Commit Graph

25 Commits

Author SHA1 Message Date
William Lallemand
7aaf4432d4 haproxy: sanitize the PEM in the deploy script
Sanitize the PEM of the haproxy deploy script by removing the '\n', this
way it could be injected directly over the CLI.
2023-11-30 14:00:41 +01:00
podguzovvasily
8ca5ca6594
Update haproxy.sh
resolved issue with HAProxy https://github.com/acmesh-official/acme.sh/issues/4788
according https://serversforhackers.com/c/letsencrypt-with-haproxy
2023-10-24 16:58:47 +03:00
Glenn Strauss
8419b42e83 use ${ACME_OPENSSL_BIN:-openssl} instead of openssl
(requested by @Neilpang in #3687)
2021-09-30 19:00:39 -04:00
Glenn Strauss
c43c711f72 use _getdeployconf instead of sourcing DOMAIN_CONF
(requested by @Neilpang in #3394)

github: closes #3394
2021-09-01 16:37:10 -04:00
Felix Bünemann
cf5952f508
fix haproxy deploy hook ocsp update
fixes ocsp reponse update failing with `Responder Error: unauthorized (6)`
by removing `-no_nonce` switch from `openssl oscp` command .
2020-05-02 22:14:21 +02:00
xpac1985
e184a1b9e6
haproxy deploy script now compatible with OpenSSL v1.1+
haproxy deploy script now compatible with OpenSSL v1.1+

The OpenSSL OCSP request for haproxy deployment breaks from OpenSSL v1.1.0 on.
The format of the `-header` option has been changed and does now contain a `=` instead of a whitespace.
Other projects have hit the same issue:
https://github.com/nghttp2/nghttp2/issues/742

This commit determines the OpenSSL/LibreSSL version and then adjusts the request accordingly.
Also removed the duplicate command line and added some more debug output.
2020-02-20 23:28:55 +01:00
neilpang
1a126b700f fix https://github.com/Neilpang/acme.sh/issues/2252 2019-05-08 22:13:33 +08:00
andrewheberle
454c90820d
Actually set reload default 2018-09-28 08:57:13 +08:00
andrewheberle
31d9ba7e02
Change default for reload 2018-09-28 08:45:18 +08:00
andrewheberle
8d348954a7
Whitepspace 2018-05-14 13:22:46 +08:00
andrewheberle
7d19d784df
Update cert suffix for bundles .ocsp generation 2018-05-14 13:16:56 +08:00
andrewheberle
733b4e0a34
Fix Le_Keylength case 2018-05-14 11:26:03 +08:00
andrewheberle
08d29a8342
Fix return from reload 2018-05-14 10:58:46 +08:00
andrewheberle
ba20af48d3
Support HAPROXY_DEPLOY_PEM_PATH
Adds compatibility to original haproxy deploy hook while still allowing custom PEM file name (via HAPROXY_DEPLOY_PEM_NAME)
2018-05-10 15:25:28 +08:00
andrewheberle
707e053949
whitespace fixes 2018-05-10 12:18:03 +08:00
andrewheberle
c47e67e52c
Fix variable name 2018-05-10 12:06:25 +08:00
andrewheberle
6567bb4c12
Update haproxy deploy hook
Add functionality to add OCSP stapling info (.ocsp file), issuer (.issuer file) and multi-cert bundles (suffix on pem file based on key type).

This also corrects the order of key, certificate and intermediate in the PEM file, which although HAProxy does not seem to care, was incorrect in the prior version.
2018-05-10 11:51:59 +08:00
Daniel Watrous
afe5cb588d
update for POSIX compliance 2018-05-04 10:25:54 -05:00
Daniel Watrous
e9e999542d
add reload 2018-05-04 10:14:31 -05:00
Daniel Watrous
5f593994c7
remove more whitespace (trying to get TravisCI working) 2018-05-03 12:25:11 -05:00
Daniel Watrous
ec73aeba16
remove whitespace 2018-05-03 12:17:26 -05:00
Daniel Watrous
7573e560b6
Add conditional check to ensure path is provided 2018-05-03 10:06:05 -05:00
Daniel Watrous
360dc140ea
implement basic haproxy deploy
HAProxy requires the certificate chain and key to be concatenated and placed somewhere (can be anywhere). This script expects a single environment variable with the path where the concatenated PEM file should be written
2018-05-03 01:28:56 -05:00
neilpang
f845b371ce fix format 2017-02-19 20:40:53 +08:00
neilpang
3a1bd3114b add hooks, not implemented yet. 2017-02-19 20:35:32 +08:00