lacme/debian/patches/series, branch debian/buster Small ACME client written with process isolation and minimal privileges in mind Use upstream certificate chain instead of an hardcoded one. 2020-11-26T01:10:05+00:00 Guilhem Moulin guilhem@fripost.org 2020-11-26T00:19:45+00:00 f2514b36b8c9f519452106fbc84ca69f1955ada1 This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default). 
This is a breaking change.  The certificate indicated by 'CAfile' is no
longer used as is in 'certificate-chain' (along with the leaf cert).
The chain returned by the ACME v2 endpoint is used instead.  This allows
for more flexbility with respect to key/CA rotation, cf.
https://letsencrypt.org/2020/11/06/own-two-feet.html and
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018

Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt
which is a concatenation of all known active CA certificates (which
includes the previous default).
Issue GET and POST-as-GET requests (RFC 8555 sec. 6.3) 2019-08-26T10:35:58+00:00 Guilhem Moulin guilhem@fripost.org 2019-08-21T16:55:48+00:00 aa779d1f1658a1244e2cba03b07ea9be3c4ee2a0 For the authorizations, order and certificate URLs. See RFC 8555 sec. 7.1. Let's Encrypt will remove support of unauthenticated GETs from the V2 API on 01 Nov 2019: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380 
For the  authorizations, order and certificate URLs.
See RFC 8555 sec. 7.1.

Let's Encrypt will remove support of unauthenticated GETs from the V2
API on 01 Nov 2019:

    https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
Mention the Debian BTS in the manpages. 2016-06-14T15:45:58+00:00 Guilhem Moulin guilhem@fripost.org 2016-06-14T15:39:16+00:00 955a29db14877a8374d7ef334e33a042925df418