Support Lets Encrypt DNS Challenges
* Add exoscale support for Let’s encrypt DNS challenge * Use name->DNS provider mapping from lego lib
This commit is contained in:
parent
d26f06e2d1
commit
71beb4b08f
6 changed files with 335 additions and 30 deletions
51
acme/acme.go
51
acme/acme.go
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/containous/traefik/safe"
|
"github.com/containous/traefik/safe"
|
||||||
"github.com/containous/traefik/types"
|
"github.com/containous/traefik/types"
|
||||||
"github.com/xenolf/lego/acme"
|
"github.com/xenolf/lego/acme"
|
||||||
|
"github.com/xenolf/lego/providers/dns"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
fmtlog "log"
|
fmtlog "log"
|
||||||
"os"
|
"os"
|
||||||
|
@ -20,6 +21,11 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// OSCPMustStaple enables OSCP stapling as from https://github.com/xenolf/lego/issues/270
|
||||||
|
OSCPMustStaple = false
|
||||||
|
)
|
||||||
|
|
||||||
// ACME allows to connect to lets encrypt and retrieve certs
|
// ACME allows to connect to lets encrypt and retrieve certs
|
||||||
type ACME struct {
|
type ACME struct {
|
||||||
Email string `description:"Email address used for registration"`
|
Email string `description:"Email address used for registration"`
|
||||||
|
@ -30,6 +36,9 @@ type ACME struct {
|
||||||
OnHostRule bool `description:"Enable certificate generation on frontends Host rules."`
|
OnHostRule bool `description:"Enable certificate generation on frontends Host rules."`
|
||||||
CAServer string `description:"CA server to use."`
|
CAServer string `description:"CA server to use."`
|
||||||
EntryPoint string `description:"Entrypoint to proxy acme challenge to."`
|
EntryPoint string `description:"Entrypoint to proxy acme challenge to."`
|
||||||
|
DNSProvider string `description:"Use a DNS based challenge provider rather than HTTPS."`
|
||||||
|
DelayDontCheckDNS int `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
|
||||||
|
ACMELogging bool `description:"Enable debug logging of ACME actions."`
|
||||||
client *acme.Client
|
client *acme.Client
|
||||||
defaultCertificate *tls.Certificate
|
defaultCertificate *tls.Certificate
|
||||||
store cluster.Store
|
store cluster.Store
|
||||||
|
@ -79,7 +88,11 @@ type Domain struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *ACME) init() error {
|
func (a *ACME) init() error {
|
||||||
|
if a.ACMELogging {
|
||||||
|
acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
|
||||||
|
} else {
|
||||||
acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
|
acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
|
||||||
|
}
|
||||||
// no certificates in TLS config, so we add a default one
|
// no certificates in TLS config, so we add a default one
|
||||||
cert, err := generateDefaultCertificate()
|
cert, err := generateDefaultCertificate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -382,7 +395,7 @@ func (a *ACME) renewCertificates() error {
|
||||||
CertStableURL: certificateResource.Certificate.CertStableURL,
|
CertStableURL: certificateResource.Certificate.CertStableURL,
|
||||||
PrivateKey: certificateResource.Certificate.PrivateKey,
|
PrivateKey: certificateResource.Certificate.PrivateKey,
|
||||||
Certificate: certificateResource.Certificate.Certificate,
|
Certificate: certificateResource.Certificate.Certificate,
|
||||||
}, true)
|
}, true, OSCPMustStaple)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Error renewing certificate: %v", err)
|
log.Errorf("Error renewing certificate: %v", err)
|
||||||
continue
|
continue
|
||||||
|
@ -415,6 +428,20 @@ func (a *ACME) renewCertificates() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func dnsOverrideDelay(delay int) error {
|
||||||
|
var err error
|
||||||
|
if delay > 0 {
|
||||||
|
log.Debugf("Delaying %d seconds rather than validating DNS propagation", delay)
|
||||||
|
acme.PreCheckDNS = func(_, _ string) (bool, error) {
|
||||||
|
time.Sleep(time.Duration(delay) * time.Second)
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
} else if delay < 0 {
|
||||||
|
err = fmt.Errorf("Invalid negative DelayDontCheckDNS: %d", delay)
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
|
func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
|
||||||
log.Debugf("Building ACME client...")
|
log.Debugf("Building ACME client...")
|
||||||
caServer := "https://acme-v01.api.letsencrypt.org/directory"
|
caServer := "https://acme-v01.api.letsencrypt.org/directory"
|
||||||
|
@ -425,8 +452,28 @@ func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(a.DNSProvider) > 0 {
|
||||||
|
log.Debugf("Using DNS Challenge provider: %s", a.DNSProvider)
|
||||||
|
|
||||||
|
err = dnsOverrideDelay(a.DelayDontCheckDNS)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var provider acme.ChallengeProvider
|
||||||
|
provider, err = dns.NewDNSChallengeProviderByName(a.DNSProvider)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
|
||||||
|
err = client.SetChallengeProvider(acme.DNS01, provider)
|
||||||
|
} else {
|
||||||
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
|
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
|
||||||
err = client.SetChallengeProvider(acme.TLSSNI01, a.challengeProvider)
|
err = client.SetChallengeProvider(acme.TLSSNI01, a.challengeProvider)
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -524,7 +571,7 @@ func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) {
|
||||||
domains = fun.Map(types.CanonicalDomain, domains).([]string)
|
domains = fun.Map(types.CanonicalDomain, domains).([]string)
|
||||||
log.Debugf("Loading ACME certificates %s...", domains)
|
log.Debugf("Loading ACME certificates %s...", domains)
|
||||||
bundle := true
|
bundle := true
|
||||||
certificate, failures := a.client.ObtainCertificate(domains, bundle, nil)
|
certificate, failures := a.client.ObtainCertificate(domains, bundle, nil, OSCPMustStaple)
|
||||||
if len(failures) > 0 {
|
if len(failures) > 0 {
|
||||||
log.Error(failures)
|
log.Error(failures)
|
||||||
return nil, fmt.Errorf("Cannot obtain certificates %s+v", failures)
|
return nil, fmt.Errorf("Cannot obtain certificates %s+v", failures)
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
package acme
|
package acme
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
|
"github.com/xenolf/lego/acme"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
"reflect"
|
"reflect"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
@ -256,3 +260,66 @@ bZME3gHPYCk1QFZUptriMCJ5fMjCgxeOTR+FAkstb/lTRuCc4UyILJguIMar
|
||||||
t.Errorf("Expected new certificate %+v \nGot %+v", newCertificate, domainsCertificates.Certs[0].Certificate)
|
t.Errorf("Expected new certificate %+v \nGot %+v", newCertificate, domainsCertificates.Certs[0].Certificate)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNoPreCheckOverride(t *testing.T) {
|
||||||
|
acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
|
||||||
|
err := dnsOverrideDelay(0)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error in dnsOverrideDelay :%v", err)
|
||||||
|
}
|
||||||
|
if acme.PreCheckDNS != nil {
|
||||||
|
t.Errorf("Unexpected change to acme.PreCheckDNS when leaving DNS verification as is.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSillyPreCheckOverride(t *testing.T) {
|
||||||
|
err := dnsOverrideDelay(-5)
|
||||||
|
if err == nil {
|
||||||
|
t.Errorf("Missing expected error in dnsOverrideDelay!")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPreCheckOverride(t *testing.T) {
|
||||||
|
acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
|
||||||
|
err := dnsOverrideDelay(5)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error in dnsOverrideDelay :%v", err)
|
||||||
|
}
|
||||||
|
if acme.PreCheckDNS == nil {
|
||||||
|
t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAcmeClientCreation(t *testing.T) {
|
||||||
|
acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
|
||||||
|
// Lengthy setup to avoid external web requests - oh for easier golang testing!
|
||||||
|
account := &Account{Email: "f@f"}
|
||||||
|
account.PrivateKey, _ = base64.StdEncoding.DecodeString(`
|
||||||
|
MIIBPAIBAAJBAMp2Ni92FfEur+CAvFkgC12LT4l9D53ApbBpDaXaJkzzks+KsLw9zyAxvlrfAyTCQ
|
||||||
|
7tDnEnIltAXyQ0uOFUUdcMCAwEAAQJAK1FbipATZcT9cGVa5x7KD7usytftLW14heQUPXYNV80r/3
|
||||||
|
lmnpvjL06dffRpwkYeN8DATQF/QOcy3NNNGDw/4QIhAPAKmiZFxA/qmRXsuU8Zhlzf16WrNZ68K64
|
||||||
|
asn/h3qZrAiEA1+wFR3WXCPIolOvd7AHjfgcTKQNkoMPywU4FYUNQ1AkCIQDv8yk0qPjckD6HVCPJ
|
||||||
|
llJh9MC0svjevGtNlxJoE3lmEQIhAKXy1wfZ32/XtcrnENPvi6lzxI0T94X7s5pP3aCoPPoJAiEAl
|
||||||
|
cijFkALeQp/qyeXdFld2v9gUN3eCgljgcl0QweRoIc=---`)
|
||||||
|
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Write([]byte(`{
|
||||||
|
"new-authz": "https://foo/acme/new-authz",
|
||||||
|
"new-cert": "https://foo/acme/new-cert",
|
||||||
|
"new-reg": "https://foo/acme/new-reg",
|
||||||
|
"revoke-cert": "https://foo/acme/revoke-cert"
|
||||||
|
}`))
|
||||||
|
}))
|
||||||
|
defer ts.Close()
|
||||||
|
a := ACME{DNSProvider: "manual", DelayDontCheckDNS: 10, CAServer: ts.URL}
|
||||||
|
|
||||||
|
client, err := a.buildACMEClient(account)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error in buildACMEClient: %v", err)
|
||||||
|
}
|
||||||
|
if client == nil {
|
||||||
|
t.Errorf("No client from buildACMEClient!")
|
||||||
|
}
|
||||||
|
if acme.PreCheckDNS == nil {
|
||||||
|
t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
39
docs/toml.md
39
docs/toml.md
|
@ -282,13 +282,50 @@ email = "test@traefik.io"
|
||||||
#
|
#
|
||||||
storage = "acme.json" # or "traefik/acme/account" if using KV store
|
storage = "acme.json" # or "traefik/acme/account" if using KV store
|
||||||
|
|
||||||
# Entrypoint to proxy acme challenge to.
|
# Entrypoint to proxy acme challenge/apply certificates to.
|
||||||
# WARNING, must point to an entrypoint on port 443
|
# WARNING, must point to an entrypoint on port 443
|
||||||
#
|
#
|
||||||
# Required
|
# Required
|
||||||
#
|
#
|
||||||
entryPoint = "https"
|
entryPoint = "https"
|
||||||
|
|
||||||
|
# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server
|
||||||
|
# Select the provider that matches the DNS domain that will host the challenge TXT record,
|
||||||
|
# and provide environment variables with access keys to enable setting it:
|
||||||
|
# - cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY
|
||||||
|
# - digitalocean: DO_AUTH_TOKEN
|
||||||
|
# - dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_API_KEY
|
||||||
|
# - dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET
|
||||||
|
# - exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET
|
||||||
|
# - gandi: GANDI_API_KEY
|
||||||
|
# - linode: LINODE_API_KEY
|
||||||
|
# - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter
|
||||||
|
# - namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY
|
||||||
|
# - rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
|
||||||
|
# - route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, or configured user/instance IAM profile
|
||||||
|
# - dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD
|
||||||
|
# - vultr: VULTR_API_KEY
|
||||||
|
# - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
|
||||||
|
# - pdns: PDNS_API_KEY, PDNS_API_URL
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# dnsProvider = "digitalocean"
|
||||||
|
|
||||||
|
# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify
|
||||||
|
# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds.
|
||||||
|
# Useful if internal networks block external DNS queries
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# delayDontCheckDNS = 0
|
||||||
|
|
||||||
|
# If true, display debug log messages from the acme client library
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# acmeLogging = true
|
||||||
|
|
||||||
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
|
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
|
||||||
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
|
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
|
||||||
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
||||||
|
|
159
glide.lock
generated
159
glide.lock
generated
|
@ -1,5 +1,5 @@
|
||||||
hash: 26bdc224454872acf1a9a58e0f4c33442a807087286043ed7d8d6640f1a2e8fc
|
hash: 5cd0ec09f964ff53852099686542ab2fd9855f8b0b1541afddd7f03e732f0fa9
|
||||||
updated: 2016-12-05T21:21:43.691375582+01:00
|
updated: 2016-12-07T00:59:08.1129085Z
|
||||||
imports:
|
imports:
|
||||||
- name: github.com/abbot/go-http-auth
|
- name: github.com/abbot/go-http-auth
|
||||||
version: cb4372376e1e00e9f6ab9ec142e029302c9e7140
|
version: cb4372376e1e00e9f6ab9ec142e029302c9e7140
|
||||||
|
@ -9,6 +9,43 @@ imports:
|
||||||
- eureka
|
- eureka
|
||||||
- name: github.com/ArthurHlt/gominlog
|
- name: github.com/ArthurHlt/gominlog
|
||||||
version: 068c01ce147ad68fca25ef3fa29ae5395ae273ab
|
version: 068c01ce147ad68fca25ef3fa29ae5395ae273ab
|
||||||
|
- name: github.com/aws/aws-sdk-go
|
||||||
|
version: 90dec2183a5f5458ee79cbaf4b8e9ab910bc81a6
|
||||||
|
subpackages:
|
||||||
|
- aws
|
||||||
|
- aws/awserr
|
||||||
|
- aws/awsutil
|
||||||
|
- aws/client
|
||||||
|
- aws/client/metadata
|
||||||
|
- aws/corehandlers
|
||||||
|
- aws/credentials
|
||||||
|
- aws/credentials/ec2rolecreds
|
||||||
|
- aws/defaults
|
||||||
|
- aws/ec2metadata
|
||||||
|
- aws/request
|
||||||
|
- aws/session
|
||||||
|
- aws/signer/v4
|
||||||
|
- private/endpoints
|
||||||
|
- private/protocol
|
||||||
|
- private/protocol/query
|
||||||
|
- private/protocol/query/queryutil
|
||||||
|
- private/protocol/rest
|
||||||
|
- private/protocol/restxml
|
||||||
|
- private/protocol/xml/xmlutil
|
||||||
|
- private/waiter
|
||||||
|
- service/route53
|
||||||
|
- name: github.com/Azure/azure-sdk-for-go
|
||||||
|
version: 0984e0641ae43b89283223034574d6465be93bf4
|
||||||
|
subpackages:
|
||||||
|
- arm/dns
|
||||||
|
- name: github.com/Azure/go-autorest
|
||||||
|
version: e0c77ecbe74311e03f2a629834d2110f031f1453
|
||||||
|
subpackages:
|
||||||
|
- autorest
|
||||||
|
- autorest/azure
|
||||||
|
- autorest/date
|
||||||
|
- autorest/to
|
||||||
|
- autorest/validation
|
||||||
- name: github.com/blang/semver
|
- name: github.com/blang/semver
|
||||||
version: 3a37c301dda64cbe17f16f661b4c976803c0e2d2
|
version: 3a37c301dda64cbe17f16f661b4c976803c0e2d2
|
||||||
- name: github.com/boltdb/bolt
|
- name: github.com/boltdb/bolt
|
||||||
|
@ -36,8 +73,6 @@ imports:
|
||||||
- name: github.com/coreos/etcd
|
- name: github.com/coreos/etcd
|
||||||
version: c400d05d0aa73e21e431c16145e558d624098018
|
version: c400d05d0aa73e21e431c16145e558d624098018
|
||||||
subpackages:
|
subpackages:
|
||||||
- Godeps/_workspace/src/github.com/ugorji/go/codec
|
|
||||||
- Godeps/_workspace/src/golang.org/x/net/context
|
|
||||||
- client
|
- client
|
||||||
- pkg/pathutil
|
- pkg/pathutil
|
||||||
- pkg/types
|
- pkg/types
|
||||||
|
@ -54,9 +89,8 @@ imports:
|
||||||
subpackages:
|
subpackages:
|
||||||
- daemon
|
- daemon
|
||||||
- name: github.com/coreos/pkg
|
- name: github.com/coreos/pkg
|
||||||
version: 2c77715c4df99b5420ffcae14ead08f52104065d
|
version: 447b7ec906e523386d9c53be15b55a8ae86ea944
|
||||||
subpackages:
|
subpackages:
|
||||||
- capnslog
|
|
||||||
- health
|
- health
|
||||||
- httputil
|
- httputil
|
||||||
- timeutil
|
- timeutil
|
||||||
|
@ -66,6 +100,10 @@ imports:
|
||||||
- spew
|
- spew
|
||||||
- name: github.com/daviddengcn/go-colortext
|
- name: github.com/daviddengcn/go-colortext
|
||||||
version: 3b18c8575a432453d41fdafb340099fff5bba2f7
|
version: 3b18c8575a432453d41fdafb340099fff5bba2f7
|
||||||
|
- name: github.com/decker502/dnspod-go
|
||||||
|
version: f6b1d56f1c048bd94d7e42ac36efb4d57b069b6f
|
||||||
|
- name: github.com/dgrijalva/jwt-go
|
||||||
|
version: 9ed569b5d1ac936e6494082958d63a6aa4fff99a
|
||||||
- name: github.com/docker/distribution
|
- name: github.com/docker/distribution
|
||||||
version: 99cb7c0946d2f5a38015443e515dc916295064d7
|
version: 99cb7c0946d2f5a38015443e515dc916295064d7
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -153,7 +191,7 @@ imports:
|
||||||
- sockets
|
- sockets
|
||||||
- tlsconfig
|
- tlsconfig
|
||||||
- name: github.com/docker/go-units
|
- name: github.com/docker/go-units
|
||||||
version: f2145db703495b2e525c59662db69a7344b00bb8
|
version: f2d77a61e3c169b43402a0a1e84f06daf29b8190
|
||||||
- name: github.com/docker/leadership
|
- name: github.com/docker/leadership
|
||||||
version: 0a913e2d71a12fd14a028452435cb71ac8d82cb6
|
version: 0a913e2d71a12fd14a028452435cb71ac8d82cb6
|
||||||
- name: github.com/docker/libkv
|
- name: github.com/docker/libkv
|
||||||
|
@ -166,6 +204,14 @@ imports:
|
||||||
- store/zookeeper
|
- store/zookeeper
|
||||||
- name: github.com/donovanhide/eventsource
|
- name: github.com/donovanhide/eventsource
|
||||||
version: fd1de70867126402be23c306e1ce32828455d85b
|
version: fd1de70867126402be23c306e1ce32828455d85b
|
||||||
|
- name: github.com/edeckers/auroradnsclient
|
||||||
|
version: 8b777c170cfd377aa16bb4368f093017dddef3f9
|
||||||
|
subpackages:
|
||||||
|
- records
|
||||||
|
- requests
|
||||||
|
- requests/errors
|
||||||
|
- tokens
|
||||||
|
- zones
|
||||||
- name: github.com/elazarl/go-bindata-assetfs
|
- name: github.com/elazarl/go-bindata-assetfs
|
||||||
version: 9a6736ed45b44bf3835afeebb3034b57ed329f3e
|
version: 9a6736ed45b44bf3835afeebb3034b57ed329f3e
|
||||||
- name: github.com/emicklei/go-restful
|
- name: github.com/emicklei/go-restful
|
||||||
|
@ -176,7 +222,9 @@ imports:
|
||||||
- name: github.com/gambol99/go-marathon
|
- name: github.com/gambol99/go-marathon
|
||||||
version: a558128c87724cd7430060ef5aedf39f83937f55
|
version: a558128c87724cd7430060ef5aedf39f83937f55
|
||||||
- name: github.com/ghodss/yaml
|
- name: github.com/ghodss/yaml
|
||||||
version: a54de18a07046d8c4b26e9327698a2ebb9285b36
|
version: 04f313413ffd65ce25f2541bfd2b2ceec5c0908c
|
||||||
|
- name: github.com/go-ini/ini
|
||||||
|
version: 6e4869b434bd001f6983749881c7ead3545887d8
|
||||||
- name: github.com/go-openapi/jsonpointer
|
- name: github.com/go-openapi/jsonpointer
|
||||||
version: 8d96a2dc61536b690bd36b2e9df0b3c0b62825b2
|
version: 8d96a2dc61536b690bd36b2e9df0b3c0b62825b2
|
||||||
- name: github.com/go-openapi/jsonreference
|
- name: github.com/go-openapi/jsonreference
|
||||||
|
@ -193,11 +241,11 @@ imports:
|
||||||
- name: github.com/golang/glog
|
- name: github.com/golang/glog
|
||||||
version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
|
version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
|
||||||
- name: github.com/golang/protobuf
|
- name: github.com/golang/protobuf
|
||||||
version: 5677a0e3d5e89854c9974e1256839ee23f8233ca
|
version: 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3
|
||||||
subpackages:
|
subpackages:
|
||||||
- proto
|
- proto
|
||||||
- name: github.com/google/go-github
|
- name: github.com/google/go-github
|
||||||
version: 55263f30529cb06f5b478efc333390b791cfe3b1
|
version: 171a9316fc826fdb616072bd967483452eb1e2cf
|
||||||
subpackages:
|
subpackages:
|
||||||
- github
|
- github
|
||||||
- name: github.com/google/go-querystring
|
- name: github.com/google/go-querystring
|
||||||
|
@ -207,7 +255,7 @@ imports:
|
||||||
- name: github.com/google/gofuzz
|
- name: github.com/google/gofuzz
|
||||||
version: 44d81051d367757e1c7c6a5a86423ece9afcf63c
|
version: 44d81051d367757e1c7c6a5a86423ece9afcf63c
|
||||||
- name: github.com/gorilla/context
|
- name: github.com/gorilla/context
|
||||||
version: 08b5f424b9271eedf6f9f0ce86cb9396ed337a42
|
version: 215affda49addc4c8ef7e2534915df2c8c35c6cd
|
||||||
- name: github.com/hashicorp/consul
|
- name: github.com/hashicorp/consul
|
||||||
version: d8e2fb7dd594163e25a89bc52c1a4613f5c5bfb8
|
version: d8e2fb7dd594163e25a89bc52c1a4613f5c5bfb8
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -220,18 +268,24 @@ imports:
|
||||||
version: b03bf85930b2349eb04b97c8fac437495296e3e7
|
version: b03bf85930b2349eb04b97c8fac437495296e3e7
|
||||||
subpackages:
|
subpackages:
|
||||||
- coordinate
|
- coordinate
|
||||||
|
- name: github.com/JamesClonk/vultr
|
||||||
|
version: 856756262c464845b836a3246e00dfffac4c5342
|
||||||
|
subpackages:
|
||||||
|
- lib
|
||||||
- name: github.com/jarcoal/httpmock
|
- name: github.com/jarcoal/httpmock
|
||||||
version: 145b10d659265440f062c31ea15326166bae56ee
|
version: 145b10d659265440f062c31ea15326166bae56ee
|
||||||
|
- name: github.com/jmespath/go-jmespath
|
||||||
|
version: bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d
|
||||||
- name: github.com/jonboulle/clockwork
|
- name: github.com/jonboulle/clockwork
|
||||||
version: 72f9bd7c4e0c2a40055ab3d0f09654f730cce982
|
version: bcac9884e7502bb2b474c0339d889cb981a2f27f
|
||||||
- name: github.com/juju/ratelimit
|
- name: github.com/juju/ratelimit
|
||||||
version: 77ed1c8a01217656d2080ad51981f6e99adaa177
|
version: 77ed1c8a01217656d2080ad51981f6e99adaa177
|
||||||
- name: github.com/mailgun/manners
|
- name: github.com/mailgun/manners
|
||||||
version: a585afd9d65c0e05f6c003f921e71ebc05074f4f
|
version: a585afd9d65c0e05f6c003f921e71ebc05074f4f
|
||||||
- name: github.com/mailgun/timetools
|
- name: github.com/mailgun/timetools
|
||||||
version: fd192d755b00c968d312d23f521eb0cdc6f66bd0
|
version: 7e6055773c5137efbeb3bd2410d705fe10ab6bfd
|
||||||
- name: github.com/mailru/easyjson
|
- name: github.com/mailru/easyjson
|
||||||
version: 159cdb893c982e3d1bc6450322fedd514f9c9de3
|
version: 304d3dc6fae850e62b7db2aee661d9d7b628cef0
|
||||||
subpackages:
|
subpackages:
|
||||||
- buffer
|
- buffer
|
||||||
- jlexer
|
- jlexer
|
||||||
|
@ -274,10 +328,14 @@ imports:
|
||||||
version: 02f8fa7863dd3f82909a73e2061897828460d52f
|
version: 02f8fa7863dd3f82909a73e2061897828460d52f
|
||||||
subpackages:
|
subpackages:
|
||||||
- libcontainer/user
|
- libcontainer/user
|
||||||
|
- name: github.com/ovh/go-ovh
|
||||||
|
version: d2b2eae2511fa5fcd0bdef9f1790ea3979fa35d4
|
||||||
|
subpackages:
|
||||||
|
- ovh
|
||||||
- name: github.com/parnurzeal/gorequest
|
- name: github.com/parnurzeal/gorequest
|
||||||
version: e30af16d4e485943aab0b0885ad6bdbb8c0d3dc7
|
version: e30af16d4e485943aab0b0885ad6bdbb8c0d3dc7
|
||||||
- name: github.com/pborman/uuid
|
- name: github.com/pborman/uuid
|
||||||
version: 3d4f2ba23642d3cfd06bd4b54cf03d99d95c0f1b
|
version: 5007efa264d92316c43112bc573e754bc889b7b1
|
||||||
- name: github.com/pmezard/go-difflib
|
- name: github.com/pmezard/go-difflib
|
||||||
version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
|
version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -286,6 +344,10 @@ imports:
|
||||||
version: 0bcb03f4b4d0a9428594752bd2a3b9aa0a9d4bd4
|
version: 0bcb03f4b4d0a9428594752bd2a3b9aa0a9d4bd4
|
||||||
- name: github.com/PuerkitoBio/urlesc
|
- name: github.com/PuerkitoBio/urlesc
|
||||||
version: 5bd2802263f21d8788851d5305584c82a5c75d7e
|
version: 5bd2802263f21d8788851d5305584c82a5c75d7e
|
||||||
|
- name: github.com/pyr/egoscale
|
||||||
|
version: ab4b0d7ff424c462da486aef27f354cdeb29a319
|
||||||
|
subpackages:
|
||||||
|
- src/egoscale
|
||||||
- name: github.com/ryanuber/go-glob
|
- name: github.com/ryanuber/go-glob
|
||||||
version: 572520ed46dbddaed19ea3d9541bdd0494163693
|
version: 572520ed46dbddaed19ea3d9541bdd0494163693
|
||||||
- name: github.com/samuel/go-zookeeper
|
- name: github.com/samuel/go-zookeeper
|
||||||
|
@ -295,7 +357,7 @@ imports:
|
||||||
- name: github.com/satori/go.uuid
|
- name: github.com/satori/go.uuid
|
||||||
version: 879c5887cd475cd7864858769793b2ceb0d44feb
|
version: 879c5887cd475cd7864858769793b2ceb0d44feb
|
||||||
- name: github.com/Sirupsen/logrus
|
- name: github.com/Sirupsen/logrus
|
||||||
version: 3ec0642a7fb6488f65b06f9040adc67e3990296a
|
version: f7f79f729e0fbe2fcc061db48a9ba0263f588252
|
||||||
- name: github.com/spf13/pflag
|
- name: github.com/spf13/pflag
|
||||||
version: 5644820622454e71517561946e3d94b9f9db6842
|
version: 5644820622454e71517561946e3d94b9f9db6842
|
||||||
- name: github.com/streamrail/concurrent-map
|
- name: github.com/streamrail/concurrent-map
|
||||||
|
@ -309,6 +371,10 @@ imports:
|
||||||
- mock
|
- mock
|
||||||
- name: github.com/thoas/stats
|
- name: github.com/thoas/stats
|
||||||
version: 152b5d051953fdb6e45f14b6826962aadc032324
|
version: 152b5d051953fdb6e45f14b6826962aadc032324
|
||||||
|
- name: github.com/timewasted/linode
|
||||||
|
version: 37e84520dcf74488f67654f9c775b9752c232dc1
|
||||||
|
subpackages:
|
||||||
|
- dns
|
||||||
- name: github.com/tv42/zbase32
|
- name: github.com/tv42/zbase32
|
||||||
version: 03389da7e0bf9844767f82690f4d68fc097a1306
|
version: 03389da7e0bf9844767f82690f4d68fc097a1306
|
||||||
- name: github.com/ugorji/go
|
- name: github.com/ugorji/go
|
||||||
|
@ -318,7 +384,7 @@ imports:
|
||||||
- name: github.com/unrolled/render
|
- name: github.com/unrolled/render
|
||||||
version: 526faf80cd4b305bb8134abea8d20d5ced74faa6
|
version: 526faf80cd4b305bb8134abea8d20d5ced74faa6
|
||||||
- name: github.com/urfave/negroni
|
- name: github.com/urfave/negroni
|
||||||
version: e0e50f7dc431c043cb33f91b09c3419d48b7cff5
|
version: cd9734011043904139c24dbad9a71b21f1586f36
|
||||||
- name: github.com/vdemeester/docker-events
|
- name: github.com/vdemeester/docker-events
|
||||||
version: be74d4929ec1ad118df54349fda4b0cba60f849b
|
version: be74d4929ec1ad118df54349fda4b0cba60f849b
|
||||||
- name: github.com/vulcand/oxy
|
- name: github.com/vulcand/oxy
|
||||||
|
@ -334,7 +400,7 @@ imports:
|
||||||
- stream
|
- stream
|
||||||
- utils
|
- utils
|
||||||
- name: github.com/vulcand/predicate
|
- name: github.com/vulcand/predicate
|
||||||
version: 19b9dde14240d94c804ae5736ad0e1de10bf8fe6
|
version: cb0bff91a7ab7cf7571e661ff883fc997bc554a3
|
||||||
- name: github.com/vulcand/route
|
- name: github.com/vulcand/route
|
||||||
version: cb89d787ddbb1c5849a7ac9f79004c1fd12a4a32
|
version: cb89d787ddbb1c5849a7ac9f79004c1fd12a4a32
|
||||||
- name: github.com/vulcand/vulcand
|
- name: github.com/vulcand/vulcand
|
||||||
|
@ -344,10 +410,35 @@ imports:
|
||||||
- plugin
|
- plugin
|
||||||
- plugin/rewrite
|
- plugin/rewrite
|
||||||
- router
|
- router
|
||||||
|
- name: github.com/weppos/dnsimple-go
|
||||||
|
version: 65c1ca73cb19baf0f8b2b33219b7f57595a3ccb0
|
||||||
|
subpackages:
|
||||||
|
- dnsimple
|
||||||
- name: github.com/xenolf/lego
|
- name: github.com/xenolf/lego
|
||||||
version: b2fad6198110326662e9e356a97199078a4a775c
|
version: cbd5d04c891979c23c3924f198e07ce32b39d282
|
||||||
subpackages:
|
subpackages:
|
||||||
- acme
|
- acme
|
||||||
|
- providers/dns
|
||||||
|
- providers/dns/auroradns
|
||||||
|
- providers/dns/azure
|
||||||
|
- providers/dns/cloudflare
|
||||||
|
- providers/dns/digitalocean
|
||||||
|
- providers/dns/dnsimple
|
||||||
|
- providers/dns/dnsmadeeasy
|
||||||
|
- providers/dns/dnspod
|
||||||
|
- providers/dns/dyn
|
||||||
|
- providers/dns/exoscale
|
||||||
|
- providers/dns/gandi
|
||||||
|
- providers/dns/googlecloud
|
||||||
|
- providers/dns/linode
|
||||||
|
- providers/dns/namecheap
|
||||||
|
- providers/dns/ns1
|
||||||
|
- providers/dns/ovh
|
||||||
|
- providers/dns/pdns
|
||||||
|
- providers/dns/rackspace
|
||||||
|
- providers/dns/rfc2136
|
||||||
|
- providers/dns/route53
|
||||||
|
- providers/dns/vultr
|
||||||
- name: golang.org/x/crypto
|
- name: golang.org/x/crypto
|
||||||
version: 4ed45ec682102c643324fae5dff8dab085b6c300
|
version: 4ed45ec682102c643324fae5dff8dab085b6c300
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -358,6 +449,7 @@ imports:
|
||||||
version: d4c55e66d8c3a2f3382d264b08e3e3454a66355a
|
version: d4c55e66d8c3a2f3382d264b08e3e3454a66355a
|
||||||
subpackages:
|
subpackages:
|
||||||
- context
|
- context
|
||||||
|
- context/ctxhttp
|
||||||
- http2
|
- http2
|
||||||
- http2/hpack
|
- http2/hpack
|
||||||
- idna
|
- idna
|
||||||
|
@ -365,7 +457,7 @@ imports:
|
||||||
- proxy
|
- proxy
|
||||||
- publicsuffix
|
- publicsuffix
|
||||||
- name: golang.org/x/oauth2
|
- name: golang.org/x/oauth2
|
||||||
version: 3046bc76d6dfd7d3707f6640f85e42d9c4050f50
|
version: 045497edb6234273d67dbc25da3f2ddbc4c4cacf
|
||||||
subpackages:
|
subpackages:
|
||||||
- google
|
- google
|
||||||
- internal
|
- internal
|
||||||
|
@ -378,10 +470,20 @@ imports:
|
||||||
- windows
|
- windows
|
||||||
- name: golang.org/x/text
|
- name: golang.org/x/text
|
||||||
version: 5c6cf4f9a2357d38515014cea8c488ed22bdab90
|
version: 5c6cf4f9a2357d38515014cea8c488ed22bdab90
|
||||||
|
repo: https://github.com/golang/text.git
|
||||||
|
vcs: git
|
||||||
subpackages:
|
subpackages:
|
||||||
|
- .
|
||||||
- transform
|
- transform
|
||||||
- unicode/norm
|
- unicode/norm
|
||||||
- width
|
- width
|
||||||
|
- name: google.golang.org/api
|
||||||
|
version: 9bf6e6e569ff057f75d9604a46c52928f17d2b54
|
||||||
|
subpackages:
|
||||||
|
- dns/v1
|
||||||
|
- gensupport
|
||||||
|
- googleapi
|
||||||
|
- googleapi/internal/uritemplates
|
||||||
- name: google.golang.org/appengine
|
- name: google.golang.org/appengine
|
||||||
version: 12d5545dc1cfa6047a286d5e853841b6471f4c19
|
version: 12d5545dc1cfa6047a286d5e853841b6471f4c19
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -395,18 +497,31 @@ imports:
|
||||||
- internal/urlfetch
|
- internal/urlfetch
|
||||||
- urlfetch
|
- urlfetch
|
||||||
- name: google.golang.org/cloud
|
- name: google.golang.org/cloud
|
||||||
version: f20d6dcccb44ed49de45ae3703312cb46e627db1
|
version: 975617b05ea8a58727e6c1a06b6161ff4185a9f2
|
||||||
subpackages:
|
subpackages:
|
||||||
- compute/metadata
|
- compute/metadata
|
||||||
- internal
|
- internal
|
||||||
|
- internal/opts
|
||||||
|
- storage
|
||||||
- name: gopkg.in/fsnotify.v1
|
- name: gopkg.in/fsnotify.v1
|
||||||
version: 944cff21b3baf3ced9a880365682152ba577d348
|
version: 944cff21b3baf3ced9a880365682152ba577d348
|
||||||
- name: gopkg.in/inf.v0
|
- name: gopkg.in/inf.v0
|
||||||
version: 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
|
version: 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
|
||||||
|
- name: gopkg.in/ini.v1
|
||||||
|
version: 6e4869b434bd001f6983749881c7ead3545887d8
|
||||||
- name: gopkg.in/mgo.v2
|
- name: gopkg.in/mgo.v2
|
||||||
version: 22287bab4379e1fbf6002fb4eb769888f3fb224c
|
version: 22287bab4379e1fbf6002fb4eb769888f3fb224c
|
||||||
subpackages:
|
subpackages:
|
||||||
- bson
|
- bson
|
||||||
|
- name: gopkg.in/ns1/ns1-go.v2
|
||||||
|
version: d8d10b7f448291ddbdce48d4594fb1b667014c8b
|
||||||
|
subpackages:
|
||||||
|
- rest
|
||||||
|
- rest/model/account
|
||||||
|
- rest/model/data
|
||||||
|
- rest/model/dns
|
||||||
|
- rest/model/filter
|
||||||
|
- rest/model/monitor
|
||||||
- name: gopkg.in/square/go-jose.v1
|
- name: gopkg.in/square/go-jose.v1
|
||||||
version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d
|
version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -547,7 +662,7 @@ testImports:
|
||||||
- name: github.com/flynn/go-shlex
|
- name: github.com/flynn/go-shlex
|
||||||
version: 3f9db97f856818214da2e1057f8ad84803971cff
|
version: 3f9db97f856818214da2e1057f8ad84803971cff
|
||||||
- name: github.com/go-check/check
|
- name: github.com/go-check/check
|
||||||
version: 4f90aeace3a26ad7021961c297b22c42160c7b25
|
version: 11d3bc7aa68e238947792f30573146a3231fc0f1
|
||||||
- name: github.com/gorilla/mux
|
- name: github.com/gorilla/mux
|
||||||
version: e444e69cbd2e2e3e0749a2f3c717cec491552bbf
|
version: e444e69cbd2e2e3e0749a2f3c717cec491552bbf
|
||||||
- name: github.com/libkermit/compose
|
- name: github.com/libkermit/compose
|
||||||
|
|
|
@ -29,6 +29,8 @@ import:
|
||||||
- types
|
- types
|
||||||
- types/events
|
- types/events
|
||||||
- types/filters
|
- types/filters
|
||||||
|
- package: github.com/docker/go-units
|
||||||
|
version: v0.3.1
|
||||||
- package: github.com/docker/go-connections
|
- package: github.com/docker/go-connections
|
||||||
subpackages:
|
subpackages:
|
||||||
- sockets
|
- sockets
|
||||||
|
@ -62,7 +64,7 @@ import:
|
||||||
subpackages:
|
subpackages:
|
||||||
- plugin/rewrite
|
- plugin/rewrite
|
||||||
- package: github.com/xenolf/lego
|
- package: github.com/xenolf/lego
|
||||||
version: b2fad6198110326662e9e356a97199078a4a775c
|
version: cbd5d04c891979c23c3924f198e07ce32b39d282
|
||||||
subpackages:
|
subpackages:
|
||||||
- acme
|
- acme
|
||||||
- package: golang.org/x/net
|
- package: golang.org/x/net
|
||||||
|
|
|
@ -127,13 +127,50 @@
|
||||||
#
|
#
|
||||||
# storage = "acme.json" # or "traefik/acme/account" if using KV store
|
# storage = "acme.json" # or "traefik/acme/account" if using KV store
|
||||||
|
|
||||||
# Entrypoint to proxy acme challenge to.
|
# Entrypoint to proxy acme challenge/apply certificates to.
|
||||||
# WARNING, must point to an entrypoint on port 443
|
# WARNING, must point to an entrypoint on port 443
|
||||||
#
|
#
|
||||||
# Required
|
# Required
|
||||||
#
|
#
|
||||||
# entryPoint = "https"
|
# entryPoint = "https"
|
||||||
|
|
||||||
|
# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server
|
||||||
|
# Select the provider that matches the DNS domain that will host the challenge TXT record,
|
||||||
|
# and provide environment variables with access keys to enable setting it:
|
||||||
|
# - cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY
|
||||||
|
# - digitalocean: DO_AUTH_TOKEN
|
||||||
|
# - dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_API_KEY
|
||||||
|
# - dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET
|
||||||
|
# - exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET
|
||||||
|
# - gandi: GANDI_API_KEY
|
||||||
|
# - linode: LINODE_API_KEY
|
||||||
|
# - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter
|
||||||
|
# - namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY
|
||||||
|
# - rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
|
||||||
|
# - route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, or configured user/instance IAM profile
|
||||||
|
# - dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD
|
||||||
|
# - vultr: VULTR_API_KEY
|
||||||
|
# - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
|
||||||
|
# - pdns: PDNS_API_KEY, PDNS_API_URL
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# dnsProvider = "digitalocean"
|
||||||
|
|
||||||
|
# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify
|
||||||
|
# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds.
|
||||||
|
# Useful if internal networks block external DNS queries
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# delayDontCheckDNS = 0
|
||||||
|
|
||||||
|
# If true, display debug log messages from the acme client library
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# acmeLogging = true
|
||||||
|
|
||||||
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
|
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
|
||||||
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
|
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
|
||||||
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
||||||
|
|
Loading…
Reference in a new issue