Commit ecf40809 authored by Adrien Dorsaz's avatar Adrien Dorsaz

add a configuration to choose if you want to receive certificate only or certificate chain

parent 234a5f32
Pipeline #216 failed with stage
in 6 minutes and 20 seconds
......@@ -255,10 +255,14 @@ def get_crt(config, log=LOGGER):
raise ValueError("Finalizing order {0} got errors: {1}".format(
domain, order))
joseheaders['Accept'] = config["acmednstiny"].get("CertificateFormat", 'application/pem-certificate-chain')
http_response, result = _send_signed_request(order["certificate"], "")
if http_response.status_code != 200:
raise ValueError("Finalizing order {0} got errors: {1}".format(http_response.status_code, result))
if 'link' in http_response.headers:
log.info(" - Certificate links given by server: {0}", http_response.headers['link'])
log.info("Certificate signed and chain received: {0}".format(order["certificate"]))
return http_response.text
......
......@@ -25,6 +25,15 @@ Contacts = mailto:mail@example.com;mailto:mail2@example.org
# Default: en
Language = en
# Optional: ask to request different format of certificate file.
# By default, acme-dns-tiny request a certificate chain with format
# "application/pem-certificate-chain"
# If the ACME server used support different format, you can specify it here
# (e.g. application/pkix-cert, applicaiton/pkcs7-mime
# Note that, if the format selected doesn't provide a full chain, you should
# read logs to find the related certificates (see link header with attribute rel=up)
CertificateFormat = application/pem-certificate-chain
[TSIGKeyring]
# Required TSIG key name
KeyName = host-example
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment