Commit ecf40809 authored by Adrien Dorsaz's avatar Adrien Dorsaz

add a configuration to choose if you want to receive certificate only or certificate chain

parent 234a5f32
Pipeline #216 failed with stage
in 6 minutes and 20 seconds
...@@ -255,10 +255,14 @@ def get_crt(config, log=LOGGER): ...@@ -255,10 +255,14 @@ def get_crt(config, log=LOGGER):
raise ValueError("Finalizing order {0} got errors: {1}".format( raise ValueError("Finalizing order {0} got errors: {1}".format(
domain, order)) domain, order))
joseheaders['Accept'] = config["acmednstiny"].get("CertificateFormat", 'application/pem-certificate-chain')
http_response, result = _send_signed_request(order["certificate"], "") http_response, result = _send_signed_request(order["certificate"], "")
if http_response.status_code != 200: if http_response.status_code != 200:
raise ValueError("Finalizing order {0} got errors: {1}".format(http_response.status_code, result)) raise ValueError("Finalizing order {0} got errors: {1}".format(http_response.status_code, result))
if 'link' in http_response.headers:
log.info(" - Certificate links given by server: {0}", http_response.headers['link'])
log.info("Certificate signed and chain received: {0}".format(order["certificate"])) log.info("Certificate signed and chain received: {0}".format(order["certificate"]))
return http_response.text return http_response.text
......
...@@ -25,6 +25,15 @@ Contacts = mailto:mail@example.com;mailto:mail2@example.org ...@@ -25,6 +25,15 @@ Contacts = mailto:mail@example.com;mailto:mail2@example.org
# Default: en # Default: en
Language = en Language = en
# Optional: ask to request different format of certificate file.
# By default, acme-dns-tiny request a certificate chain with format
# "application/pem-certificate-chain"
# If the ACME server used support different format, you can specify it here
# (e.g. application/pkix-cert, applicaiton/pkcs7-mime
# Note that, if the format selected doesn't provide a full chain, you should
# read logs to find the related certificates (see link header with attribute rel=up)
CertificateFormat = application/pem-certificate-chain
[TSIGKeyring] [TSIGKeyring]
# Required TSIG key name # Required TSIG key name
KeyName = host-example KeyName = host-example
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment