mirror of
https://github.com/certbot/certbot.git
synced 2026-05-04 17:25:37 -04:00
Certificats Let's Encrypt
9ec4105ff3
Related to https://github.com/certbot/certbot/issues/10581 This is the first step of migrating to github actions. Nightly and full tests have been converted on branch `convert-all-pipelines`; you can see additional changes to do those for context [here](https://github.com/certbot/certbot/compare/convert-pr-tests...convert-all-pipelines). Some notes: - All github workflows must be flat in the `.github/workflows/` directory. - Github actions doesn't have a concept of "stages." Instead, it generates a dependency graph, which is kind of nice. You can see an example of a more complicated one [here](https://github.com/certbot/certbot/actions/runs/24580625688). - I don't know why the actions in the left bar (under Actions tab --> All workflows) are using the path instead of the listed name. I suspect it has something to do with not being run on main. Once it's merged, if the name doesn't change, we can delete previous runs and that will clear the entry on the left. - "permissions" is for the fine-grained github PAT. contents: read is needed for the "checkout" action, which basically everything uses. it's still best practice to define per-workflow. it can also be defined per-job, but per-workflow seemed nicer to me. [This](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions) is the best permissions explanation I've found; [some actions](https://github.com/actions/checkout) mention what permissions they need. - For definitions of the keywords to `on`, see [here](https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows). - Some of the potential inputs in tox steps are not used in this PR because we're not running the AWS tests. It seemed messier to take them out here and put them back later when the extended tests need them, but I can do that on request. We currently have a `main` [protection rule](https://github.com/certbot/certbot/settings/branch_protection_rules/5466) set that Azure pipelines PR test suite must pass before merging. Obviously I don't want to turn that off before this PR is reviewed. In github actions, it can only require a specific job to pass, though you can have multiple. To address this, I've created a job that requires all other jobs to pass, and that can be set at the required job. We probably do not want to list every individual job, as that includes every job generated by a matrix strategy. To find it in the protection rules page, start typing "PR test suite success" and it will show up. --------- Co-authored-by: Brad Warren <bmw@users.noreply.github.com> Co-authored-by: Will Greenberg <willg@eff.org> |
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| acme | ||
| certbot | ||
| certbot-apache | ||
| certbot-ci | ||
| certbot-compatibility-test | ||
| certbot-dns-cloudflare | ||
| certbot-dns-digitalocean | ||
| certbot-dns-dnsimple | ||
| certbot-dns-dnsmadeeasy | ||
| certbot-dns-gehirn | ||
| certbot-dns-google | ||
| certbot-dns-linode | ||
| certbot-dns-luadns | ||
| certbot-dns-nsone | ||
| certbot-dns-ovh | ||
| certbot-dns-rfc2136 | ||
| certbot-dns-route53 | ||
| certbot-dns-sakuracloud | ||
| certbot-nginx | ||
| letsencrypt-auto-source | ||
| letstest | ||
| newsfragments | ||
| snap | ||
| tests | ||
| tools | ||
| .coveragerc | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .isort.cfg | ||
| .pylintrc | ||
| AUTHORS.md | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE.txt | ||
| linter_plugin.py | ||
| mypy.ini | ||
| pytest.ini | ||
| README.rst | ||
| ruff.toml | ||
| SECURITY.md | ||
| towncrier.toml | ||
| tox.ini | ||
.. This file contains a series of comments that are used to include sections of this README in other files. Do not modify these comments unless you know what you are doing. tag:intro-begin |build-status| .. |build-status| image:: https://img.shields.io/azure-devops/build/certbot/ba534f81-a483-4b9b-9b4e-a60bec8fee72/5/main :target: https://dev.azure.com/certbot/certbot/_build?definitionId=5 :alt: Azure Pipelines CI status .. image:: https://raw.githubusercontent.com/EFForg/design/master/logos/certbot/eff-certbot-lockup.png :width: 200 :alt: EFF Certbot Logo Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free. .. _installation: Getting Started --------------- The best way to get started is to use our `interactive guide <https://certbot.eff.org>`_. It generates instructions based on your configuration settings. In most cases, you’ll need `root or administrator access <https://certbot.eff.org/faq/#does-certbot-require-root-administrator-privileges>`_ to your web server to run Certbot. Certbot is meant to be run directly on your web server on the command line, not on your personal computer. If you’re using a hosted service and don’t have direct access to your web server, you might not be able to use Certbot. Check with your hosting provider for documentation about uploading certificates or using certificates issued by Let’s Encrypt. Contributing ------------ If you'd like to contribute to this project please read `Developer Guide <https://certbot.eff.org/docs/contributing.html>`_. This project is governed by `EFF's Public Projects Code of Conduct <https://www.eff.org/pages/eppcode>`_. Links ===== .. Do not modify this comment unless you know what you're doing. tag:links-begin Documentation: https://certbot.eff.org/docs Software project: https://github.com/certbot/certbot Changelog: https://github.com/certbot/certbot/blob/main/certbot/CHANGELOG.md For Contributors: https://certbot.eff.org/docs/contributing.html For Users: https://certbot.eff.org/docs/using.html Main Website: https://certbot.eff.org Let's Encrypt Website: https://letsencrypt.org Community: https://community.letsencrypt.org ACME spec: `RFC 8555 <https://tools.ietf.org/html/rfc8555>`_ ACME working area in github (archived): https://github.com/ietf-wg-acme/acme .. Do not modify this comment unless you know what you're doing. tag:links-end .. Do not modify this comment unless you know what you're doing. tag:intro-end .. Do not modify this comment unless you know what you're doing. tag:features-begin Current Features ===================== * Supports multiple web servers: - Apache 2.4+ - nginx/0.8.48+ - webroot (adds files to webroot directories in order to prove control of domains and obtain certificates) - standalone (runs its own simple webserver to prove you control a domain) - other server software via `third party plugins <https://certbot.eff.org/docs/using.html#third-party-plugins>`_ * The private key is generated locally on your system. * Can talk to the Let's Encrypt CA or optionally to other ACME compliant services. * Can get domain-validated (DV) certificates. * Can revoke certificates. * Supports ECDSA (default) and RSA certificate private keys. * Can optionally install a http -> https redirect, so your site effectively runs https only. * Fully automated. * Configuration changes are logged and can be reverted. .. Do not modify this comment unless you know what you're doing. tag:features-end Thanks ------ We appreciate the donation of credits to help us test and develop Certbot from: .. image:: https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg :width: 201 :alt: DigitalOcean Logo :target: https://www.digitalocean.com/