Wildcard/ACME v2 support

[mKeRix]

Let's encrypt just launched the new API with wildcard support: https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579. Certbot 0.22.0 and above already support the new features.

Would love to see these upstream in the rancher-letsencrypt project!

[willseward]

FWIW: go-acme/lego#457

[blackholegalaxy]

@janeczku any news on that?

[Jefnull]

+1

[KryptionX]

If we could get this updated to support wildcards that would be extremely awesome.

[natiz]

+1

[nbejansen]

+1

[Chuckame]

Yes, wildcard support will awesome ! @janeczku , are u alive ?! ^^

[bearmoo-cloud-net]

+1

[B-Stefan]

go-acme/lego#457 just got merged.
Do we need to change here some code or just update the package?

[asdek]

If you need to generate wildcard certificates with using ACME v2 then you can using these repos:

• git vxcontrol/rancher-letsencrypt
• docker vxcontrol/rancher-letsencrypt
• release page v1.0.0

For using docker repo:
docker pull vxcontrol/rancher-letsencrypt

I think that making a Pull Request does not make sense ((

[Chuckame]

Why use a forked repo when we can have the official repo up-to-date with wildcard support ? This is the purpose of a PR (I think)..

[blackholegalaxy]

@Chuckame because there is no vital sign from the author and repo maintainer to accept a PR?

[asdek]

@Chuckame I made PR#114 to main repo. Let's see together how quickly it will be merged.

@blackholegalaxy I fully support your opinion.

[jotolo]

@asdek, Is there any catalog including your repository with the changes? I think it's a good idea to create a catalog for that, like this repository has in rancher community catalog.
Thanks anyways for the update!

[asdek]

@jotolo, You can use https://github.com/vxcontrol/rancher-catalog.git repo and branch public. Or you can change field Select Image to vxcontrol/rancher-letsencrypt:v1.0.0 after deploying package from community catalog.
PS I very much hope that the author will accept the changes and this will be available in the original package.

[jotolo]

@asdek I did the second option and it worked like charm! Thank you for the PR! I hope those who have the same issue can use this solution.It's very good to have it! I hope like you the PR to be merged.
Thanks again @asdek

[bearmoo-cloud-net]

@asdek

I replace docker image to docker vxcontrol/rancher-letsencrypt. I ran the image and I'm getting this error:

6/12/2018 7:24:04 PMtime="2018-06-13T02:24:04Z" level=info msg="Using HTTP challenge: Sleeping for 120 seconds before requesting certificate"
6/12/2018 7:24:04 PMtime="2018-06-13T02:24:04Z" level=info msg="Make sure that HTTP requests for '/.well-known/acme-challenge' for all certificate domains are forwarded to port 80 of the container running this application"
6/12/2018 7:26:04 PMtime="2018-06-13T02:26:04Z" level=info msg="Trying to obtain SSL certificate (example.net,*.example.net) from Let's Encrypt Production CA"
6/12/2018 7:26:04 PMtime="2018-06-13T02:26:04Z" level=info msg="[INFO][example.net, .example.net] acme: Obtaining bundled SAN certificate"
6/12/2018 7:26:05 PMtime="2018-06-13T02:26:05Z" level=info msg="[INFO][.example.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/cLnZCIg3jc_l16zduayBdwa1tK1xEDB_haUNZohrN_c"
6/12/2018 7:26:05 PMtime="2018-06-13T02:26:05Z" level=info msg="[INFO][example.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/wy7n1Q5P34bpcdtkPx5TCeJM82C8dikP3uzbuW5ECwc"
6/12/2018 7:26:05 PMtime="2018-06-13T02:26:05Z" level=info msg="[INFO][example.net] acme: Authorization already valid; skipping challenge"
6/12/2018 7:26:05 PMtime="2018-06-13T02:26:05Z" level=info msg="[INFO][example.net] acme: Could not find solver for: dns-01"
6/12/2018 7:26:05 PMtime="2018-06-13T02:26:05Z" level=error msg="[acme: Error -> One or more domains had a problem:\n[example.net] [example.net] acme: Could not determine solvers\n] Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[example.net] [example.net] acme: Could not determine solvers\n"

[asdek]

@bearmoo-repo Which one provider you use?

[bearmoo-cloud-net]

@asdek it would be no-ip

[asdek]

@bearmoo-repo I was asking about DNS provider. Because I tested on Route53 and CloudFlare, the problem was observed once with the fact that CloudFlare did not have time to update the DNS-record. I can try to incorporate some delay and define it through Environment Variable.

[bearmoo-cloud-net]

www.noip.com is my DNS provider.

[bearmoo-cloud-net]

Is it all possible to get the information that I need to add into TXT?

[asdek]

www.noip.com is my DNS provider.

ok, thanks. I'll see what can do here.
If you want to add a TXT-record manually, you can use this service: https://www.sslforfree.com/

cLnZCIg3jc_l16zduayBdwa1tK1xEDB_haUNZohrN_c
wy7n1Q5P34bpcdtkPx5TCeJM82C8dikP3uzbuW5ECwc

In your log most likely these 2 values should be added within the TXT-records.

[solocommand]

@janeczku Would you be willing to make @asdek or another contributor a maintainer of this project to allow it to move forward?

[JoelESvensson]

The v1 API was just deactivated so renewals stopped working. Fortunately it seems like https://hub.docker.com/r/vxcontrol/rancher-letsencrypt works as a drop-in replacement. I recommend everyone having problems to upgrade to it instead. It being vxcontrol/rancher-letsencrypt:v1.0.0

[grabekm90]

I guess https://github.com/TrueCarry/rancher-letsencrypt/tree/acme-v2 is better updated

[bkuhl]

ACME v2 - For anyone still trying to do this, check out https://gist.github.com/fridgerator/db607d268f1f99329c8f9449e89abb4f