diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2017-06-28 22:33:37 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2017-06-28 22:33:37 +0200 |
| commit | 4a730d372818f86ae42dbe1d89ec63fc67c9f462 (patch) | |
| tree | f98bf6e24a4e0284472703b2e60c449037c24b9d /Changelog | |
| parent | 871aa1f53d428f31902b4428f8bae11ccea8c5f7 (diff) | |
| parent | 99902d8737cd01b2788ec51b06d314a36135be2c (diff) | |
Merge branch 'master' into debian
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,29 @@ +lacme (0.3) upstream; + + + When parsing config-cert files and directories (default "lacme-certs.conf + lacme-certs.conf.d"), import the default section of files read earlier. + + new-cert: create certificate files atomically. + + webserver: allow listening to multiple addresses (useful when + dual-stack IPv4/IPv6 is not supported). Listen to a UNIX-domain + socket by default </var/run/lacme.socket>. + + webserver: don't install temporary iptables by default. Hosts + without a public HTTP daemon listening on port 80 need to set the + 'listen' option to [::] and/or 0.0.0.0, and possibly set the + 'iptables' option to Yes. + + Change 'min-days' default from 10 to 21, to avoid expiration notices + from Let's Encrypt when auto-renewal is done by a cronjob. + + Provide nginx configuration snippet. + - Ensure lacme's config file descriptor is not passed to the accountd + or webserver components. + - new-cert: sort section names if not passed explicitely. + - new-cert: new CLI option "min-days" overriding the value found in + the configuration file. + - new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3 + extensions as critical in the CSR, following upstream fix of + Boulder's issue #565. + + -- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100 + lacme (0.2) upstream; + Honor Retry-After headers for certificate issuance and challenge |