aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog26
1 files changed, 26 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 6f212b0..59d5153 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,29 @@
+lacme (0.3) upstream;
+
+ + When parsing config-cert files and directories (default "lacme-certs.conf
+ lacme-certs.conf.d"), import the default section of files read earlier.
+ + new-cert: create certificate files atomically.
+ + webserver: allow listening to multiple addresses (useful when
+ dual-stack IPv4/IPv6 is not supported). Listen to a UNIX-domain
+ socket by default </var/run/lacme.socket>.
+ + webserver: don't install temporary iptables by default. Hosts
+ without a public HTTP daemon listening on port 80 need to set the
+ 'listen' option to [::] and/or 0.0.0.0, and possibly set the
+ 'iptables' option to Yes.
+ + Change 'min-days' default from 10 to 21, to avoid expiration notices
+ from Let's Encrypt when auto-renewal is done by a cronjob.
+ + Provide nginx configuration snippet.
+ - Ensure lacme's config file descriptor is not passed to the accountd
+ or webserver components.
+ - new-cert: sort section names if not passed explicitely.
+ - new-cert: new CLI option "min-days" overriding the value found in
+ the configuration file.
+ - new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3
+ extensions as critical in the CSR, following upstream fix of
+ Boulder's issue #565.
+
+ -- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100
+
lacme (0.2) upstream;
+ Honor Retry-After headers for certificate issuance and challenge