokens with limited access for ACME requests only. RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes. diff --git a/providers/dns/rfc2136/rfc2136_test.go b/providers/dns/rfc2136/rfc2136_test.go index 6e0260cf..235ce4e4 100644 --- a/providers/dns/rfc2136/rfc2136_test.go +++ b/providers/dns/rfc2136/rfc2136_test.go @@ -85,7 +85,7 @@ func TestServerError(t *testing.T) { err = provider.Present(fakeDomain, "", fakeKeyAuth) require.Error(t, err) if !strings.Contains(err.Error(), "NOTZONE") { - t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string but it did not: %v", err) + t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err) } } diff --git a/providers/dns/route53/route53.go b/providers/dns/route53/route53.go index e789aeb4..dd8d4587 100644 --- a/providers/dns/route53/route53.go +++ b/providers/dns/route53/route53.go @@ -95,7 +95,7 @@ func NewDNSProvider() (*DNSProvider, error) { return NewDNSProviderConfig(NewDefaultConfig()) } -// NewDNSProviderConfig takes a given config ans returns a custom configured DNSProvider instance. +// NewDNSProviderConfig takes a given config and returns a custom configured DNSProvider instance. func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { if config == nil { return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil") diff --git a/providers/dns/route53/route53.toml b/providers/dns/route53/route53.toml index 5f3309e5..d253b540 100644 --- a/providers/dns/route53/route53.toml +++ b/providers/dns/route53/route53.toml @@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th ### Least privilege policy for production purposes -The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge. +The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge. Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`. Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy. diff --git a/providers/dns/sonic/sonic.toml b/providers/dns/sonic/sonic.toml index 286dee02..c4ba74dd 100644 --- a/providers/dns/sonic/sonic.toml +++ b/providers/dns/sonic/sonic.toml @@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname). -Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`. +Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`. ''' [Configuration] diff --git a/providers/dns/transip/transip_test.go b/providers/dns/transip/transip_test.go index 119aa63a..a09cafe8 100644 --- a/providers/dns/transip/transip_test.go +++ b/providers/dns/transip/transip_test.go @@ -81,7 +81,7 @@ func TestNewDNSProvider(t *testing.T) { } // The error message for a file not existing is different on Windows and Linux. - // Therefore we test if the error type is the same. + // Therefore, we test if the error type is the same. t.Run("could not open private key path", func(t *testing.T) { defer envTest.RestoreEnv() envTest.ClearEnv() @@ -144,7 +144,7 @@ func TestNewDNSProviderConfig(t *testing.T) { } // The error message for a file not existing is different on Windows and Linux. - // Therefore we test if the error type is the same. + // Therefore, we test if the error type is the same. t.Run("could not open private key path", func(t *testing.T) { config := NewDefaultConfig() config.AccountName = "johndoe" diff --git a/providers/dns/vkcloud/vkcloud.toml b/providers/dns/vkcloud/vkcloud.toml index 573daa09..20beeefd 100644 --- a/providers/dns/vkcloud/vkcloud.toml +++ b/providers/dns/vkcloud/vkcloud.toml @@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*. ''' Additional = ''' -## Credential inforamtion +## Credential information You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud. diff --git a/providers/dns/wedos/internal/token.go b/providers/dns/wedos/internal/token.go index 7655092e..bca3f10f 100644 --- a/providers/dns/wedos/internal/token.go +++ b/providers/dns/wedos/internal/token.go @@ -38,7 +38,7 @@ func czechHour() int { func utcToCet(utc time.Time) time.Time { // https://en.wikipedia.org/wiki/Central_European_Time - // As of 2011, all member states of the European Union observe summer time (daylight saving time), + // As of 2011, all member states of the European Union observe Summer Time (daylight saving time), // from the last Sunday in March to the last Sunday in October. // States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1] utcMonth := utc.Month() diff --git a/providers/dns/yandexcloud/yandexcloud.toml b/providers/dns/yandexcloud/yandexcloud.toml index 93dbad4c..dd76f915 100644 --- a/providers/dns/yandexcloud/yandexcloud.toml +++ b/providers/dns/yandexcloud/yandexcloud.toml @@ -37,7 +37,7 @@ cat key.json | base64 [Configuration] [Configuration.Credentials] - YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions" + YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions" YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud" [Configuration.Additional] YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check" diff --git a/providers/http/memcached/memcached.go b/providers/http/memcached/memcached.go index 0823373a..b26def2c 100644 --- a/providers/http/memcached/memcached.go +++ b/providers/http/memcached/memcached.go @@ -1,5 +1,4 @@ -// Package memcached implements a HTTP provider for solving the HTTP-01 challenge using memcached -// in combination with a webserver. +// Package memcached implements an HTTP provider for solving the HTTP-01 challenge using memcached in combination with a webserver. package memcached import ( diff --git a/providers/http/s3/s3.go b/providers/http/s3/s3.go index 0df63bf1..d8fc4246 100644 --- a/providers/http/s3/s3.go +++ b/providers/http/s3/s3.go @@ -1,4 +1,4 @@ -// Package s3 implements a HTTP provider for solving the HTTP-01 challenge using web server's root path. +// Package s3 implements an HTTP provider for solving the HTTP-01 challenge using AWS S3. package s3 import ( diff --git a/providers/http/s3/s3_test.go b/providers/http/s3/s3_test.go index 1511fc2d..88b8438b 100644 --- a/providers/http/s3/s3_test.go +++ b/providers/http/s3/s3_test.go @@ -1,5 +1,3 @@ -// Package s3 implements a HTTP provider for solving the HTTP-01 challenge -// using AWS S3 in combination with AWS CloudFront. package s3 import ( diff --git a/providers/http/webroot/webroot.go b/providers/http/webroot/webroot.go index a135d0ad..c5b49cae 100644 --- a/providers/http/webroot/webroot.go +++ b/providers/http/webroot/webroot.go @@ -1,4 +1,4 @@ -// Package webroot implements a HTTP provider for solving the HTTP-01 challenge using web server's root path. +// Package webroot implements an HTTP provider for solving the HTTP-01 challenge using web server's root path. package webroot import (