diff --git a/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml b/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml
index 4ddc9d4..41767bb 100644
--- a/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml
+++ b/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml
@@ -1,4 +1,5 @@
encryptionsalt: v1:rsWIsa8WSik=:v1:D517hSFtoEVILMBz:wB9tX0Bu0Y0WqsXEYenywicAjnTHJw==
config:
- acme:serverUrl: https://acme-v02.api.letsencrypt.org/directory
+ # acme:serverUrl: https://acme-v02.api.letsencrypt.org/directory
+ acme:serverUrl: https://acme-staging-v02.api.letsencrypt.org/directory
diff --git a/examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts b/examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts
index f014702..6a417c4 100644
--- a/examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts
+++ b/examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts
@@ -1,37 +1,65 @@
-import * as acme from '@pulumiverse/acme';
+import * as acme from "@pulumiverse/acme";
+import * as aws from "@pulumi/aws";
import * as cloudinit from "@pulumi/cloudinit";
import * as pulumi from "@pulumi/pulumi";
import * as tls from "@pulumi/tls";
import * as yaml from "yaml";
+/**
+ * NOT WORKING
+ * Fails during certificate creation with errors "not found" and "response from server: EOF"
+ * It seems to find the DNS zone. It is like it does not find the DNS entry even if I create it manually?
+ **/
+
/**
* LetsEncrypt certificate - start
* -------------------------------------
* Leverage the DNS challenge to keep the instance private at all times.
+ * The private key *must be RSA* for ACME registration.
**/
-const privateKey = new tls.PrivateKey(
+const acme_privateKey = new tls.PrivateKey(
"privateKey",
{ algorithm: "RSA" },
);
-const registration = new acme.Registration(
+const acme_registration = new acme.Registration(
"registration",
{
- accountKeyPem: privateKey.privateKeyPem,
+ accountKeyPem: acme_privateKey.privateKeyPem,
emailAddress: "example@company.com",
},
);
-const certificate = new acme.Certificate(
- "certificate",
+const dnsRecord = new aws.route53.Record(
+ "gitlabDotCompanyDotcom",
{
- accountKeyPem: registration.accountKeyPem,
- commonName: "gitlab.company.com",
- dnsChallenges: [{
- provider: "route53",
- }],
+ zoneId: "ABCDEFGH01234",
+ name: "gitlab.company.com",
+ type: aws.route53.RecordType.A,
+ records: [ "127.0.0.1" ],
+ ttl: 300,
},
);
+const certificate = pulumi.all([ acme_privateKey.rsaBits, acme_registration.accountKeyPem ]).apply(
+ ([ keyType, accountKeyPem ]) => new acme.Certificate(
+ "gitlabDotCompanyDotcom",
+ {
+ commonName: dnsRecord.name,
+ minDaysRemaining: 10,
+ accountKeyPem: accountKeyPem,
+ keyType: keyType.toString(),
+ dnsChallenges: [{
+ provider: "route53",
+ config: {
+ AWS_ACCESS_KEY_ID: "AKIA2HKHF01234567ABC",
+ AWS_SECRET_ACCESS_KEY: "FfEeDdCcBbAa00/11223344556677889900aABcd",
+ AWS_REGION: "eu-west-1",
+ AWS_HOSTED_ZONE_ID: dnsRecord.zoneId,
+ },
+ }],
+ },
+ ),
+);
/* LetsEncrypt certificate - end */
diff --git a/examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json
index 34d98ec..f777e6e 100644
--- a/examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json
+++ b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json
@@ -6,11 +6,12 @@
"": {
"name": "letsencrypt-certificate.dns01",
"dependencies": {
- "@pulumi/cloudinit": "1.4.3",
- "@pulumi/pulumi": "3.115.2",
- "@pulumi/tls": "5.0.3",
- "@pulumiverse/acme": "0.0.1",
- "yaml": "2.4.2"
+ "@pulumi/aws": "6.52.0",
+ "@pulumi/cloudinit": "1.4.6",
+ "@pulumi/pulumi": "3.133.0",
+ "@pulumi/tls": "5.0.6",
+ "@pulumiverse/acme": "0.3.1",
+ "yaml": "2.5.1"
},
"devDependencies": {
"@types/node": "^18"
@@ -298,18 +299,19 @@
}
},
"node_modules/@opentelemetry/api": {
- "version": "1.8.0",
- "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.8.0.tgz",
- "integrity": "sha512-I/s6F7yKUDdtMsoBWXJe8Qz40Tui5vsuKCWJEWVL+5q9sSWRzzx6v2KeNsOBEwd94j0eWkpWCH4yB6rZg9Mf0w==",
+ "version": "1.9.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz",
+ "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==",
+ "license": "Apache-2.0",
"engines": {
"node": ">=8.0.0"
}
},
- "node_modules/@opentelemetry/api-metrics": {
- "version": "0.32.0",
- "resolved": "https://registry.npmjs.org/@opentelemetry/api-metrics/-/api-metrics-0.32.0.tgz",
- "integrity": "sha512-g1WLhpG8B6iuDyZJFRGsR+JKyZ94m5LEmY2f+duEJ9Xb4XRlLHrZvh6G34OH6GJ8iDHxfHb/sWjJ1ZpkI9yGMQ==",
- "deprecated": "Please use @opentelemetry/api >= 1.3.0",
+ "node_modules/@opentelemetry/api-logs": {
+ "version": "0.52.1",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.52.1.tgz",
+ "integrity": "sha512-qnSqB2DQ9TPP96dl8cDubDvrUyWc0/sK81xHTK8eSUspzDM3bsewX903qclQFvVhgStjRWdC5bLb3kQqMkfV5A==",
+ "license": "Apache-2.0",
"dependencies": {
"@opentelemetry/api": "^1.0.0"
},
@@ -318,39 +320,42 @@
}
},
"node_modules/@opentelemetry/context-async-hooks": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.24.1.tgz",
- "integrity": "sha512-R5r6DO4kgEOVBxFXhXjwospLQkv+sYxwCfjvoZBe7Zm6KKXAV9kDSJhi/D1BweowdZmO+sdbENLs374gER8hpQ==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.26.0.tgz",
+ "integrity": "sha512-HedpXXYzzbaoutw6DFLWLDket2FwLkLpil4hGCZ1xYEIMTcivdfwEOISgdbLEWyG3HW52gTq2V9mOVJrONgiwg==",
+ "license": "Apache-2.0",
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/core": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.24.1.tgz",
- "integrity": "sha512-wMSGfsdmibI88K9wB498zXY04yThPexo8jvwNNlm542HZB7XrrMRBbAyKJqG8qDRJwIBdBrPMi4V9ZPW/sqrcg==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.26.0.tgz",
+ "integrity": "sha512-1iKxXXE8415Cdv0yjG3G6hQnB5eVEsJce3QaawX8SjDn0mAS0ZM8fAbZZJD4ajvhC15cePvosSCut404KrIIvQ==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/semantic-conventions": "1.24.1"
+ "@opentelemetry/semantic-conventions": "1.27.0"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/exporter-zipkin": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.24.1.tgz",
- "integrity": "sha512-+Rl/VFmu2n6eaRMnVbyfZx1DqR/1KNyWebYuHyQBZaEAVIn/ZLgmofRpXN1X2nhJ4BNaptQUNxAstCYYz6dKoQ==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.26.0.tgz",
+ "integrity": "sha512-PW5R34n3SJHO4t0UetyHKiXL6LixIqWN6lWncg3eRXhKuT30x+b7m5sDJS0kEWRfHeS+kG7uCw2vBzmB2lk3Dw==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/core": "1.24.1",
- "@opentelemetry/resources": "1.24.1",
- "@opentelemetry/sdk-trace-base": "1.24.1",
- "@opentelemetry/semantic-conventions": "1.24.1"
+ "@opentelemetry/core": "1.26.0",
+ "@opentelemetry/resources": "1.26.0",
+ "@opentelemetry/sdk-trace-base": "1.26.0",
+ "@opentelemetry/semantic-conventions": "1.27.0"
},
"engines": {
"node": ">=14"
@@ -360,128 +365,138 @@
}
},
"node_modules/@opentelemetry/instrumentation": {
- "version": "0.32.0",
- "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.32.0.tgz",
- "integrity": "sha512-y6ADjHpkUz/v1nkyyYjsQa/zorhX+0qVGpFvXMcbjU4sHnBnC02c6wcc93sIgZfiQClIWo45TGku1KQxJ5UUbQ==",
+ "version": "0.52.1",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.52.1.tgz",
+ "integrity": "sha512-uXJbYU/5/MBHjMp1FqrILLRuiJCs3Ofk0MeRDk8g1S1gD47U8X3JnSwcMO1rtRo1x1a7zKaQHaoYu49p/4eSKw==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/api-metrics": "0.32.0",
- "require-in-the-middle": "^5.0.3",
- "semver": "^7.3.2",
+ "@opentelemetry/api-logs": "0.52.1",
+ "@types/shimmer": "^1.0.2",
+ "import-in-the-middle": "^1.8.1",
+ "require-in-the-middle": "^7.1.1",
+ "semver": "^7.5.2",
"shimmer": "^1.2.1"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": "^1.0.0"
+ "@opentelemetry/api": "^1.3.0"
}
},
"node_modules/@opentelemetry/instrumentation-grpc": {
- "version": "0.32.0",
- "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.32.0.tgz",
- "integrity": "sha512-Az6wdkPx/Mi26lT9LKFV6GhCA9prwQFPz5eCNSExTnSP49YhQ7XCjzPd2POPeLKt84ICitrBMdE1mj0zbPdLAQ==",
+ "version": "0.52.1",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.52.1.tgz",
+ "integrity": "sha512-EdSDiDSAO+XRXk/ZN128qQpBo1I51+Uay/LUPcPQhSRGf7fBPIEUBeOLQiItguGsug5MGOYjql2w/1wCQF3fdQ==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/api-metrics": "0.32.0",
- "@opentelemetry/instrumentation": "0.32.0",
- "@opentelemetry/semantic-conventions": "1.6.0"
+ "@opentelemetry/instrumentation": "0.52.1",
+ "@opentelemetry/semantic-conventions": "1.25.1"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": "^1.0.0"
+ "@opentelemetry/api": "^1.3.0"
}
},
"node_modules/@opentelemetry/instrumentation-grpc/node_modules/@opentelemetry/semantic-conventions": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.6.0.tgz",
- "integrity": "sha512-aPfcBeLErM/PPiAuAbNFLN5sNbZLc3KZlar27uohllN8Zs6jJbHyJU1y7cMA6W/zuq+thkaG8mujiS+3iD/FWQ==",
+ "version": "1.25.1",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.25.1.tgz",
+ "integrity": "sha512-ZDjMJJQRlyk8A1KZFCc+bCbsyrn1wTwdNt56F7twdfUfnHUZUq77/WfONCj8p72NZOyP7pNTdUWSTYC3GTbuuQ==",
+ "license": "Apache-2.0",
"engines": {
"node": ">=14"
}
},
"node_modules/@opentelemetry/propagator-b3": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.24.1.tgz",
- "integrity": "sha512-nda97ZwhpZKyUJTXqQuKzNhPMUgMLunbbGWn8kroBwegn+nh6OhtyGkrVQsQLNdVKJl0KeB5z0ZgeWszrYhwFw==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.26.0.tgz",
+ "integrity": "sha512-vvVkQLQ/lGGyEy9GT8uFnI047pajSOVnZI2poJqVGD3nJ+B9sFGdlHNnQKophE3lHfnIH0pw2ubrCTjZCgIj+Q==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/core": "1.24.1"
+ "@opentelemetry/core": "1.26.0"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/propagator-jaeger": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.24.1.tgz",
- "integrity": "sha512-7bRBJn3FG1l195A1m+xXRHvgzAOBsfmRi9uZ5Da18oTh7BLmNDiA8+kpk51FpTsU1PCikPVpRDNPhKVB6lyzZg==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.26.0.tgz",
+ "integrity": "sha512-DelFGkCdaxA1C/QA0Xilszfr0t4YbGd3DjxiCDPh34lfnFr+VkkrjV9S8ZTJvAzfdKERXhfOxIKBoGPJwoSz7Q==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/core": "1.24.1"
+ "@opentelemetry/core": "1.26.0"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/resources": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.24.1.tgz",
- "integrity": "sha512-cyv0MwAaPF7O86x5hk3NNgenMObeejZFLJJDVuSeSMIsknlsj3oOZzRv3qSzlwYomXsICfBeFFlxwHQte5mGXQ==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.26.0.tgz",
+ "integrity": "sha512-CPNYchBE7MBecCSVy0HKpUISEeJOniWqcHaAHpmasZ3j9o6V3AyBzhRc90jdmemq0HOxDr6ylhUbDhBqqPpeNw==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/core": "1.24.1",
- "@opentelemetry/semantic-conventions": "1.24.1"
+ "@opentelemetry/core": "1.26.0",
+ "@opentelemetry/semantic-conventions": "1.27.0"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/sdk-trace-base": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.24.1.tgz",
- "integrity": "sha512-zz+N423IcySgjihl2NfjBf0qw1RWe11XIAWVrTNOSSI6dtSPJiVom2zipFB2AEEtJWpv0Iz6DY6+TjnyTV5pWg==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.26.0.tgz",
+ "integrity": "sha512-olWQldtvbK4v22ymrKLbIcBi9L2SpMO84sCPY54IVsJhP9fRsxJT194C/AVaAuJzLE30EdhhM1VmvVYR7az+cw==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/core": "1.24.1",
- "@opentelemetry/resources": "1.24.1",
- "@opentelemetry/semantic-conventions": "1.24.1"
+ "@opentelemetry/core": "1.26.0",
+ "@opentelemetry/resources": "1.26.0",
+ "@opentelemetry/semantic-conventions": "1.27.0"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/sdk-trace-node": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.24.1.tgz",
- "integrity": "sha512-/FZX8uWaGIAwsDhqI8VvQ+qWtfMNlXjaFYGc+vmxgdRFppCSSIRwrPyIhJO1qx61okyYhoyxVEZAfoiNxrfJCg==",
+ "version": "1.26.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.26.0.tgz",
+ "integrity": "sha512-Fj5IVKrj0yeUwlewCRwzOVcr5avTuNnMHWf7GPc1t6WaT78J6CJyF3saZ/0RkZfdeNO8IcBl/bNcWMVZBMRW8Q==",
+ "license": "Apache-2.0",
"dependencies": {
- "@opentelemetry/context-async-hooks": "1.24.1",
- "@opentelemetry/core": "1.24.1",
- "@opentelemetry/propagator-b3": "1.24.1",
- "@opentelemetry/propagator-jaeger": "1.24.1",
- "@opentelemetry/sdk-trace-base": "1.24.1",
+ "@opentelemetry/context-async-hooks": "1.26.0",
+ "@opentelemetry/core": "1.26.0",
+ "@opentelemetry/propagator-b3": "1.26.0",
+ "@opentelemetry/propagator-jaeger": "1.26.0",
+ "@opentelemetry/sdk-trace-base": "1.26.0",
"semver": "^7.5.2"
},
"engines": {
"node": ">=14"
},
"peerDependencies": {
- "@opentelemetry/api": ">=1.0.0 <1.9.0"
+ "@opentelemetry/api": ">=1.0.0 <1.10.0"
}
},
"node_modules/@opentelemetry/semantic-conventions": {
- "version": "1.24.1",
- "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.24.1.tgz",
- "integrity": "sha512-VkliWlS4/+GHLLW7J/rVBA00uXus1SWvwFvcUDxDwmFxYfg/2VI6ekwdXS28cjI8Qz2ky2BzG8OUHo+WeYIWqw==",
+ "version": "1.27.0",
+ "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.27.0.tgz",
+ "integrity": "sha512-sAay1RrB+ONOem0OZanAR1ZI/k7yDpnOQSQmTMuGImUQb2y8EbSaCJ94FQluM74xoU03vlb2d2U90hZluL6nQg==",
+ "license": "Apache-2.0",
"engines": {
"node": ">=14"
}
@@ -549,30 +564,44 @@
"resolved": "https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.0.tgz",
"integrity": "sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw=="
},
+ "node_modules/@pulumi/aws": {
+ "version": "6.52.0",
+ "resolved": "https://registry.npmjs.org/@pulumi/aws/-/aws-6.52.0.tgz",
+ "integrity": "sha512-Q1XHHk9y5YDQ8PkYa3tDnh6173goQCMUNhJKG4A0u87M4oa68Erbo5wgX4x7pbJ0Z4QixVX2eELJGwsy+6+dAw==",
+ "license": "Apache-2.0",
+ "dependencies": {
+ "@pulumi/pulumi": "^3.0.0",
+ "builtin-modules": "3.0.0",
+ "mime": "^2.0.0",
+ "resolve": "^1.7.1"
+ }
+ },
"node_modules/@pulumi/cloudinit": {
- "version": "1.4.3",
- "resolved": "https://registry.npmjs.org/@pulumi/cloudinit/-/cloudinit-1.4.3.tgz",
- "integrity": "sha512-bdtxP8LsVkJyQX7fvm8hv8AZlSsNLLjrf0ocLgplyAQJzzAYcAXsfNYxWjBejL79euiiCIoG6547kFJNyEQePQ==",
+ "version": "1.4.6",
+ "resolved": "https://registry.npmjs.org/@pulumi/cloudinit/-/cloudinit-1.4.6.tgz",
+ "integrity": "sha512-BEwpzxxemu/MyAmddYLdax1xJAaXbsgj5rGmHrDAZNerXyltZCC0Dy1sZqgewSiBF5n2f2rZ96Gfysdmy86p0Q==",
+ "license": "Apache-2.0",
"dependencies": {
"@pulumi/pulumi": "^3.0.0"
}
},
"node_modules/@pulumi/pulumi": {
- "version": "3.115.2",
- "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.115.2.tgz",
- "integrity": "sha512-IgKk5UsBp7QfQetBcFKUvpkUfCz6JeiIjnD084uvEFML8okJPjzpTvHRkPGXlVvAIIj3q77UVlkB42NPI7vd+w==",
+ "version": "3.133.0",
+ "resolved": "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.133.0.tgz",
+ "integrity": "sha512-GP5pEmc9yOfbKM59oJqFIKPLSHB+THp0jecWADaVIJUF5CgUE0o8kenWrdOEbYBE9tgNTSCto8MExNrG2NJH+Q==",
+ "license": "Apache-2.0",
"dependencies": {
"@grpc/grpc-js": "^1.10.1",
"@logdna/tail-file": "^2.0.6",
"@npmcli/arborist": "^7.3.1",
- "@opentelemetry/api": "^1.2.0",
- "@opentelemetry/exporter-zipkin": "^1.6.0",
- "@opentelemetry/instrumentation": "^0.32.0",
- "@opentelemetry/instrumentation-grpc": "^0.32.0",
- "@opentelemetry/resources": "^1.6.0",
- "@opentelemetry/sdk-trace-base": "^1.6.0",
- "@opentelemetry/sdk-trace-node": "^1.6.0",
- "@opentelemetry/semantic-conventions": "^1.6.0",
+ "@opentelemetry/api": "^1.9",
+ "@opentelemetry/exporter-zipkin": "^1.25",
+ "@opentelemetry/instrumentation": "^0.52",
+ "@opentelemetry/instrumentation-grpc": "^0.52",
+ "@opentelemetry/resources": "^1.25",
+ "@opentelemetry/sdk-trace-base": "^1.25",
+ "@opentelemetry/sdk-trace-node": "^1.25",
+ "@opentelemetry/semantic-conventions": "^1.25",
"@pulumi/query": "^0.3.0",
"@types/google-protobuf": "^3.15.5",
"@types/semver": "^7.5.6",
@@ -615,17 +644,19 @@
"integrity": "sha512-xfo+yLRM2zVjVEA4p23IjQWzyWl1ZhWOGobsBqRpIarzLvwNH/RAGaoehdxlhx4X92302DrpdIFgTICMN4P38w=="
},
"node_modules/@pulumi/tls": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/@pulumi/tls/-/tls-5.0.3.tgz",
- "integrity": "sha512-29NyJnkIDqftK4wA5V5zu/KSkiYXeSEXOgqoaxz37V8Lw8E29iww4fSogjIV5gDJ1pe6/2Q67pmE4BLB6U1qjA==",
+ "version": "5.0.6",
+ "resolved": "https://registry.npmjs.org/@pulumi/tls/-/tls-5.0.6.tgz",
+ "integrity": "sha512-jQiGeKMONBxXmydz5qHJdhnu1oyxCaeuW6sBEj3KOMf2sNUS3skGvftQtUtMmqheamMZsgFetg8/KSjjZt9btA==",
+ "license": "Apache-2.0",
"dependencies": {
"@pulumi/pulumi": "^3.0.0"
}
},
"node_modules/@pulumiverse/acme": {
- "version": "0.0.1",
- "resolved": "https://registry.npmjs.org/@pulumiverse/acme/-/acme-0.0.1.tgz",
- "integrity": "sha512-TPDBOCNnkdqsFfekumB4o4p886vMXPOPQYAGgC6bPJL5B3X+gA7tgf1AcZ/SZsxMCIpTbylbIFgXb0eQsXCVcw==",
+ "version": "0.3.1",
+ "resolved": "https://registry.npmjs.org/@pulumiverse/acme/-/acme-0.3.1.tgz",
+ "integrity": "sha512-0DBcx7zZPLsVqEf91bCU41rfY2rzZP3l3DVFt8dPxwSvhGtBj3fNsvReoKaxu34tG8F0Xp5Y7Ko77woy6GqG+g==",
+ "license": "Apache-2.0",
"dependencies": {
"@pulumi/pulumi": "^3.0.0"
}
@@ -788,6 +819,12 @@
"resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz",
"integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ=="
},
+ "node_modules/@types/shimmer": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/@types/shimmer/-/shimmer-1.2.0.tgz",
+ "integrity": "sha512-UE7oxhQLLd9gub6JKIAhDq06T0F6FnztwMNRvYgjeQSBeMc1ZG/tA47EwfduvkuQS8apbkM/lpLpWsaCeYsXVg==",
+ "license": "MIT"
+ },
"node_modules/@types/tmp": {
"version": "0.2.6",
"resolved": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz",
@@ -801,6 +838,27 @@
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
}
},
+ "node_modules/acorn": {
+ "version": "8.12.1",
+ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz",
+ "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==",
+ "license": "MIT",
+ "bin": {
+ "acorn": "bin/acorn"
+ },
+ "engines": {
+ "node": ">=0.4.0"
+ }
+ },
+ "node_modules/acorn-import-attributes": {
+ "version": "1.9.5",
+ "resolved": "https://registry.npmjs.org/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz",
+ "integrity": "sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ==",
+ "license": "MIT",
+ "peerDependencies": {
+ "acorn": "^8"
+ }
+ },
"node_modules/agent-base": {
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz",
@@ -886,6 +944,15 @@
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
"integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="
},
+ "node_modules/builtin-modules": {
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.0.0.tgz",
+ "integrity": "sha512-hMIeU4K2ilbXV6Uv93ZZ0Avg/M91RaKXucQ+4me2Do1txxBDyDZWCBa5bJSLqoNTRpXTLwEzIk1KmloenDDjhg==",
+ "license": "MIT",
+ "engines": {
+ "node": ">=6"
+ }
+ },
"node_modules/cacache": {
"version": "18.0.3",
"resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.3.tgz",
@@ -955,6 +1022,12 @@
"node": ">=10"
}
},
+ "node_modules/cjs-module-lexer": {
+ "version": "1.4.1",
+ "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.4.1.tgz",
+ "integrity": "sha512-cuSVIHi9/9E/+821Qjdvngor+xpnlwnuwIyZOaLmHBVdXL+gP+I6QQB9VkO7RI77YIcTV+S1W9AreJ5eN63JBA==",
+ "license": "MIT"
+ },
"node_modules/clean-stack": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
@@ -1127,11 +1200,12 @@
}
},
"node_modules/debug": {
- "version": "4.3.4",
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
- "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+ "version": "4.3.7",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
+ "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==",
+ "license": "MIT",
"dependencies": {
- "ms": "2.1.2"
+ "ms": "^2.1.3"
},
"engines": {
"node": ">=6.0"
@@ -1503,6 +1577,18 @@
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
}
},
+ "node_modules/import-in-the-middle": {
+ "version": "1.11.0",
+ "resolved": "https://registry.npmjs.org/import-in-the-middle/-/import-in-the-middle-1.11.0.tgz",
+ "integrity": "sha512-5DimNQGoe0pLUHbR9qK84iWaWjjbsxiqXnw6Qz64+azRgleqv9k2kTt5fw7QsOpmaGYtuxxursnPPsnTKEx10Q==",
+ "license": "Apache-2.0",
+ "dependencies": {
+ "acorn": "^8.8.2",
+ "acorn-import-attributes": "^1.9.5",
+ "cjs-module-lexer": "^1.2.2",
+ "module-details-from-path": "^1.0.3"
+ }
+ },
"node_modules/imurmurhash": {
"version": "0.1.4",
"resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
@@ -1735,6 +1821,18 @@
"resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
"integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w=="
},
+ "node_modules/mime": {
+ "version": "2.6.0",
+ "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz",
+ "integrity": "sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==",
+ "license": "MIT",
+ "bin": {
+ "mime": "cli.js"
+ },
+ "engines": {
+ "node": ">=4.0.0"
+ }
+ },
"node_modules/mimic-fn": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
@@ -1931,12 +2029,14 @@
"node_modules/module-details-from-path": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/module-details-from-path/-/module-details-from-path-1.0.3.tgz",
- "integrity": "sha512-ySViT69/76t8VhE1xXHK6Ch4NcDd26gx0MzKXLO+F7NOtnqH68d9zF94nT8ZWSxXh8ELOERsnJO/sWt1xZYw5A=="
+ "integrity": "sha512-ySViT69/76t8VhE1xXHK6Ch4NcDd26gx0MzKXLO+F7NOtnqH68d9zF94nT8ZWSxXh8ELOERsnJO/sWt1xZYw5A==",
+ "license": "MIT"
},
"node_modules/ms": {
- "version": "2.1.2",
- "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
- "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "license": "MIT"
},
"node_modules/negotiator": {
"version": "0.6.3",
@@ -2431,16 +2531,17 @@
}
},
"node_modules/require-in-the-middle": {
- "version": "5.2.0",
- "resolved": "https://registry.npmjs.org/require-in-the-middle/-/require-in-the-middle-5.2.0.tgz",
- "integrity": "sha512-efCx3b+0Z69/LGJmm9Yvi4cqEdxnoGnxYxGxBghkkTTFeXRtTCmmhO0AnAfHz59k957uTSuy8WaHqOs8wbYUWg==",
+ "version": "7.4.0",
+ "resolved": "https://registry.npmjs.org/require-in-the-middle/-/require-in-the-middle-7.4.0.tgz",
+ "integrity": "sha512-X34iHADNbNDfr6OTStIAHWSAvvKQRYgLO6duASaVf7J2VA3lvmNYboAHOuLC2huav1IwgZJtyEcJCKVzFxOSMQ==",
+ "license": "MIT",
"dependencies": {
- "debug": "^4.1.1",
+ "debug": "^4.3.5",
"module-details-from-path": "^1.0.3",
- "resolve": "^1.22.1"
+ "resolve": "^1.22.8"
},
"engines": {
- "node": ">=6"
+ "node": ">=8.6.0"
}
},
"node_modules/resolve": {
@@ -2522,7 +2623,8 @@
"node_modules/shimmer": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.1.tgz",
- "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw=="
+ "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==",
+ "license": "BSD-2-Clause"
},
"node_modules/signal-exit": {
"version": "3.0.7",
@@ -3040,9 +3142,10 @@
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
},
"node_modules/yaml": {
- "version": "2.4.2",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz",
- "integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==",
+ "version": "2.5.1",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.1.tgz",
+ "integrity": "sha512-bLQOjaX/ADgQ20isPJRvF0iRUHIxVhYvr53Of7wGcWlO2jvtUlH5m87DsmulFVxRpNLOnI4tB6p/oh8D7kpn9Q==",
+ "license": "ISC",
"bin": {
"yaml": "bin.mjs"
},
diff --git a/examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json
index 52ec3ce..41ef50c 100644
--- a/examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json
+++ b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json
@@ -5,10 +5,11 @@
"@types/node": "^18"
},
"dependencies": {
- "@pulumi/cloudinit": "1.4.3",
- "@pulumi/pulumi": "3.115.2",
- "@pulumi/tls": "5.0.3",
- "@pulumiverse/acme": "0.0.1",
- "yaml": "2.4.2"
+ "@pulumi/aws": "6.52.0",
+ "@pulumi/cloudinit": "1.4.6",
+ "@pulumi/pulumi": "3.133.0",
+ "@pulumi/tls": "5.0.6",
+ "@pulumiverse/acme": "0.3.1",
+ "yaml": "2.5.1"
}
-}
\ No newline at end of file
+}
diff --git a/knowledge base/letsencrypt.md b/knowledge base/letsencrypt.md
index 3940eda..a32f48a 100644
--- a/knowledge base/letsencrypt.md
+++ b/knowledge base/letsencrypt.md
@@ -2,11 +2,15 @@
1. [Challenges](#challenges)
1. [DNS-01 challenge](#dns-01-challenge)
+1. [Limits](#limits)
+ 1. [Duplicate certificates](#duplicate-certificates)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## Challenges
+Refer [Challenge types].
+
### DNS-01 challenge
Requires one to prove one has control over the DNS for one's domain name.
@@ -31,6 +35,29 @@ One can have multiple TXT records in place for the same name.
However, make sure to clean up old TXT records: Let's Encrypt will start rejecting the request if the response size from
the DNS gets too big.
+## Limits
+
+### Duplicate certificates
+
+Refer [Duplicate certificate limit].
+
+One can request a certificate issuance for **the same _exact set_ of hostnames** up to 5 times per week.
+Once that limit is exceeded, one should receive an error message like the following:
+
+```plaintext
+too many certificates (5) already issued for this exact set of domains in the
+last 168 hours: example.com login.example.com: see https://letsencrypt.org/docs/duplicate-certificate-limit
+```
+
+In this error message example, the _exact set_ is `["example.com", "login.example.com"]`.
+
+Revoking previously issued certificates will **not** reset the duplicate certificate limit.
+Nor that limit can be overridden at the time of writing.
+
+As a workaround, one can request one or more certificates for a **different** _exact set_ of hostnames.
+E.G., requesting a certificate for `[example.com, test.example.com]` will succeed; similarly, requesting separate
+certificates for the `[example.com]` and `[login.example.com]` sets will succeed.
+
## Further readings
- [Website]
@@ -39,6 +66,7 @@ the DNS gets too big.
### Sources
- [Challenge types]
+- [Duplicate certificate limit]
-[acme]: acme.placeholder
+[acme]: acme.md
[challenge types]: https://letsencrypt.org/docs/challenge-types/
+[duplicate certificate limit]: https://letsencrypt.org/docs/duplicate-certificate-limit/
[website]: https://letsencrypt.org/