acme_certificate: allow to request renewal of a certificate according to ARI #739
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
felixfontein
force-pushed
the
ari-renewal
branch
from
787238e to
4c8c5cf
Compare
Docs Build 📝Thank you for contribution!✨ This PR has been merged and the docs are now incorporated into |
felixfontein
commented
Apr 30, 2024
| fails in case the challenges cannot be set up. If the playbook/role does not record the order data to | ||
| continue with the existing order, but tries to create a new one on the next run, creating the new order | ||
| might fail. For this reason, this option should only be set to a value different from V(never) if the | ||
| role/playbook using it keeps track of order data accross restarts. |
There was a problem hiding this comment.
I'm currently thinking of how to better handle this situation. The best way would to make it possible to disable orders, which cannot be done directly, but by disabling its authorizations. (If you don't want to wait for the order to expire.) I'll provide a solution for that in another PR, and in that PR I will also update this description accordingly.
(It might be a good idea to split this module into multiple modules anyway, especially the two-step process makes this module really quirky... But that's another topic :) )
felixfontein
added a commit
that referenced
this pull request
May 11, 2024
Revert "Fix documentation. (#751)" Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)" Revert "Refactor and extend argument spec helper, use for ACME modules (#749)" Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)" Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)" Revert "Add acme_certificate_renewal_info module (#746)" Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)" Revert "Add tests for acme_certificate_deactivate_authz module. (#744)" Revert "Create acme_certificate_deactivate_authz module (#741)" Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)" Revert "Implement basic acme_ari_info module. (#732)" Revert "Add function for retrieval of ARI information. (#738)" Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)" Revert "Implement certificate information retrieval code in the ACME backends. (#736)" Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)" This reverts commits 5e59c52, aa82575, f3c9cb7, f82b335, 553ab45, 59606d4, 0a15be1, 9501a28, d906914, 33d278a, 6d4fc58, 9614b09, af5f4b5, c6fbe58, and afe7f75.
austinlucaslake
pushed a commit
to austinlucaslake/community.crypto
that referenced
this pull request
May 25, 2024
Revert "Fix documentation. (ansible-collections#751)" Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (ansible-collections#750)" Revert "Refactor and extend argument spec helper, use for ACME modules (ansible-collections#749)" Revert "Avoid exception if certificate has no AKI in acme_certificate. (ansible-collections#748)" Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (ansible-collections#747)" Revert "Add acme_certificate_renewal_info module (ansible-collections#746)" Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (ansible-collections#745)" Revert "Add tests for acme_certificate_deactivate_authz module. (ansible-collections#744)" Revert "Create acme_certificate_deactivate_authz module (ansible-collections#741)" Revert "acme_certificate: allow to request renewal of a certificate according to ARI (ansible-collections#739)" Revert "Implement basic acme_ari_info module. (ansible-collections#732)" Revert "Add function for retrieval of ARI information. (ansible-collections#738)" Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (ansible-collections#737)" Revert "Implement certificate information retrieval code in the ACME backends. (ansible-collections#736)" Revert "Split up the default acme docs fragment to allow modules ot not need account data. (ansible-collections#735)" This reverts commits 5e59c52, aa82575, f3c9cb7, f82b335, 553ab45, 59606d4, 0a15be1, 9501a28, d906914, 33d278a, 6d4fc58, 9614b09, af5f4b5, c6fbe58, and afe7f75.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
See https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#name-extensions-to-the-order-obj and https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients.html#step-6-indicating-which-certificate-is-replaced-by-this-new-order.
ISSUE TYPE
COMPONENT NAME
acme_certificate