mirror of
https://github.com/certbot/certbot.git
synced 2026-04-06 09:35:02 -04:00
Certificats Let's Encrypt
0eb8af20a5
Fixes https://github.com/certbot/certbot/issues/10599 This approach creates a new azure stage Notify and posts to the mattermost webhook directly from within azure. The python script uses the azure rest api to get the status of the Deploy stage specifically. This will be failed if it failed, or skipped if a previous stage failed, or abandoned if it timed out. We may want to remove the existing azure build failure notification when this is merged. It can be deleted from [here](https://dev.azure.com/certbot/certbot/_settings/serviceHooks) (it's the one that says "Build release, status Failed"), although personally I think it's fine to keep it. History of alternate general approaches I investigated: 1. give azure a custom file to say a message that depends on the requestedBy field. impossible. no custom messages at all, much less dependant ones. 2. hook azure build completed webhook trigger directly to github respository_dispatch event. impossible. azure will send data in a [specific format](https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#build.complete), which is not the format [github requires](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-a-repository-dispatch-event). 3. option 2, but put a custom server somewhere to translate them. or to grab azure and send directly to mattermost. this is a horrible idea; no one wants to be managing a production server with secrets on it. 4. a mattermost bot is just a special user account. the sender still has to format the data so mm can read it. 5. block on migrating from azure to github actions. drawback: this will likely take a while, and also we're not definitely doing it. see https://github.com/certbot/certbot/issues/10581 6. smaller than 5; wrap release in a github action that calls azure inside of it. and then if we end up migrating more, it should be pretty smooth to move things inside of actions. drawback: this will probably not integrate as smoothly, given we use the azure integration. I did not investigate further. 7. there doesn't seem to be any sort of github actions event about builds passing on a certain branch that we can check 8. just message mattermost directly from within the pipeline as a final stage --> where I landed. There's further discussion in the comments about others ways we tried to structure the pipeline and get information from azure that's not super necessary to read to review this PR. Relevant links: https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#build.complete https://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops#resource-details-to-send https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#agent-variables https://learn.microsoft.com/en-us/azure/devops/pipelines/process/conditions?view=azure-devops&tabs=yaml#job-status-functions https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-a-repository-dispatch-event https://docs.github.com/en/webhooks/webhook-events-and-payloads#repository_dispatch Results of tests with the latest code are here: https://dev.azure.com/certbot/certbot/_build/results?buildId=10309&view=results https://dev.azure.com/certbot/certbot/_build/results?buildId=10310&view=results https://dev.azure.com/certbot/certbot/_build/results?buildId=10311&view=results Plus the mattermost messages did get sent. --------- Co-authored-by: Brad Warren <bmw@users.noreply.github.com> |
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| acme | ||
| certbot | ||
| certbot-apache | ||
| certbot-ci | ||
| certbot-compatibility-test | ||
| certbot-dns-cloudflare | ||
| certbot-dns-digitalocean | ||
| certbot-dns-dnsimple | ||
| certbot-dns-dnsmadeeasy | ||
| certbot-dns-gehirn | ||
| certbot-dns-google | ||
| certbot-dns-linode | ||
| certbot-dns-luadns | ||
| certbot-dns-nsone | ||
| certbot-dns-ovh | ||
| certbot-dns-rfc2136 | ||
| certbot-dns-route53 | ||
| certbot-dns-sakuracloud | ||
| certbot-nginx | ||
| letsencrypt-auto-source | ||
| letstest | ||
| newsfragments | ||
| snap | ||
| tests | ||
| tools | ||
| .coveragerc | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .isort.cfg | ||
| .pylintrc | ||
| AUTHORS.md | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE.txt | ||
| linter_plugin.py | ||
| mypy.ini | ||
| pytest.ini | ||
| README.rst | ||
| ruff.toml | ||
| SECURITY.md | ||
| towncrier.toml | ||
| tox.ini | ||
.. This file contains a series of comments that are used to include sections of this README in other files. Do not modify these comments unless you know what you are doing. tag:intro-begin |build-status| .. |build-status| image:: https://img.shields.io/azure-devops/build/certbot/ba534f81-a483-4b9b-9b4e-a60bec8fee72/5/main :target: https://dev.azure.com/certbot/certbot/_build?definitionId=5 :alt: Azure Pipelines CI status .. image:: https://raw.githubusercontent.com/EFForg/design/master/logos/certbot/eff-certbot-lockup.png :width: 200 :alt: EFF Certbot Logo Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free. .. _installation: Getting Started --------------- The best way to get started is to use our `interactive guide <https://certbot.eff.org>`_. It generates instructions based on your configuration settings. In most cases, you’ll need `root or administrator access <https://certbot.eff.org/faq/#does-certbot-require-root-administrator-privileges>`_ to your web server to run Certbot. Certbot is meant to be run directly on your web server on the command line, not on your personal computer. If you’re using a hosted service and don’t have direct access to your web server, you might not be able to use Certbot. Check with your hosting provider for documentation about uploading certificates or using certificates issued by Let’s Encrypt. Contributing ------------ If you'd like to contribute to this project please read `Developer Guide <https://certbot.eff.org/docs/contributing.html>`_. This project is governed by `EFF's Public Projects Code of Conduct <https://www.eff.org/pages/eppcode>`_. Links ===== .. Do not modify this comment unless you know what you're doing. tag:links-begin Documentation: https://certbot.eff.org/docs Software project: https://github.com/certbot/certbot Changelog: https://github.com/certbot/certbot/blob/main/certbot/CHANGELOG.md For Contributors: https://certbot.eff.org/docs/contributing.html For Users: https://certbot.eff.org/docs/using.html Main Website: https://certbot.eff.org Let's Encrypt Website: https://letsencrypt.org Community: https://community.letsencrypt.org ACME spec: `RFC 8555 <https://tools.ietf.org/html/rfc8555>`_ ACME working area in github (archived): https://github.com/ietf-wg-acme/acme .. Do not modify this comment unless you know what you're doing. tag:links-end .. Do not modify this comment unless you know what you're doing. tag:intro-end .. Do not modify this comment unless you know what you're doing. tag:features-begin Current Features ===================== * Supports multiple web servers: - Apache 2.4+ - nginx/0.8.48+ - webroot (adds files to webroot directories in order to prove control of domains and obtain certificates) - standalone (runs its own simple webserver to prove you control a domain) - other server software via `third party plugins <https://certbot.eff.org/docs/using.html#third-party-plugins>`_ * The private key is generated locally on your system. * Can talk to the Let's Encrypt CA or optionally to other ACME compliant services. * Can get domain-validated (DV) certificates. * Can revoke certificates. * Supports ECDSA (default) and RSA certificate private keys. * Can optionally install a http -> https redirect, so your site effectively runs https only. * Fully automated. * Configuration changes are logged and can be reverted. .. Do not modify this comment unless you know what you're doing. tag:features-end Thanks ------ We appreciate the donation of credits to help us test and develop Certbot from: .. image:: https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg :width: 201 :alt: DigitalOcean Logo :target: https://www.digitalocean.com/