Let's Encrypt client and ACME library written in Go

lego

Let's Encrypt client and ACME library written in Go.

GoDoc Build Status Docker Pulls

Features

  • ACME v2 RFC 8555
  • Register with CA
  • Obtain certificates, both from scratch or with an existing CSR
  • Renew certificates
  • Revoke certificates
  • Robust implementation of all ACME challenges
    • HTTP (http-01)
    • DNS (dns-01)
    • TLS (tls-alpn-01)
  • SAN certificate support
  • Comes with multiple optional DNS providers
  • Custom challenge solvers
  • Certificate bundling
  • OCSP helper function

lego introduced support for ACME v2 in v1.0.0. If you still need to utilize ACME v1, you can do so by using the v0.5.0 version.

Installation

How to install.

Usage

Documentation

Documentation is hosted live at https://go-acme.github.io/lego/.

DNS providers

Detailed documentation is available here.

Akamai EdgeDNS Alibaba Cloud DNS Amazon Lightsail Amazon Route 53
ArvanCloud Aurora DNS Autodns Azure
Bindman Bluecat Checkdomain CloudDNS
Cloudflare ClouDNS CloudXNS ConoHa
Constellix deSEC.io Designate DNSaaS for Openstack Digital Ocean
DNS Made Easy DNSimple DNSPod Domain Offensive (do.de)
DreamHost Duck DNS Dyn Dynu
EasyDNS Exoscale External program Gandi Live DNS (v5)
Gandi Glesys Go Daddy Google Cloud
Hetzner Hosting.de HTTP request HyperOne
Infomaniak Internet Initiative Japan INWX Ionos
Joker Joohoi's ACME-DNS Linode (v4) Liquid Web
Loopia LuaDNS Manual MyDNS.jp
MythicBeasts Name.com Namecheap Namesilo
Netcup Netlify NIFCloud NS1
Open Telekom Cloud Oracle Cloud OVH PowerDNS
Rackspace reg.ru RFC2136 RimuHosting
Sakura Cloud Scaleway Selectel Servercow
Stackpath TransIP VegaDNS Versio.[nl/eu/uk]
Vscale Vultr Yandex Zone.ee
Zonomi
Comments
  • ACME v2

    ACME v2

    I, along with many others, am super excited about Let's Encrypt supporting wildcard certs in 2018. According to their latest blog they should have a test endpoint up in early January.

    I really like this library, as it has saved me from having to deal with acme directly at all. Is acme v2 and wildcard support on your radar at all? I am not even sure what the major differences are, or what is involved in upgrading. Will a single library be able to handle both, or will a separate package be needed?

    If I had all my dreams come true I would love for lego to let me get wildcard certs asap, but I know this is may be a considerable undertaking. Thanks for everything.

  • Add DNS provider for Yandex.

    Add DNS provider for Yandex.

    Add DNS provider for Yandex.

    https://tech.yandex.com/domain/doc/concepts/api-dns-docpage/

    Closes #278


    ping @Akkarine, could you do:

    rm -rf .lego
    
    ./lego -m [email protected] --dns yandex -d *.yourdomain.com -d yourdomain.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    

    Note the wildcard domain is important.

    If you have problems building lego, do not hesitate to ask me.

  • Time Limit Exceeded with CloudFlare DNS

    Time Limit Exceeded with CloudFlare DNS

    Hi,

    I'm trying to use a DNS challenge with CloudFlare, but am getting: Time limit exceeded. Last error: NS laura.ns.cloudflare.com. did not return the expected TXT record

    However, if I use dig to get the relevant TXT entry, it works (in real life I'm using the correct domain, not myhost.mydomain.com):

    > dig _acme-challenge.myhost.mydomain.com txt @laura.ns.cloudflare.com
    
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> _acme-challenge.myhost.mydomain.com txt @laura.ns.cloudflare.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27257
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;_acme-challenge.myhost.mydomain.com. IN	TXT
    
    ;; ANSWER SECTION:
    _acme-challenge.myhost.mydomain.com. 120 IN	TXT	"<redacted>"
    
    ;; Query time: 368 msec
    ;; SERVER: 173.245.58.183#53(173.245.58.183)
    ;; WHEN: Thu Sep 21 13:49:17 IDT 2017
    ;; MSG SIZE  rcvd: 116
    

    My Caddy version:

    > caddy -version
    Caddy 0.10.9
    

    What am I missing? Thanks!

  • Add ChallengeProviderTimeout type to acme package

    Add ChallengeProviderTimeout type to acme package

    There was what I perceived as a problem with my Gandi ChallengeProvider in #133. Because of Gandi's long DNS record propagation time (in my tests, up to 25 minutes), I had to alter the timeout the acme package used when checking for record propagation. However, this affected all the DNS providers, the remainder of which just require the existing 30 second timeout. Forcing them all to have a 40 minute timeout for the sake of Gandi seemed... wrong?

    This PR adds a new ChallengeProviderTimeout type to the acme package which allows for implementing DNS providers that require an unsually long timeout when checking for record propagation. In fact, although it would only be necessary for DNS providers like Gandi at present, it need not be solely for DNS providers. There could be in the future some yet not-invented challenge type, for which the same problem occured.

    The Gandi provider in #133 has been altered to use this new interface, so all the remaining DNS providers will now use the 30 second timeout again as normal.

    Thoughts?

    EDIT: This PR now sits on top of #144, due to new WaitFor semantics.

  • Add support for autodns

    Add support for autodns

    This pr adds support for autodns based on https://help.internetx.com/display/APIJSONEN

    Closes #501

    Checklist

    • [x] add a description to your PR
    • [x] be able to maintain this provider
    • [x] have a homogeneous design with the other providers
    • [x] add tests (units)
    • [x] add tests ("live") (i guess? Please correct me if I'm wrong)
    • [x] add the provider to the readme.md
    • [x] add a provider descriptor
    • [x] generate CLI help and documentation
    • [x] pass the linter (golangci-lint must be installed)
    • [x] do go mod tidy
    • [x] be able to do: (and put the output of this command to a comment in your PR)
    rm -rf .lego
    
    ./lego -m [email protected] --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    

    Note the wildcard domain is important.

  • Google Cloud DNS not working anymore

    Google Cloud DNS not working anymore

    lego --email="[email protected]" \
           --accept-tos \
           --csr="/path/to/csr.csr" \
           --path="/path/to/letsencrypt/data/" \
           --server="https://acme-v02.api.letsencrypt.org/directory" \
           --dns="gcloud" \
           --dns-resolvers="8.8.4.4:53" \
           --dns-resolvers="8.8.8.8:53" \
           --dns-resolvers="1.0.0.1:53" \
           --dns-resolvers="1.1.1.1:53" \
           --dns-timeout=5 \
           run;
    
    2018/09/20 21:42:34 [INFO] [domain.net, *.domain.net, *.staging.domain.net, domain.info, *.domain.info, *.staging.domain.info] acme: Obtaining bundled SAN certificate given a CSR
    2018/09/20 21:42:35 [INFO] [*.domain.info] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [*.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [*.staging.domain.info] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [*.staging.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [domain.info] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxx
    2018/09/20 21:42:35 [INFO] [domain.info] acme: Could not find solver for: tls-alpn-01
    2018/09/20 21:42:35 [INFO] [domain.net] acme: Could not find solver for: tls-alpn-01
    2018/09/20 21:42:35 [INFO] [domain.info] acme: Preparing to solve DNS-01
    2018/09/20 21:42:38 [INFO] [domain.net] acme: Preparing to solve DNS-01
    2018/09/20 21:42:41 [INFO] [staging.domain.info] acme: Preparing to solve DNS-01
    2018/09/20 21:42:44 [INFO] [staging.domain.net] acme: Preparing to solve DNS-01
    2018/09/20 21:42:47 [INFO] [domain.info] acme: Preparing to solve DNS-01
    2018/09/20 21:42:49 [INFO] [domain.net] acme: Preparing to solve DNS-01
    2018/09/20 21:42:51 [INFO] [domain.info] acme: Trying to solve DNS-01
    2018/09/20 21:42:51 [INFO] [domain.info] Checking DNS record propagation using [8.8.4.4:53 8.8.8.8:53 1.0.0.1:53 1.1.1.1:53]
    2018/09/20 21:45:54 [INFO] [domain.net] acme: Trying to solve DNS-01
    2018/09/20 21:45:54 [INFO] [domain.net] Checking DNS record propagation using [8.8.4.4:53 8.8.8.8:53 1.0.0.1:53 1.1.1.1:53]
    2018/09/20 21:48:55 [INFO] [staging.domain.info] acme: Trying to solve DNS-01
    2018/09/20 21:48:55 [INFO] [staging.domain.info] Checking DNS record propagation using [8.8.4.4:53 8.8.8.8:53 1.0.0.1:53 1.1.1.1:53]
    2018/09/20 21:49:01 [INFO] [staging.domain.info] The server validated our request
    2018/09/20 21:49:01 [INFO] [staging.domain.net] acme: Trying to solve DNS-01
    2018/09/20 21:49:01 [INFO] [staging.domain.net] Checking DNS record propagation using [8.8.4.4:53 8.8.8.8:53 1.0.0.1:53 1.1.1.1:53]
    2018/09/20 21:49:07 [INFO] [staging.domain.net] The server validated our request
    2018/09/20 21:49:09 [WARN] Error cleaning up staging.domain.info: googlecloud: <nil>
    2018/09/20 21:49:11 [WARN] Error cleaning up staging.domain.net: googlecloud: <nil>
    2018/09/20 21:49:11 Could not obtain certificates
    	acme: Error -> One or more domains had a problem:
    [domain.info] Time limit exceeded. Last error: NS ns-cloud-c1.googledomains.com. did not return the expected TXT record
    [domain.net] Time limit exceeded. Last error: NS ns-cloud-c1.googledomains.com. did not return the expected TXT record
    

    weird thing is that it validates the *.staging.domain.<tld> domains...

    have also tried without --dns-resolvers

  • Listen IP/interface of lego unclear

    Listen IP/interface of lego unclear

    Hi there!

    I upgraded to v0.1 and now I am getting this error:

    2015/12/04 10:10:14 Could not create client:decode directory: invalid character '<' looking for beginning of value
    

    I am using the following parameters:

    lego --domains=mydomain.de -B 4096 --email="[email protected]" -s "https://acme-v01.api.letsencrypt.org/" --path=/var/container/nginx/newcert/ --port 9999 run
    

    Did something change? I tried using the existing keys and creating new ones, the error is still the same.

    Thanks!

  • Cloudflare propagation times out continuously

    Cloudflare propagation times out continuously

    Most of the days it works fine, but today the configured 30 seconds timeout isn't sufficient. I get the following error over and over:

    Time limit exceeded. Last error: NS nora.ns.cloudflare.com. did not return the expected TXT record

    Either bumping it up to a much higher value - it does multiple checks within that timeout, right? - or making it configurable by command line parameter would help to cater for this incidental high propagation times.

  • Improvement: setting dns-01 challenge record for multiple domains in parallel

    Improvement: setting dns-01 challenge record for multiple domains in parallel

    When running lego for multiple domains it will set the dns TXT record and check propagation in sequence. This can take a long time if the number of domains is large. Would it be possible to parallelize this?

  • Dockerfile broken with old alpine version with old go

    Dockerfile broken with old alpine version with old go

    alpine 3.4 no longer works with error

    package context: unrecognized import path "context" (import path does not begin with hostname)
    

    alpine 3.5 with no changes did not work with error

    # runtime/cgo
    /tmp/go-build671992352/runtime/cgo/_obj/_cgo_export.c:2:20: fatal error: stdlib.h: No such file or directory
     #include <stdlib.h>
                        ^
    compilation terminated.
    

    alpine 3.6 with no changes did not work with error:

    # github.com/xenolf/lego
    /usr/lib/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
    /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find Scrt1.o: No such file or directory
    /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find crti.o: No such file or directory
    /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lpthread
    /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lssp_nonshared
    collect2: error: ld returned 1 exit status
    
  • DNS challenge error when FQDN is a CNAME

    DNS challenge error when FQDN is a CNAME

    Thanks for lego, it's awesome!

    When I use the DNS challenge to request a cert for a FQDN that's a CNAME, I get the following. Assume iamacname.example.com is a CNAME for www.example.com

    2016/02/01 13:06:25 [INFO][iamacname.example.com] acme: Obtaining bundled SAN certificate
    
    2016/02/01 13:06:25 [INFO][iamacname.example.com] acme: Trying to solve DNS-01
    2016/02/01 13:06:25 [INFO] acme: Please create the following TXT record in your DNS zone:
    2016/02/01 13:06:25 [INFO] acme: _acme-challenge.iamacname.example.com. 120 IN TXT "U4BJAr7Mg1x2BSdYWeCDLvWSYPkj14XR3uohxan1_RU"
    2016/02/01 13:06:25 [INFO] acme: Press 'Enter' when you are done
    2016/02/01 13:06:25 [INFO] acme: You can now remove this TXT record from your DNS zone:
    2016/02/01 13:06:25 [INFO] acme: _acme-challenge.iamacname.example.com. 120 IN TXT "..."
    panic: interface conversion: dns.RR is *dns.CNAME, not *dns.SOA
    
    goroutine 1 [running]:
    github.com/xenolf/lego/acme.checkDNS(0x7ffcb3f28514, 0x13, 0xc820424690, 0x24, 0xc820424690)
            /home/happy/x/src/github.com/xenolf/lego/acme/dns_challenge.go:82 +0x355
    github.com/xenolf/lego/acme.(*dnsChallenge).Solve(0xc82011c240, 0x0, 0x0, 0xc820432180, 0x6, 0xc820432190, 0x7, 0xc8203500e0, 0x68, 0xc8204240c0, ...)
            /home/happy/x/src/github.com/xenolf/lego/acme/dns_challenge.go:65 +0x5a6
    github.com/xenolf/lego/acme.(*Client).solveChallenges(0xc820126080, 0xc82000a300, 0x1, 0x1, 0xc82000a300)
            /home/happy/x/src/github.com/xenolf/lego/acme/client.go:369 +0x250
    github.com/xenolf/lego/acme.(*Client).ObtainCertificate(0xc820126080, 0xc820013990, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /home/happy/x/src/github.com/xenolf/lego/acme/client.go:227 +0x25b
    main.run(0xc8200dc240)
            /home/happy/x/src/github.com/xenolf/lego/cli_handlers.go:174 +0x173f
    github.com/codegangsta/cli.Command.Run(0x9412b0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9dbd80, 0x3a, 0x0, ...)
            /home/happy/x/src/github.com/codegangsta/cli/command.go:163 +0x131d
    github.com/codegangsta/cli.(*App).Run(0xc82008fe60, 0xc82000a0c0, 0xc, 0xc, 0x0, 0x0)
            /home/happy/x/src/github.com/codegangsta/cli/app.go:179 +0x1169
    main.main()
            /home/happy/x/src/github.com/xenolf/lego/cli.go:126 +0x106f
    
    goroutine 17 [syscall, locked to thread]:
    runtime.goexit()
            /usr/lib/go/src/runtime/asm_amd64.s:1696 +0x1
    
    goroutine 9 [IO wait]:
    net.runtime_pollWait(0x7f8f324ee000, 0x72, 0xc820012270)
            /usr/lib/go/src/runtime/netpoll.go:157 +0x60
    net.(*pollDesc).Wait(0xc820128060, 0x72, 0x0, 0x0)
            /usr/lib/go/src/net/fd_poll_runtime.go:73 +0x3a
    net.(*pollDesc).WaitRead(0xc820128060, 0x0, 0x0)
            /usr/lib/go/src/net/fd_poll_runtime.go:78 +0x36
    net.(*netFD).Read(0xc820128000, 0xc82031c000, 0x800, 0x800, 0x0, 0x7f8f34652050, 0xc820012270)
            /usr/lib/go/src/net/fd_unix.go:232 +0x23a
    net.(*conn).Read(0xc820030080, 0xc82031c000, 0x800, 0x800, 0x0, 0x0, 0x0)
            /usr/lib/go/src/net/net.go:172 +0xe4
    crypto/tls.(*block).readFromUntil(0xc8201123f0, 0x7f8f34656b50, 0xc820030080, 0x5, 0x0, 0x0)
            /usr/lib/go/src/crypto/tls/conn.go:455 +0xcc
    crypto/tls.(*Conn).readRecord(0xc8200d4840, 0xa14117, 0x0, 0x0)
            /usr/lib/go/src/crypto/tls/conn.go:540 +0x2d1
    crypto/tls.(*Conn).Read(0xc8200d4840, 0xc820188000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
            /usr/lib/go/src/crypto/tls/conn.go:901 +0x167
    net/http.noteEOFReader.Read(0x7f8f34663308, 0xc8200d4840, 0xc8200e67e8, 0xc820188000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
            /usr/lib/go/src/net/http/transport.go:1370 +0x67
    net/http.(*noteEOFReader).Read(0xc82044a700, 0xc820188000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
            <autogenerated>:126 +0xd0
    bufio.(*Reader).fill(0xc8203ecfc0)
            /usr/lib/go/src/bufio/bufio.go:97 +0x1e9
    bufio.(*Reader).Peek(0xc8203ecfc0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
            /usr/lib/go/src/bufio/bufio.go:132 +0xcc
    net/http.(*persistConn).readLoop(0xc8200e6790)
            /usr/lib/go/src/net/http/transport.go:876 +0xf7
    created by net/http.(*Transport).dialConn
            /usr/lib/go/src/net/http/transport.go:685 +0xc78
    
    goroutine 10 [select]:
    net/http.(*persistConn).writeLoop(0xc8200e6790)
            /usr/lib/go/src/net/http/transport.go:1009 +0x40c
    created by net/http.(*Transport).dialConn
            /usr/lib/go/src/net/http/transport.go:686 +0xc9d
    
  • API Change for DNS Provider All-Inkl

    API Change for DNS Provider All-Inkl

    Welcome

    • [X] Yes, I've searched similar issues on GitHub and didn't find any.

    How do you use lego?

    Through Traefik

    Detailed Description

    Hi,

    I received a mail from All-Inkl today that they will change their API authentication starting December 2022.

    Our system has detected that you are using the KAS API, which means that your custom scripts gain access to several features of the technical administration panel (KAS). So please forward the following information to the developer of those custom scripts as appropriate.

    The authentication method "sha1" which is used by your custom scripts is deprecated and support for this authentication method will be gradually discontinued starting December 2022. In order to further use your custom scripts, an adjustment is necessary in the following accounts:

    account : date of last sha1 authentication wXXXXXX : 2022-08-05 08:33:01

    Here's an example of how such a script code currently looks like:

    $auth=array( 'kas_login' => 'w0123456', 'kas_auth_type' => 'sha1', 'kas_auth_data' => sha1('myPassword') )

    Please alter your scripts in a way so that they use the new authentication method "plain" instead. An example how it should look afterwards:

    $auth=array( 'kas_login' => 'w0123456', 'kas_auth_type' => 'plain', 'kas_auth_data' => 'myPassword' )

    You can find a full documentation of the KAS API under:

    http://kasapi.kasserver.com/dokumentation/phpdoc/

  • digitalocean: configurable base url for provider

    digitalocean: configurable base url for provider

    I wanted to proxy the calls to DigitalOcean API made for dns ACME challenge, and the go-acme/lego digitalocean provider has hardcoded https://api.digitalocean.com, this PR should handle that hopefully.

  • CNAME validation not possible with provider LuaDNS

    CNAME validation not possible with provider LuaDNS

    Welcome

    • [X] Yes, I'm using a binary release within 2 latest releases.
    • [X] Yes, I've searched similar issues on GitHub and didn't find any.
    • [X] Yes, I've included all information below (version, config, etc).

    What did you expect to see?

    Certificate issue using the CNAME validation (LEGO_EXPERIMENTAL_CNAME_SUPPORT) feature works with the LuaDNS DNS provider.

    What did you see instead?

    The LuaDNS provider does not find the correct zone for the domain, and therefore can't issue a certificate.

    DNS looks like this: _acme-challenge.example.com. 3600 IN CNAME example.com.acme-challenge.example-resolver.com.

    $ lego --email "[email protected]" --dns luadns --domains "*.example.com" run
    2022/07/25 18:14:42 [INFO] [*.example.com] acme: Obtaining bundled SAN certificate
    2022/07/25 18:14:43 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1234
    2022/07/25 18:14:43 [INFO] [*.example.com] acme: Could not find solver for: tls-alpn-01
    2022/07/25 18:14:43 [INFO] [*.example.com] acme: Could not find solver for: http-01
    2022/07/25 18:14:43 [INFO] [*.example.com] acme: use dns-01 solver
    2022/07/25 18:14:43 [INFO] [*.example.com] acme: Preparing to solve DNS-01
    2022/07/25 18:14:43 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
    2022/07/25 18:14:43 [WARN] [*.example.com] acme: cleaning up failed: luadns: unknown record ID for 'example.com.acme-challenge.example-resolver.com.'
    2022/07/25 18:14:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1234
    2022/07/25 18:14:44 Could not obtain certificates:
            error: one or more domains had a problem:
    [*.example.com] [*.example.com] acme: error presenting token: luadns: no matching zone found for domain example.com
    

    Looking at the code, the findZone function tries to look for example.com, which does not match the resolved fqdn belonging to example-resolver.com. https://github.com/go-acme/lego/blob/v4.8.0/providers/dns/luadns/luadns.go#L122

    How do you use lego?

    Through Traefik

    Reproduction steps

    1. Set environment variable CNAME LEGO_EXPERIMENTAL_CNAME_SUPPORT=true
    2. Setup ENV vars for using LuaDNS
    3. Run lego --email "[email protected]" --dns luadns --domains "*.example.com" run

    Version of lego

    lego version v4.8.0 linux/amd64
    

    Logs

    See above.

    Go environment (if applicable)

    No response

  • pdns: Notify secondary servers after updates

    pdns: Notify secondary servers after updates

    This change addresses the PowerDNS DNS provider.

    When using the API with a setup where there is not only the primary but also some secondary servers, the secondary servers were not sent a NOTIFY and would not initiate an AXFR transfer.

    Thus, the challenge would not propagate to all DNS servers which would in return cause failed verifications.

    This change uses the /notify endpoint of the PowerDNS API to notify the secondaries.

  • add recursive CNAME lookup support

    add recursive CNAME lookup support

    Right now the LEGO_EXPERIMENTAL_CNAME_SUPPORT only follows one CNAME record. If this CNAME record points to another, then the chain breaks and the DNS record created is incorrect.

    This change allows it to keep following CNAME records as long as it continues to find one up to a limit so that CNAME loops don't hang the service.

    And thanks for the awesome work on this repo!!

  • gcloud: update golang.org/x/oauth2

    gcloud: update golang.org/x/oauth2

    This updates x/oauth2/google. The new version supports "external_account" JSON key files, which are needed when using workload identity federation on GCP.

:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly

Aug 2, 2022
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

Jul 17, 2022
Order TLS certificates using ACME TLS-ALPN-01

Order TLS certificates using ACME TLS-ALPN-01

Feb 2, 2022
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!

Super Dollop Super Dollop can encrypt your files and notes by your own GPG key and save them in S3 or minIO to keep them safe and portability, also yo

Jul 11, 2022
🌰 encrypt/decrypt using ssh keys

ssh-vault ?? encrypt/decrypt using ssh private keys Documentation https://ssh-vault.com Usage $ ssh-vault -h Example: $ echo "secret" | ssh-vault -u

Jul 21, 2022
Encrypt embedded go files using age.

encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed

Jul 26, 2022
CS http Dynamic Encrypt Bridge.
CS http Dynamic Encrypt Bridge.

CS http Dynamic Encrypt Bridge.

May 30, 2022
A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Jul 18, 2022
Aug 4, 2022
coyim - a safe and secure chat client
coyim - a safe and secure chat client

CoyIM - a safe and secure chat client CoyIM is a new client for the XMPP protocol. It is built upon https://github.com/agl/xmpp-client and https://git

Aug 7, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Aug 4, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Aug 11, 2022
End-to-end encrypted file transfer for Android. An Android Magic Wormhole client.
End-to-end encrypted file transfer for Android. An Android Magic Wormhole client.

wormhole-william-mobile This is a Magic Wormhole client for Android. (Perhaps someday this will also support iOS). Some current limitations: Receiving

Aug 1, 2022
Generate client secret for Apple get token call

Generate client secret for Apple get token call A util to generate client secret used in Apple get token call. Create a config.json file with the foll

Jan 6, 2022
Stobox Securities Chain client based on the bsc fork

Stobox Securities Chain The goal of Stobox Securities Chain is to bring programmability and interoperability to Binance Chain. In order to embrace the

Dec 24, 2021
Stobox Securities Chain client based on the bsc fork

Stobox Securities Chain The goal of Stobox Securities Chain is to bring programmability and interoperability to Binance Chain. In order to embrace the

Dec 24, 2021
Detect Language API Go Client

Detect Language API Go Client Detects language of the given text. Returns detected language codes and scores. Before using Detect Language API client

May 21, 2022
Windows 11 TPM 2.0 and Secure Boot Setup.exe/Registry bypass written in Go.

Win11-Patcher Windows 11 TPM 2.0 and Secure Boot Setup.exe bypass written in Go. Compiling Requires Go (no shit) Requires a version of 7zip that you c

Aug 3, 2022