Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ZeroSSL account registration #1501

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fln
Copy link

@fln fln commented Oct 3, 2021

This commit extends lego library and cli tool to support issuing
certificates from ZeroSSL without having to manually create an account.

Without this commit ZeroSSL can be used but users need to manually
create ZeroSSL account and start lego in EAB (External Account
Binding) mode.

From the lego cli tool perspective this commit:

Detects if lego ir running with ZeroSSL ACME directory --server https://acme.zerossl.com/v2/DV90 and uses ZeroSSL API to issue keys for
EAB. There is no need to provide --eab, --kid, --hmac values
anymore.

From the library perspective this commit:

Creates new method RegisterWithZeroSSL() in the registration
package which takes care of creating ZeroSSL account with a given email.
Internally it re-uses RegisterWithExternalAccountBinding() method
after KID and HMAC are retrieved from ZeroSSL registration endpoint.

@ldez ldez self-requested a review October 3, 2021 13:08
@ashkitten
Copy link

i would also like this feature. i've actually rebased this patch and am using it already for myself.

This commit extends lego library and cli tool to support issuing
certificates from ZeroSSL without having to manually create an account.

Without this commit ZeroSSL can be used but users need to manually
create ZeroSSL account and start `lego` in EAB (External Account
Binding) mode.

From the `lego` cli tool perspective this commit:

Detects if `lego` ir running with ZeroSSL ACME directory `--server
https://acme.zerossl.com/v2/DV90` and uses ZeroSSL API to issue keys for
EAB. There is no need to provide `--eab`, `--kid`, `--hmac` values
anymore.

From the library perspective this commit:

Creates new method `RegisterWithZeroSSL()` in the `registration`
package which takes care of creating ZeroSSL account with a given email.
Internally it re-uses `RegisterWithExternalAccountBinding()` method
after KID and HMAC are retrieved from ZeroSSL registration endpoint.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants