lacme/certs, branch upstream/0.7 Small ACME client written with process isolation and minimal privileges in mind Use upstream certicate chain instead of an hardcoded one. 2020-11-25T23:16:06+00:00 Guilhem Moulin guilhem@fripost.org 2020-11-25T18:58:13+00:00 51369e3955cdc5bf3f1ba0f6e2d7c4d73406c111 This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default). 
This is a breaking change.  The certificate indicated by 'CAfile' is no
longer used as is in 'certificate-chain' (along with the leaf cert).
The chain returned by the ACME v2 endpoint is used instead.  This allows
for more flexbility with respect to key/CA rotation, cf.
https://letsencrypt.org/2020/11/06/own-two-feet.html and
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018

Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt
which is a concatenation of all known active CA certificates (which
includes the previous default).
Move X.509 certs to a separate directory. 2016-06-14T01:24:47+00:00 Guilhem Moulin guilhem@fripost.org 2016-06-14T01:23:32+00:00 224dbfd7ca350652719eceadaa643cc1b1bef8d9