Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DietPi-LetsEncrypt | Add multi-domain + standalone + OCSP + Lighttpd IPv6 #4220

Merged
merged 11 commits into from
Apr 3, 2021

Conversation

MichaIng
Copy link
Owner

@MichaIng MichaIng commented Mar 25, 2021

Status: Ready

Commit list/description:

  • DietPi-LetsEncrypt | Add multi-domain support
  • DietPi-LetsEncrypt | Allow running Cerbot in standalone mode when no webserver was detected, e.g. when the certificate are required for other installed web applications
  • DietPi-LetsEncrypt | Detect installed webservers via their systemd unit, as this is what is required to correctly start/stop/restart it
  • DietPi-LetsEncrypt | Allow to toggle OCSP stapling
  • DietPi-LetsEncrypt | Do not start/stop/restart all services in general but only those where changes have been applied
  • DietPi-LetsEncrypt | Abandon the log file. It basically needs to be called interactively to do inputs, the automated run can only work if inputs have been done before and basically lost its purpose as its not used anymore for certificate renewals like years ago.

+ DietPi-LetsEncrypt | Add multi-domain support
@MichaIng MichaIng added this to the v7.1 milestone Mar 25, 2021
+ DietPi-LetsEncrypt | Allow running Cerbot in standalone mode when no webserver was detected, e.g. when the certificate are required for other installed web applications
+ DietPi-LetsEncrypt | Detect installed webservers via their systemd unit, as this is what is required to correctly start/stop/restart it
+ DietPi-LetsEncrypt | Allow to toggle OCSP stapling
+ DietPi-LetsEncrypt | Do not start/stop/restart all services in general but only those where changes have been applied
+ DietPi-LetsEncrypt | Abandon the log file. It basically needs to be called interactively to do inputs, the automated run can only work if inputs have been done before and basically lost its purpose as its not used anymore for certificate renewals like years ago.
@MichaIng MichaIng linked an issue Mar 25, 2021 that may be closed by this pull request
MichaIng added 6 commits April 3, 2021 16:06
+ DietPi-LetsEncrypt | Minor
+ DietPi-LetsEncrypt | Fix input boxes, remove dedicated function
+ DietPi-LetsEncrypt | Do not store settings before anything has been changed or applied. If Cerbot is not executed, its better to load fresh (DietPi version based) defaults on next execution rather than the probably changed previously stored defaults.
+ DietPi-LetsEncrypt | Use exit codes when executing non-interactively
+ DietPi-LetsEncrypt | Some fixes
+ DietPi-LetsEncrypt | To no show whiptail error prompt when Certbot fails, executed from menu. A "read -p" allows to review the console output and see the always printed "G_DIETPI-NOTIFY 2" error message. The whiptail, depending on terminal, can overwrite the Certbot output. Also do not try to show the exit code, as we do not store it anymore.
+ DietPi-LetsEncrypt | Skip obsolete fp_defaultsite variable
+ CHANGELOG | DietPi-LetsEncrypt: Added multi-domain + standalone + OCSP support
@MichaIng MichaIng linked an issue Apr 3, 2021 that may be closed by this pull request
+ DietPi-LetsEncrypt | Disable deprecated TLS versions 1.0 and 1.1 on Lighttpd from Buster on. The Lighttpd v1.4.45, shipped with Debian Stretch, this is not possible yet.
+ DietPi-LetsEncrypt | Enable HTTPS for IPv6. It is added statically, which works fine as long as the kernel feature/module has not been disabled. But there are other cases where the disabled kernel feature causes issues, which is the reason we disable IPv6 only via sysctl. We can switch to dynamic IPv6 HTTPS, if we receive related reports from users, but those who manually disable the IPv6 kernel feature or blacklist the kernel module (where it is a module only) will likely know how to fix it themselves. This solves #1840.
@MichaIng MichaIng changed the title DietPi-LetsEncrypt | Add multi-domain support DietPi-LetsEncrypt | Add multi-domain + standalone + OCSP + Lighttpd IPv6 Apr 3, 2021
MichaIng added 2 commits April 3, 2021 20:21
+ CHANGELOG | Lighttpd: HTTPS is now enabled for IPv6 requests and the deprecated TLSv1.0 and TLSv1.1 are disabled from Debian Buster on
@MichaIng MichaIng merged commit 64ca3e6 into dev Apr 3, 2021
@MichaIng MichaIng deleted the dietpi-letsencrypt branch April 3, 2021 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

DietPi-LetsEncrypt | IPv6 support on Lighttpd with HTTPS DietPi-LetsEncrypt | Support multiple domains
1 participant