burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
master
www/public/services/acme/index.html
Simon Marsh 43d55c0d23
All checks were successful
continuous-integration/drone/push Build is passing
Details
rebuild updates
2025-01-21 14:28:03 +00:00

1222 lines
44 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=2010&amp;path=livereload" data-no-instant defer></script>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="ACME">
<title>ACME | burble.dn42</title>
<link rel="icon" href="/favicon/favicon-32x32.png" type="image/x-icon">
<link rel="preload" as="font" href="/fonts/Metropolis.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-Bold.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-BoldItalic.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-Italic.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationMono.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/DroidSans.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/GeekdocIcons.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" href="/main-7a8a8dd1df.min.css" as="style">
<link rel="stylesheet" href="/main-7a8a8dd1df.min.css" media="all">
<link rel="preload" href="/mobile-2eb10ce87d.min.css" as="style">
<link rel="stylesheet" href="/mobile-2eb10ce87d.min.css" media="screen and (max-width: 45rem)">
<link rel="preload" href="/print-16259ad7b8.min.css" as="style">
<link rel="stylesheet" href="/print-16259ad7b8.min.css" media="print">
<link rel="preload" href="/custom.css" as="style">
<link rel="stylesheet" href="/custom.css" media="all">
<!-- Made with Geekdoc theme https://github.com/thegeeklab/hugo-geekdoc -->
</head>
<body>
<svg style="position: absolute; width: 0; height: 0; overflow: hidden;" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_back" xmlns="http://www.w3.org/2000/svg"><path d="M24 10.526v2.947H5.755l8.351 8.421-2.105 2.105-12-12 12-12 2.105 2.105-8.351 8.421H24z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_left_alt" xmlns="http://www.w3.org/2000/svg"><path d="M5.965 10.526V6.035L0 12l5.965 5.965v-4.491H24v-2.947H5.965z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_right_alt" xmlns="http://www.w3.org/2000/svg"><path d="M18.035 10.526V6.035L24 12l-5.965 5.965v-4.491H0v-2.947h18.035z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="bitbucket" xmlns="http://www.w3.org/2000/svg"><path d="M15.905 13.355c.189 1.444-1.564 2.578-2.784 1.839-1.375-.602-1.375-2.784-.034-3.403 1.151-.705 2.818.223 2.818 1.564zm1.907-.361c-.309-2.44-3.076-4.056-5.328-3.042-1.426.636-2.389 2.148-2.32 3.747.086 2.097 2.08 3.815 4.176 3.626s3.729-2.234 3.472-4.331zm4.108-9.315c-.756-.997-2.045-1.169-3.179-1.358-3.214-.516-6.513-.533-9.727.034-1.066.172-2.269.361-2.939 1.323 1.1 1.031 2.664 1.186 4.073 1.358 2.544.327 5.156.344 7.699.017 1.426-.172 3.008-.309 4.073-1.375zm.979 17.788c-.481 1.684-.206 3.953-1.994 4.932-3.076 1.701-6.806 1.89-10.191 1.289-1.787-.327-3.884-.894-4.864-2.578-.43-1.65-.705-3.334-.98-5.018l.103-.275.309-.155c5.121 3.386 12.288 3.386 17.427 0 .808.241.206 1.22.189 1.805zM26.01 4.951c-.584 3.764-1.255 7.51-1.908 11.257-.189 1.1-1.255 1.719-2.148 2.183-3.214 1.615-6.96 1.89-10.483 1.512-2.389-.258-4.829-.894-6.771-2.389-.911-.705-.911-1.908-1.083-2.922-.602-3.523-1.289-7.046-1.719-10.604.206-1.547 1.942-2.217 3.231-2.698C6.848.654 8.686.362 10.508.19c3.884-.378 7.854-.241 11.618.859 1.341.395 2.784.945 3.695 2.097.412.533.275 1.203.189 1.805z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="bookmark" xmlns="http://www.w3.org/2000/svg"><path d="M15.268 4.392q.868 0 1.532.638t.664 1.506v17.463l-7.659-3.268-7.608 3.268V6.536q0-.868.664-1.506t1.532-.638h10.876zm4.34 14.144V4.392q0-.868-.638-1.532t-1.506-.664H6.537q0-.868.664-1.532T8.733 0h10.876q.868 0 1.532.664t.664 1.532v17.412z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="code" xmlns="http://www.w3.org/2000/svg"><path d="M9.917 24.5a1.75 1.75 0 10-3.501.001 1.75 1.75 0 003.501-.001zm0-21a1.75 1.75 0 10-3.501.001A1.75 1.75 0 009.917 3.5zm11.666 2.333a1.75 1.75 0 10-3.501.001 1.75 1.75 0 003.501-.001zm1.75 0a3.502 3.502 0 01-1.75 3.026c-.055 6.581-4.721 8.039-7.82 9.023-2.898.911-3.846 1.349-3.846 3.117v.474a3.502 3.502 0 011.75 3.026c0 1.932-1.568 3.5-3.5 3.5s-3.5-1.568-3.5-3.5c0-1.294.711-2.424 1.75-3.026V6.526A3.502 3.502 0 014.667 3.5c0-1.932 1.568-3.5 3.5-3.5s3.5 1.568 3.5 3.5a3.502 3.502 0 01-1.75 3.026v9.06c.93-.456 1.914-.766 2.807-1.039 3.391-1.075 5.323-1.878 5.359-5.687a3.502 3.502 0 01-1.75-3.026c0-1.932 1.568-3.5 3.5-3.5s3.5 1.568 3.5 3.5z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="date" xmlns="http://www.w3.org/2000/svg"><path d="M27.192 28.844V11.192H4.808v17.652h22.384zm0-25.689q1.277 0 2.253.976t.976 2.253v22.459q0 1.277-.976 2.216t-2.253.939H4.808q-1.352 0-2.291-.901t-.939-2.253V6.385q0-1.277.939-2.253t2.291-.976h1.577V.001h3.23v3.155h12.769V.001h3.23v3.155h1.577zm-3.155 11.267v3.155h-3.23v-3.155h3.23zm-6.46 0v3.155h-3.155v-3.155h3.155zm-6.384 0v3.155h-3.23v-3.155h3.23z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="download" xmlns="http://www.w3.org/2000/svg"><path d="M2.866 28.209h26.269v3.79H2.866v-3.79zm26.268-16.925L16 24.418 2.866 11.284h7.493V.001h11.283v11.283h7.493z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="email" xmlns="http://www.w3.org/2000/svg"><path d="M28.845 9.615v-3.23L16 14.422 3.155 6.385v3.23L16 17.577zm0-6.46q1.277 0 2.216.977T32 6.385v19.23q0 1.277-.939 2.253t-2.216.977H3.155q-1.277 0-2.216-.977T0 25.615V6.385q0-1.277.939-2.253t2.216-.977h25.69z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="git" xmlns="http://www.w3.org/2000/svg"><path d="M27.472 12.753L15.247.529a1.803 1.803 0 00-2.55 0l-2.84 2.84 2.137 2.137a2.625 2.625 0 013.501 3.501l3.499 3.499a2.625 2.625 0 11-1.237 1.237l-3.499-3.499c-.083.04-.169.075-.257.106v7.3a2.626 2.626 0 11-1.75 0v-7.3a2.626 2.626 0 01-1.494-3.607L8.62 4.606l-8.09 8.09a1.805 1.805 0 000 2.551l12.225 12.224a1.803 1.803 0 002.55 0l12.168-12.168a1.805 1.805 0 000-2.551z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="github" xmlns="http://www.w3.org/2000/svg"><path d="M16 .394c8.833 0 15.999 7.166 15.999 15.999 0 7.062-4.583 13.062-10.937 15.187-.813.146-1.104-.354-1.104-.771 0-.521.021-2.25.021-4.396 0-1.5-.5-2.458-1.083-2.958 3.562-.396 7.312-1.75 7.312-7.896 0-1.75-.625-3.167-1.646-4.291.167-.417.708-2.042-.167-4.25-1.333-.417-4.396 1.646-4.396 1.646a15.032 15.032 0 00-8 0S8.937 6.602 7.603 7.018c-.875 2.208-.333 3.833-.167 4.25-1.021 1.125-1.646 2.542-1.646 4.291 0 6.125 3.729 7.5 7.291 7.896-.458.417-.875 1.125-1.021 2.146-.917.417-3.25 1.125-4.646-1.333-.875-1.521-2.458-1.646-2.458-1.646-1.562-.021-.104.979-.104.979 1.042.479 1.771 2.333 1.771 2.333.938 2.854 5.396 1.896 5.396 1.896 0 1.333.021 2.583.021 2.979 0 .417-.292.917-1.104.771C4.582 29.455-.001 23.455-.001 16.393-.001 7.56 7.165.394 15.998.394zM6.063 23.372c.042-.083-.021-.187-.146-.25-.125-.042-.229-.021-.271.042-.042.083.021.187.146.25.104.062.229.042.271-.042zm.646.709c.083-.062.062-.208-.042-.333-.104-.104-.25-.146-.333-.062-.083.062-.062.208.042.333.104.104.25.146.333.062zm.625.937c.104-.083.104-.25 0-.396-.083-.146-.25-.208-.354-.125-.104.062-.104.229 0 .375s.271.208.354.146zm.875.875c.083-.083.042-.271-.083-.396-.146-.146-.333-.167-.417-.062-.104.083-.062.271.083.396.146.146.333.167.417.062zm1.187.521c.042-.125-.083-.271-.271-.333-.167-.042-.354.021-.396.146s.083.271.271.312c.167.062.354 0 .396-.125zm1.313.104c0-.146-.167-.25-.354-.229-.187 0-.333.104-.333.229 0 .146.146.25.354.229.187 0 .333-.104.333-.229zm1.208-.208c-.021-.125-.187-.208-.375-.187-.187.042-.312.167-.292.312.021.125.187.208.375.167s.312-.167.292-.292z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="gitlab" xmlns="http://www.w3.org/2000/svg"><path d="M1.629 11.034L14 26.888.442 17.048a1.09 1.09 0 01-.39-1.203l1.578-4.811zm7.217 0h10.309l-5.154 15.854zM5.753 1.475l3.093 9.559H1.63l3.093-9.559a.548.548 0 011.031 0zm20.618 9.559l1.578 4.811c.141.437-.016.922-.39 1.203l-13.558 9.84 12.371-15.854zm0 0h-7.216l3.093-9.559a.548.548 0 011.031 0z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="heart" xmlns="http://www.w3.org/2000/svg"><path d="M16 29.714a1.11 1.11 0 01-.786-.321L4.072 18.643c-.143-.125-4.071-3.714-4.071-8 0-5.232 3.196-8.357 8.535-8.357 3.125 0 6.053 2.464 7.464 3.857 1.411-1.393 4.339-3.857 7.464-3.857 5.339 0 8.535 3.125 8.535 8.357 0 4.286-3.928 7.875-4.089 8.035L16.785 29.392c-.214.214-.5.321-.786.321z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="keyborad_arrow_down" xmlns="http://www.w3.org/2000/svg"><path d="M3.281 5.36L14 16.079 24.719 5.36 28 8.641l-14 14-14-14z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="keyborad_arrow_left" xmlns="http://www.w3.org/2000/svg"><path d="M25.875 28.25L22.125 32 6.126 16.001 22.125.002l3.75 3.75-12.25 12.25z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="keyborad_arrow_right" xmlns="http://www.w3.org/2000/svg"><path d="M6.125 28.25L18.375 16 6.125 3.75 9.875 0l15.999 15.999L9.875 31.998z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="link" xmlns="http://www.w3.org/2000/svg"><path d="M24.037 7.963q3.305 0 5.634 2.366T32 16t-2.329 5.671-5.634 2.366h-6.46v-3.08h6.46q2.028 0 3.493-1.465t1.465-3.493-1.465-3.493-3.493-1.465h-6.46v-3.08h6.46zM9.615 17.578v-3.155h12.77v3.155H9.615zM3.005 16q0 2.028 1.465 3.493t3.493 1.465h6.46v3.08h-6.46q-3.305 0-5.634-2.366T0 16.001t2.329-5.671 5.634-2.366h6.46v3.08h-6.46q-2.028 0-3.493 1.465t-1.465 3.493z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="menu" xmlns="http://www.w3.org/2000/svg"><path d="M.001 5.334h31.998v3.583H.001V5.334zm0 12.416v-3.5h31.998v3.5H.001zm0 8.916v-3.583h31.998v3.583H.001z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="notification" xmlns="http://www.w3.org/2000/svg"><path d="M22.615 19.384l2.894 2.894v1.413H2.49v-1.413l2.894-2.894V12.25q0-3.365 1.716-5.856t4.745-3.231v-1.01q0-.875.606-1.514T13.999 0t1.548.639.606 1.514v1.01q3.029.74 4.745 3.231t1.716 5.856v7.134zM14 27.999q-1.211 0-2.053-.808t-.841-2.019h5.788q0 1.144-.875 1.986T14 27.999z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="path" xmlns="http://www.w3.org/2000/svg"><path d="M28 12.62h-9.793V8.414h-2.826v11.173h2.826v-4.206H28V26.62h-9.793v-4.206H12.62v-14H9.794v4.206H.001V1.381h9.793v4.206h8.413V1.381H28V12.62z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="person" xmlns="http://www.w3.org/2000/svg"><path d="M16 20.023q5.052 0 10.526 2.199t5.473 5.754v4.023H0v-4.023q0-3.555 5.473-5.754t10.526-2.199zM16 16q-3.275 0-5.614-2.339T8.047 8.047t2.339-5.661T16 0t5.614 2.386 2.339 5.661-2.339 5.614T16 16z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="search" xmlns="http://www.w3.org/2000/svg"><path d="M11.925 20.161q3.432 0 5.834-2.402t2.402-5.834-2.402-5.834-5.834-2.402-5.834 2.402-2.402 5.834 2.402 5.834 5.834 2.402zm10.981 0L32 29.255 29.255 32l-9.094-9.094v-1.458l-.515-.515q-3.26 2.831-7.721 2.831-4.976 0-8.45-3.432T.001 11.925t3.474-8.45 8.45-3.474 8.407 3.474 3.432 8.45q0 1.802-.858 4.075t-1.973 3.646l.515.515h1.458z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="shield" xmlns="http://www.w3.org/2000/svg"><path d="M22.167 15.166V3.5h-8.166v20.726c.93-.492 2.424-1.349 3.883-2.497 1.95-1.531 4.284-3.919 4.284-6.562zm3.499-13.999v14c0 7.674-10.737 12.523-11.192 12.724-.146.073-.31.109-.474.109s-.328-.036-.474-.109c-.456-.201-11.192-5.049-11.192-12.724v-14C2.334.529 2.863 0 3.501 0H24.5c.638 0 1.167.529 1.167 1.167z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="tags" xmlns="http://www.w3.org/2000/svg"><path d="M6.606 7.549c0-1.047-.84-1.887-1.887-1.887s-1.887.84-1.887 1.887.84 1.887 1.887 1.887 1.887-.84 1.887-1.887zm15.732 8.493c0 .501-.206.988-.546 1.327l-7.239 7.254c-.354.339-.84.546-1.342.546s-.988-.206-1.327-.546L1.342 14.066C.59 13.329 0 11.899 0 10.852V4.718a1.9 1.9 0 011.887-1.887h6.134c1.047 0 2.477.59 3.229 1.342L21.792 14.7c.339.354.546.84.546 1.342zm5.661 0c0 .501-.206.988-.546 1.327l-7.239 7.254c-.354.339-.84.546-1.342.546-.767 0-1.15-.354-1.651-.87l6.93-6.93c.339-.339.546-.826.546-1.327s-.206-.988-.546-1.342L13.609 4.173c-.752-.752-2.182-1.342-3.229-1.342h3.303c1.047 0 2.477.59 3.229 1.342L27.454 14.7c.339.354.546.84.546 1.342z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="telescope" xmlns="http://www.w3.org/2000/svg"><path d="M25.026 3.335a.466.466 0 00-.646-.238L13.362 8.91a.463.463 0 00-.216.575l.227.593-6.36 3.488a.462.462 0 00-.205.583l.211.508-6.755 3.228a.463.463 0 00-.228.595l1.386 3.341a.463.463 0 00.583.259l7.056-2.5.211.508a.462.462 0 00.557.267l6.733-1.941.202.527a.46.46 0 00.566.277l12.03-3.702a.46.46 0 00.293-.613L25.026 3.335zM2.109 21.061l-1.049-2.53 6.314-3.018 1.332 3.211-6.596 2.337zm7.857-1.708l-.22-.531-1.706-4.113-.22-.53 5.863-3.216 2.197 5.676.347.908-6.261 1.806zm7.505-1.146l-.188-.491c-.003-.01-.001-.022-.006-.032l-.572-1.478-2.549-6.668 10.201-5.381 4.249 10.624-11.136 3.428zm8.943-16.723a.463.463 0 00-.86.344l5.552 13.881a.464.464 0 00.602.258.464.464 0 00.258-.602L26.413 1.484zM16.268 20.627h-2.776c-1.055 0-1.851.796-1.851 1.851v1.217l-5.44 6.347a.462.462 0 10.702.602l5.415-6.316h2.101v6.015a.463.463 0 00.926 0v-6.015h2.101l5.414 6.316a.462.462 0 10.703-.602l-5.44-6.347v-1.148c0-1.076-.813-1.92-1.851-1.92zm.925 2.777h-4.627v-.925c0-.545.38-.925.925-.925h2.776c.527 0 .925.428.925.995v.856z"/></symbol></svg>
<div class="wrapper">
<input type="checkbox" class="hidden" id="menu-control" />
<header class="gdoc-header">
<div class="container flex align-center justify-between">
<label for="menu-control" class="gdoc-nav__control">
<svg class="icon menu"><use xlink:href="#menu"></use></svg>
<svg class="icon arrow-back"><use xlink:href="#arrow_back"></use></svg>
</label>
<a class="gdoc-header__link" href="http://localhost:2010/">
<span class="gdoc-brand flex align-center">
<img class="gdoc-brand__img" src="/burble-dn42-64.png" alt="" width=359 height=64>
</span>
</a>
</div>
</header>
<main class="container flex flex-even">
<aside class="gdoc-nav">
<nav>
<div class="gdoc-search">
<svg class="icon search"><use xlink:href="#search"></use></svg>
<input type="text" id="gdoc-search-input" class="gdoc-search__input" placeholder="Search..."
aria-label="Search" maxlength="64" />
<div class="gdoc-search__spinner spinner hidden"></div>
<ul id="gdoc-search-results" class="gdoc-search__list"></ul>
</div>
<section class="gdoc-nav--main">
<h2>Navigation</h2>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/network/" class="gdoc-nav__entry ">
Network
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/network/design/" class="gdoc-nav__entry ">
Network Design
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/peering/" class="gdoc-nav__entry ">
Peering with burble.dn42
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/nodes/" class="gdoc-nav__entry ">
Node Information
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/IPAM/" class="gdoc-nav__entry ">
IPAM
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/routing-policy/" class="gdoc-nav__entry ">
Routing Policy
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/communities/" class="gdoc-nav__entry ">
BGP Communities
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/status/" class="gdoc-nav__entry ">
Realtime Status
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/abuse/" class="gdoc-nav__entry ">
Abuse Policy
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/services/" class="gdoc-nav__entry ">
Services
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/services/dn42/" class="gdoc-nav__entry ">
DN42
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/public/" class="gdoc-nav__entry ">
Public Services
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/internal/" class="gdoc-nav__entry ">
Internal Services
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/dns/" class="gdoc-nav__entry ">
DNS
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/acme/" class="gdoc-nav__entry is-active">
ACME
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/shell/" class="gdoc-nav__entry ">
Shell Accounts
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/minio/" class="gdoc-nav__entry ">
S3 Object Storage
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/ca/" class="gdoc-nav__entry ">
Certificate Authority
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/ping/" class="gdoc-nav__entry ">
Ping Challenge
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/retro/" class="gdoc-nav__entry ">
Retro42
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/retro/modem/" class="gdoc-nav__entry ">
Dialup Service
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/retro/fake/" class="gdoc-nav__entry ">
Modem Emulator
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/additional/" class="gdoc-nav__entry ">
Additional Info
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<input type="checkbox" id="navtree-fe66c08a" class="gdoc-nav__toggle" >
<label for="navtree-fe66c08a" class="flex justify-between">
<span class="flex">
<a href="/additional/maintlog/" class="gdoc-nav__entry ">
Maint. Log Archive
</a>
</span>
<svg class="icon keyborad_arrow_left"><use xlink:href="#keyborad_arrow_left"></use></svg>
<svg class="icon keyborad_arrow_down hidden"><use xlink:href="#keyborad_arrow_down"></use></svg>
</label>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/additional/maintlog/2020/" class="gdoc-nav__entry ">
2020
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/maintlog/2019/" class="gdoc-nav__entry ">
2019
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/maintlog/2018/" class="gdoc-nav__entry ">
2018
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/additional/other-stuff/" class="gdoc-nav__entry ">
Other stuff
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/things-to-do/" class="gdoc-nav__entry ">
Things to do in DN42
</a>
</span>
</li>
</ul>
</li>
</ul>
</section>
<section class="gdoc-nav--more">
<h2>More</h2>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<svg class="icon bookmark"><use xlink:href="#bookmark"></use></svg>
<a href="https://dn42.dev"
class="gdoc-nav__entry ">
DN42 Wiki
</a>
</span>
</li>
<li>
<span class="flex">
<svg class="icon git"><use xlink:href="#git"></use></svg>
<a href="https://git.dn42.dev"
class="gdoc-nav__entry ">
DN42 Registry
</a>
</span>
</li>
<li>
<span class="flex">
<svg class="icon git"><use xlink:href="#git"></use></svg>
<a href="https://git.burble.com"
class="gdoc-nav__entry ">
View Source
</a>
</span>
</li>
</ul>
</section>
</nav>
</aside>
<div class="gdoc-page">
<div class="gdoc-page__header flex flex-wrap justify-between hidden-mobile" itemscope itemtype="http://data-vocabulary.org/Breadcrumb">
<span>
<span class="breadcrumb">
<svg class="icon path"><use xlink:href="#path"></use></svg>
<a href='/'>burble.dn42</a> / <a href='/services/'>Services</a> / ACME
</span>
</span>
<span>
</span>
</div>
<article class="gdoc-markdown">
<h1>ACME</h1>
<p>burble.dn42 provides an <a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment">ACME</a>
service using an intermediate certificate issued by the
<a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a> and implemented using
a <a href="https://vaultproject.io/">HashiCorp Vault</a> cluster to provide a highly available service.</p>
<p>The following ACME challenge types are supported:</p>
<ul>
<li>http-01</li>
<li>dns-01</li>
<li>tls-alpn-01</li>
</ul>
<div class="gdoc-page__anchorwrap"><h2 id="dn42-endpoint">dn42 endpoint<a data-clipboard-text="http://localhost:2010/services/acme/#dn42-endpoint" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor dn42 endpoint" href="#dn42-endpoint"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<ul>
<li><a href="https://acme.burble.dn42/v1/dn42/acme/directory">https://acme.burble.dn42/v1/dn42/acme/directory</a></li>
</ul>
<p>The dn42 endpoint serves certificates signed by an intermediate certificate issued by the
<a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a>.</p>
<blockquote class="gdoc-hint info">
<p>Note that certificates are issued with a validity period of <strong>30 days</strong>, which is
shorter than most clearnet ACME services.</p>
<p>The recommended interval to check for expiry is 5 days.</p>
</blockquote>
<div class="gdoc-page__anchorwrap"><h2 id="staging-endpoint">Staging endpoint<a data-clipboard-text="http://localhost:2010/services/acme/#staging-endpoint" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor Staging endpoint" href="#staging-endpoint"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<ul>
<li><a href="https://acme.burble.dn42/v1/staging/acme/directory">https://acme.burble.dn42/v1/staging/acme/directory</a></li>
</ul>
<p>The staging endpoint can be used for testing and issues junk certificates.
The service uses an internal certificate authority that is specific to the staging service
and should not be trusted.</p>
<p>The staging service issues short lived certificates with a validity period of a few days.</p>
<div class="gdoc-page__anchorwrap"><h2 id="certificate-transparency">Certificate Transparency<a data-clipboard-text="http://localhost:2010/services/acme/#certificate-transparency" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor Certificate Transparency" href="#certificate-transparency"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<p><strong>TODO</strong> A simpler process will be provided at a future stage, in the meantime the vault
API can be queried manually to list issued certificates.</p>
<p>&ndash;</p>
<p>Vault provides an API for listing issued certificates, however the process for doing this
is somewhat complicated if you have not used vault before. The instructions below detail
how to interrogate the service using the vault CLI, however it is also possible to run
through the same process via the
<a href="https://developer.hashicorp.com/vault/api-docs?product_intent=vault">HTTP API</a>.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># The API endpoint to list issued certificates is an authenticated</span>
</span></span><span class="line"><span class="cl"><span class="c1"># endpoint that requires a vault token to access it.</span>
</span></span><span class="line"><span class="cl"><span class="c1"># </span>
</span></span><span class="line"><span class="cl"><span class="c1"># The burble.dn42 service includes an anonymous login that can be</span>
</span></span><span class="line"><span class="cl"><span class="c1"># used to obtain a suitable token.</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># set the VAULT_ADDR environment variable to the ACME service</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ <span class="nb">export</span> <span class="nv">VAULT_ADDR</span><span class="o">=</span><span class="s2">&#34;https://acme.burble.dn42&#34;</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># you can also set VAULT_SKIP_VERIFY=1 if you do not have the</span>
</span></span><span class="line"><span class="cl"><span class="c1"># dn42 certificate authority installed.</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Issue an anonymous token and store it in the VAULT_TOKEN env variable</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ <span class="nb">export</span> <span class="nv">VAULT_TOKEN</span><span class="o">=</span><span class="k">$(</span>vault write -field token auth/approle/login <span class="nv">role_id</span><span class="o">=</span>anonymous<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># now the vault API can be accessed</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># list issued certificates</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ vault list dn42/certs
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Keys
</span></span><span class="line"><span class="cl">----
</span></span><span class="line"><span class="cl">06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c
</span></span><span class="line"><span class="cl">0c:bb:39:a0:0a:aa:9c:d9:06:e8:9e:87:ff:54:73:c4:a6:42:9c:f0
</span></span><span class="line"><span class="cl">13:91:4f:f7:3a:0b:ca:38:cd:c6:6e:7d:4d:fb:c5:7c:ed:b0:79:1b
</span></span><span class="line"><span class="cl">39:5c:46:16:27:d8:f7:30:cc:64:1a:3c:6c:ff:c4:ac:f9:3c:3c:9c
</span></span><span class="line"><span class="cl">4b:24:32:48:d0:64:55:3b:dd:b3:00:c6:33:2d:0f:3e:eb:d7:50:02
</span></span><span class="line"><span class="cl">4c:8f:ce:e6:18:7a:05:c1:a3:11:45:c9:3c:34:0f:50:e0:75:6d:fd
</span></span><span class="line"><span class="cl">5a:03:a9:5b:07:60:d0:fb:25:28:4b:e9:93:a8:22:cd:78:d1:29:b2
</span></span><span class="line"><span class="cl">5d:26:b4:47:59:0c:0a:e9:88:b6:97:1d:2a:2b:e5:cb:d2:90:34:9e
</span></span><span class="line"><span class="cl">65:c8:33:07:fc:9a:aa:fd:85:6b:fd:b4:de:29:71:e3:8e:6c:f2:11
</span></span><span class="line"><span class="cl">68:e1:a6:4a:e1:58:ee:71:c7:a6:12:48:e2:7a:c5:84:c1:7c:21:5e
</span></span><span class="line"><span class="cl">75:cf:16:f9:06:71:ea:86:1c:51:95:89:c9:1d:ea:a1:eb:f5:6f:83
</span></span><span class="line"><span class="cl">76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># view an invidual certificate</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ vault <span class="nb">read</span> -field certificate <span class="s2">&#34;dn42/cert/76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d&#34;</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">-----BEGIN CERTIFICATE-----
</span></span><span class="line"><span class="cl">MIIDTTCCAjWgAwIBAgIUdpFuaiMUAHxfx96RxEBz2VG0+E0wDQYJKoZIhvcNAQEL
</span></span><span class="line"><span class="cl">BQAwVTELMAkGA1UEBhMCWEQxDTALBgNVBAoTBGRuNDIxFDASBgNVBAsTC2J1cmJs
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">...snip...
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">yait1CFFq4g9/bvsNfIsvN6EJ/BGXqqww6BzKt/ioSLj
</span></span><span class="line"><span class="cl">-----END CERTIFICATE-----
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># human readable output using the step CLI (https://smallstep.com/)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ vault <span class="nb">read</span> -field certificate <span class="s2">&#34;dn42/cert/06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c&#34;</span> <span class="p">|</span> step certificate inspect
</span></span><span class="line"><span class="cl">Certificate:
</span></span><span class="line"><span class="cl"> Data:
</span></span><span class="line"><span class="cl"> Version: <span class="m">3</span> <span class="o">(</span>0x2<span class="o">)</span>
</span></span><span class="line"><span class="cl"> Serial Number: <span class="m">36803586486229131299250018793512622456839458908</span> <span class="o">(</span>0x672547402eb68da62761492b4841936b1d1d05c<span class="o">)</span>
</span></span><span class="line"><span class="cl"> Signature Algorithm: SHA256-RSA
</span></span><span class="line"><span class="cl"> Issuer: <span class="nv">C</span><span class="o">=</span>XD,O<span class="o">=</span>dn42,OU<span class="o">=</span>burble.dn42,CN<span class="o">=</span>burble.dn42 staging ACME
</span></span><span class="line"><span class="cl"> Validity
</span></span><span class="line"><span class="cl"> Not Before: Oct <span class="m">2</span> 18:21:36 <span class="m">2023</span> UTC
</span></span><span class="line"><span class="cl"> Not After : Nov <span class="m">3</span> 18:22:06 <span class="m">2023</span> UTC
</span></span><span class="line"><span class="cl"> Subject: <span class="nv">CN</span><span class="o">=</span>drone.git.dn42
</span></span><span class="line"><span class="cl"> Subject Public Key Info:
</span></span><span class="line"><span class="cl"> Public Key Algorithm: RSA
</span></span><span class="line"><span class="cl"> Public-Key: <span class="o">(</span><span class="m">4096</span> bit<span class="o">)</span>
</span></span><span class="line"><span class="cl"> Modulus:
</span></span><span class="line"><span class="cl">...snip...
</span></span><span class="line"><span class="cl"> Exponent: <span class="m">65537</span> <span class="o">(</span>0x10001<span class="o">)</span>
</span></span><span class="line"><span class="cl"> X509v3 extensions:
</span></span><span class="line"><span class="cl"> X509v3 Key Usage: critical
</span></span><span class="line"><span class="cl"> Digital Signature, Key Encipherment, Key Agreement
</span></span><span class="line"><span class="cl"> X509v3 Extended Key Usage:
</span></span><span class="line"><span class="cl"> Server Authentication
</span></span><span class="line"><span class="cl"> X509v3 Subject Key Identifier:
</span></span><span class="line"><span class="cl"> 01:4A:7E:02:F3:B7:78:03:66:F9:21:97:4B:31:34:7C:31:DE:BB:86
</span></span><span class="line"><span class="cl"> X509v3 Authority Key Identifier:
</span></span><span class="line"><span class="cl"> keyid:94:D1:C3:60:C7:88:81:A6:8C:37:AE:40:42:22:48:6B:5F:36:8F:CC
</span></span><span class="line"><span class="cl"> Authority Information Access:
</span></span><span class="line"><span class="cl"> OCSP - URI:https://acme.burble.dn42/v1/dn42/ocsp
</span></span><span class="line"><span class="cl"> CA Issuers - URI:https://acme.burble.dn42/v1/dn42/ca
</span></span><span class="line"><span class="cl"> X509v3 Subject Alternative Name:
</span></span><span class="line"><span class="cl"> DNS:drone.git.dn42
</span></span><span class="line"><span class="cl"> X509v3 CRL Distribution Points:
</span></span><span class="line"><span class="cl"> Full Name:
</span></span><span class="line"><span class="cl"> URI:https://acme.burble.dn42/v1/dn42/crl
</span></span><span class="line"><span class="cl"> Signature Algorithm: SHA256-RSA
</span></span><span class="line"><span class="cl">...snip...
</span></span></code></pre></div><div class="gdoc-page__anchorwrap"><h2 id="implementation">Implementation<a data-clipboard-text="http://localhost:2010/services/acme/#implementation" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor Implementation" href="#implementation"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<p>The ACME implementation is provided by a 3-node <a href="https://www.vaultproject.io/">HashiCorp Vault</a>
cluster behind the <a href="/services/internal/#traefik--traefik-eu--traefik-na">burble.dn42 traefik load balancer</a>. Together they provide a global,
high availability service.</p>
<p>The cluster currently runs on the following nodes:</p>
<ul>
<li>uk-lon1</li>
<li>de-fra1</li>
<li>fr-par1</li>
</ul>
<p>At any time the cluster has one leader which processes all requests and replicates state to the
cluster members. The leader node automatically switches to one of the backup servers should
a failure occur.</p>
<p>The traefik load balancer runs health checks against the vault servers and automatically redirects
users to the vault cluster leader.</p>
<p>See the <a href="https://developer.hashicorp.com/vault/tutorials/day-one-raft/raft-reference-architecture">vault HA reference architecture</a> for more details.</p>
</article>
<div class="gdoc-page__footer flex flex-wrap justify-between">
</div>
</div>
</main>
<footer class="gdoc-footer">
<div class="container flex flex-wrap">
<span class="gdoc-footer__item">
Built with <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> and
<svg class="icon heart"><use xlink:href="#heart"></use></svg>
</span>
<span class="gdoc-footer__item">
<a href="/privacy" class="gdoc-footer__link">Privacy Policy</a>
</span>
</div>
</footer>
</div>
<script defer src="/js/en.search.min.e007d2b2d3ce91fd1d3bd3c2acbc3420f9defed62096fea23225713d0269f5bc.js"></script>
<script defer src="/js/clipboard-af8ab36589.min.js"></script>
<script>
document.addEventListener("DOMContentLoaded", function(event) {
var clipboard = new ClipboardJS('.clip');
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink