diff options
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,29 @@ +lacme (0.3) upstream; + + + When parsing config-cert files and directories (default "lacme-certs.conf + lacme-certs.conf.d"), import the default section of files read earlier. + + new-cert: create certificate files atomically. + + webserver: allow listening to multiple addresses (useful when + dual-stack IPv4/IPv6 is not supported). Listen to a UNIX-domain + socket by default </var/run/lacme.socket>. + + webserver: don't install temporary iptables by default. Hosts + without a public HTTP daemon listening on port 80 need to set the + 'listen' option to [::] and/or 0.0.0.0, and possibly set the + 'iptables' option to Yes. + + Change 'min-days' default from 10 to 21, to avoid expiration notices + from Let's Encrypt when auto-renewal is done by a cronjob. + + Provide nginx configuration snippet. + - Ensure lacme's config file descriptor is not passed to the accountd + or webserver components. + - new-cert: sort section names if not passed explicitely. + - new-cert: new CLI option "min-days" overriding the value found in + the configuration file. + - new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3 + extensions as critical in the CSR, following upstream fix of + Boulder's issue #565. + + -- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100 + lacme (0.2) upstream; + Honor Retry-After headers for certificate issuance and challenge |