system-config

History

Ian Wienand 547a4578bd letsencrypt : don't use staging in the gate Currently we connect to the LE staging environment with acme.sh during CI to get the DNS-01 tokens (but we never follow-through and actually generate the certificate, as we have nowhere to publish the tokens). We've known for a while that LE staging isn't really meant to be used by CI like this, and recent instability has made the issue pronounced. This modifies the driver script to generate fake tokens which work to ensure all the DNS processing, etc. is happening correctly. I have put this behind a flag so the letsencrypt job still does this however. I think it is worth this job actually calling acme.sh to validate this path; this shouldn't be required too often. Change-Id: I7c0b471a0661aa311aaa861fd2a0d47b07e45a72	2021-10-06 15:34:21 +11:00
..
acme.yaml	letsencrypt : don't use staging in the gate	2021-10-06 15:34:21 +11:00
main.yaml	Generate ssl check list directly from letsencrypt variables	2020-05-20 14:27:14 +10:00

Ian Wienand 547a4578bd letsencrypt : don't use staging in the gate

Currently we connect to the LE staging environment with acme.sh during
CI to get the DNS-01 tokens (but we never follow-through and actually
generate the certificate, as we have nowhere to publish the tokens).
We've known for a while that LE staging isn't really meant to be used
by CI like this, and recent instability has made the issue pronounced.

This modifies the driver script to generate fake tokens which work to
ensure all the DNS processing, etc. is happening correctly.

I have put this behind a flag so the letsencrypt job still does this
however.  I think it is worth this job actually calling acme.sh to
validate this path; this shouldn't be required too often.

Change-Id: I7c0b471a0661aa311aaa861fd2a0d47b07e45a72

2021-10-06 15:34:21 +11:00

acme.yaml

letsencrypt : don't use staging in the gate

2021-10-06 15:34:21 +11:00

main.yaml

Generate ssl check list directly from letsencrypt variables

2020-05-20 14:27:14 +10:00