Closed CasualRascal closed 2 years ago
Dehydrated fully supports EAB, just set EAB_KID
and EAB_HMAC_KEY
in your config file. Guess this should be a bit better documented, but that's something I've been working on anyway.
You are right it works* both with the parameter --ca https://acme.ssl.com/sslcom-dv-ecc
and --ca https://acme.ssl.com/sslcom-dv-rsa
I tried adding a preset for it but the preset would not work at all.
--- dehydrated 2022-01-13 19:08:55.674048326 +0100
+++ dehydrated-sslcom 2022-01-13 19:11:09.250614925 +0100
@@ -344,9 +344,11 @@
CA_LETSENCRYPT_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
CA_BUYPASS="https://api.buypass.com/acme/directory"
CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
+ CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa"
+ CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
# Default values
- CA="letsencrypt"
+ CA="sslcom-rsa"
OLDCA=
CERTDIR=
ALPNCERTDIR=
@@ -470,6 +472,10 @@
CA="${CA_BUYPASS}"
elif [ "${CA}" = "buypass-test" ]; then
CA="${CA_BUYPASS_TEST}"
+ elif [ "${CA}" = "sslcom-rsa" ]; then
+ CA="${CA_SSLCOM_RSA}"
+ elif [ "${CA}" = "sslcom-ecc" ]; then
+ CA="${CA_SSLCOM_ECC}"
fi
if [[ -z "${OLDCA}" ]] && [[ "${CA}" = "https://acme-v02.api.letsencrypt.org/directory" ]]; then
Could you add the presets? I am definitely missing something.
*I have been able to create an account and request valid certificates, however there is no API support. Something like the Zero SSL special sauce, but SSL.com flavored. For my purposes, this does not concern me.
Dehydrated fully supports EAB, just set
EAB_KID
andEAB_HMAC_KEY
in your config file. Guess this should be a bit better documented, but that's something I've been working on anyway.
I think adding this to examples/config would be helpful. That's where I looked for it before landing here.
I ran into a problem with SSL.com
The CA also allows issuing free SSL certificates, but it requires users to sign up for an account on their website and providing an account key and hmac key when creating an ACME account via the ACME client.
This behavior is described on this page of their website and is also described in RFC8555#7.3.4
Please add this capability to dehydrated.
P.S. this is a beautiful script, I love it. Please keep up the great work.