Until now it was not possible to stop the acme service, because the handling
was done via cron. With this change, the acme handler can now be stopped by
calling '/etc/init.d/acme' stop. This call removes the entry from the crontab.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Since procd is now used, the call of '/etc/init.d/acme' does not have to be
locked separately. This code block can therefore be removed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In the current implementation, the config change trigger is no longer set
at boot time. This is because during boot, only the '$CHALLENGE_DIR' is
created with the boot function. The 'start_service' is first called by first
cron call at midnight. This call is installing the service_triggers reload
handling.
To fix this, add a new extra_command 'renew' that is responsible to renew
the acme. This function is called from cron and the start_service
function does the rest.
* Create directories
* Install service reload trigger form acme config change
Fixes: 76f17ab15b (acme-common: Create challenge directory on boot)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The challenge directory (for webroot challenges) is on a tmpfs, which
means it doesn't exist on boot. Some web servers (uhttpd in particular)
don't like being configured to serve files from a non-existent
directory. So add a boot() section to the ACME init script that just
creates the challenge directory, and make sure it runs relatively early.
That should take care of the non-existent directory issue, while still
keeping the actual certificate renewal controlled by cron.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The use_staging option was deprecated in 9d2d8787ca.
But it still has a bigger priority than the staging option.
This happens because config_get_bool returns 0 when the use_staging option wasn't set.
So the next check for the staging var emptiness is always false.
As the simplest fix, use the config_get staging that returns a plain string when the option is not set and if it's empty then fallback to the use_staging.
Once the use_staging option is removed we should get back to the config_get_bool staging.
Also use config_get_bool debug.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot
The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
keylength, being an acme.sh value type, uses pure numbers for rsa keys.
This can be disorienting for other acme clients. This change introduces
a new option "key_type" that aims to remove this ambiguity, and makes
all key type names follow the same pattern, making acme-common more
client agnostic.
Signed-off-by: Glen Huang <me@glenhuang.com>
ACME clients shouldn't deal with deprecated values. They should be
processed by acme-common.
Reformatting is done by shfmt.
Signed-off-by: Glen Huang <me@glenhuang.com>
