PyPI - devnomads-cli - Versions diffs - 0.4.1__tar.gz → 0.5.1__tar.gz - Mend

devnomads-cli 0.4.1tar.gz → 0.5.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

{devnomads_cli-0.4.1 → devnomads_cli-0.5.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devnomads-cli
-Version: 0.4.1
+Version: 0.5.1
 Summary: Manage your DevNomads services from the command line
 Author-email: DevNomads <support@devnomads.nl>
 License: MIT
@@ -126,21 +126,46 @@ dncli services list | jq -r '.[].entity'
 ## Certificates
-`dncli` issues Let's Encrypt certificates over DNS-01 and HTTP-01:
+`dncli` issues Let's Encrypt certificates using the DNS-01 challenge:
 ```sh
 dncli cert issue example.com -d www.example.com -d "*.example.com"
 ```
 The first argument is the primary domain (the certificate CN); add
-extra names (SANs) by repeating `--san`/`-d`. The certificate is
-written to `~/.config/dncli/certs/<domain>/` as `cert.pem`,
-`fullchain.pem`, `chain.pem`, and `privkey.pem` (0600); override the
-location with `--out`.
+extra names (SANs) by repeating `--san`/`-d`. Every name must live in
+one of your DevNomads DNS zones, and that zone must be delegated to the
+DevNomads nameservers (`one.dns.infrapod.nl`, `two.dns.infrapod.nl`,
+`three.dns.infrapod.eu`) - otherwise issuance is refused, since the
+DNS-01 challenge records would not be visible to the CA.
+The certificate is always written to `~/.config/dncli/certs/<domain>/`
+as `cert.pem`, `fullchain.pem`, `chain.pem`, and `privkey.pem` (0600).
+Pass `--out <file>` to additionally export a single PEM bundle of
+exactly three blocks - the key, the certificate, and the issuing
+intermediate, in that order. Add `-v`/`--verbose` for detailed ACME
+progress.
 Keys are ECDSA P-384 by default. Pick another with `--key-type`
 (`ecdsa256`, `ecdsa384`, `ecdsa521`, `rsa2048`, `rsa4096`).
+Re-running `cert issue` is a no-op while the existing certificate is
+still valid for more than 21 days; pass `--force` to re-issue anyway.
+List what you have issued and re-export any of them - as a PEM bundle
+or a PKCS#12 (`.pfx`) file - without re-issuing:
+```sh
+dncli cert list
+dncli cert export example.com --out bundle.pem    # omit --out to print
+dncli cert export example.com --format pfx --out bundle.pfx
+dncli cert export example.com --format pfx --out bundle.pfx --passphrase secret
+```
+The `.pfx` is unencrypted unless you pass `--passphrase` (alias
+`--password`). Both bundle formats carry the same three items: key,
+certificate, and the issuing intermediate.
 A dehydrated-compatible DNS-01 hook ships as `dncli-dns-hook`:
 ```sh

{devnomads_cli-0.4.1 → devnomads_cli-0.5.1}/README.md RENAMED Viewed

@@ -110,21 +110,46 @@ dncli services list | jq -r '.[].entity'
 ## Certificates
-`dncli` issues Let's Encrypt certificates over DNS-01 and HTTP-01:
+`dncli` issues Let's Encrypt certificates using the DNS-01 challenge:
 ```sh
 dncli cert issue example.com -d www.example.com -d "*.example.com"
 ```
 The first argument is the primary domain (the certificate CN); add
-extra names (SANs) by repeating `--san`/`-d`. The certificate is
-written to `~/.config/dncli/certs/<domain>/` as `cert.pem`,
-`fullchain.pem`, `chain.pem`, and `privkey.pem` (0600); override the
-location with `--out`.
+extra names (SANs) by repeating `--san`/`-d`. Every name must live in
+one of your DevNomads DNS zones, and that zone must be delegated to the
+DevNomads nameservers (`one.dns.infrapod.nl`, `two.dns.infrapod.nl`,
+`three.dns.infrapod.eu`) - otherwise issuance is refused, since the
+DNS-01 challenge records would not be visible to the CA.
+The certificate is always written to `~/.config/dncli/certs/<domain>/`
+as `cert.pem`, `fullchain.pem`, `chain.pem`, and `privkey.pem` (0600).
+Pass `--out <file>` to additionally export a single PEM bundle of
+exactly three blocks - the key, the certificate, and the issuing
+intermediate, in that order. Add `-v`/`--verbose` for detailed ACME
+progress.
 Keys are ECDSA P-384 by default. Pick another with `--key-type`
 (`ecdsa256`, `ecdsa384`, `ecdsa521`, `rsa2048`, `rsa4096`).
+Re-running `cert issue` is a no-op while the existing certificate is
+still valid for more than 21 days; pass `--force` to re-issue anyway.
+List what you have issued and re-export any of them - as a PEM bundle
+or a PKCS#12 (`.pfx`) file - without re-issuing:
+```sh
+dncli cert list
+dncli cert export example.com --out bundle.pem    # omit --out to print
+dncli cert export example.com --format pfx --out bundle.pfx
+dncli cert export example.com --format pfx --out bundle.pfx --passphrase secret
+```
+The `.pfx` is unencrypted unless you pass `--passphrase` (alias
+`--password`). Both bundle formats carry the same three items: key,
+certificate, and the issuing intermediate.
 A dehydrated-compatible DNS-01 hook ships as `dncli-dns-hook`:
 ```sh

{devnomads_cli-0.4.1 → devnomads_cli-0.5.1}/devnomads_cli.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devnomads-cli
-Version: 0.4.1
+Version: 0.5.1
 Summary: Manage your DevNomads services from the command line
 Author-email: DevNomads <support@devnomads.nl>
 License: MIT
@@ -126,21 +126,46 @@ dncli services list | jq -r '.[].entity'
 ## Certificates
-`dncli` issues Let's Encrypt certificates over DNS-01 and HTTP-01:
+`dncli` issues Let's Encrypt certificates using the DNS-01 challenge:
 ```sh
 dncli cert issue example.com -d www.example.com -d "*.example.com"
 ```
 The first argument is the primary domain (the certificate CN); add
-extra names (SANs) by repeating `--san`/`-d`. The certificate is
-written to `~/.config/dncli/certs/<domain>/` as `cert.pem`,
-`fullchain.pem`, `chain.pem`, and `privkey.pem` (0600); override the
-location with `--out`.
+extra names (SANs) by repeating `--san`/`-d`. Every name must live in
+one of your DevNomads DNS zones, and that zone must be delegated to the
+DevNomads nameservers (`one.dns.infrapod.nl`, `two.dns.infrapod.nl`,
+`three.dns.infrapod.eu`) - otherwise issuance is refused, since the
+DNS-01 challenge records would not be visible to the CA.
+The certificate is always written to `~/.config/dncli/certs/<domain>/`
+as `cert.pem`, `fullchain.pem`, `chain.pem`, and `privkey.pem` (0600).
+Pass `--out <file>` to additionally export a single PEM bundle of
+exactly three blocks - the key, the certificate, and the issuing
+intermediate, in that order. Add `-v`/`--verbose` for detailed ACME
+progress.
 Keys are ECDSA P-384 by default. Pick another with `--key-type`
 (`ecdsa256`, `ecdsa384`, `ecdsa521`, `rsa2048`, `rsa4096`).
+Re-running `cert issue` is a no-op while the existing certificate is
+still valid for more than 21 days; pass `--force` to re-issue anyway.
+List what you have issued and re-export any of them - as a PEM bundle
+or a PKCS#12 (`.pfx`) file - without re-issuing:
+```sh
+dncli cert list
+dncli cert export example.com --out bundle.pem    # omit --out to print
+dncli cert export example.com --format pfx --out bundle.pfx
+dncli cert export example.com --format pfx --out bundle.pfx --passphrase secret
+```
+The `.pfx` is unencrypted unless you pass `--passphrase` (alias
+`--password`). Both bundle formats carry the same three items: key,
+certificate, and the issuing intermediate.
 A dehydrated-compatible DNS-01 hook ships as `dncli-dns-hook`:
 ```sh

devnomads-cli 0.4.1__tar.gz → 0.5.1__tar.gz

devnomads-cli 0.4.1tar.gz → 0.5.1tar.gz