aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
* Bump Standards-Version from 3.9.8 to 4.0.0.Guilhem Moulin2017-06-282
|
* New upstream release.Guilhem Moulin2017-06-282
|
* Merge branch 'master' into debianGuilhem Moulin2017-06-288
|\
| * Provide nginx configuration snippet.Guilhem Moulin2017-06-282
| |
| * Change the default 'min-days' from 10 to 21.Guilhem Moulin2017-06-284
| | | | | | | | | | | | This avoids expiration notices from Let's Encrypt when auto-renewal is done by a cronjob: Let's Encrypt sends a notice 19 (then 9) days before expiration.
| * new-cert: use File::Temp for the temporary cert filename.Guilhem Moulin2017-06-281
| | | | | | | | This ensures we aren't overwritting existing /path/to/srv.pem.new files.
| * webserver: allow listening to multiple addresses.Guilhem Moulin2017-06-285
| | | | | | | | | | | | | | | | | | | | (Useful when dual-stack IPv4/IPv6 is not supported.) Also, change the default to listen to a UNIX-domain socket </var/run/lacme.socket>. Moreover temporary iptables rules are no longer installed. Hosts without a public HTTP daemon listening on port 80 need to set the 'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables' option to Yes.
| * new-cert: create certificate files atomically.Guilhem Moulin2017-02-242
| |
| * new-cert: mark basicConstraints and keyUsage x509v3 extensions as critical ↵Guilhem Moulin2017-02-222
| | | | | | | | | | | | | | in the CSR. Boulder's issue #565 "Golang errors on extensions marked critical" was fixed upstream, cf. https://github.com/letsencrypt/boulder/issues/565 .
| * Changelog: prefix bugfixes with '+'.Guilhem Moulin2017-02-221
| |
| * new-cert: new CLI option "min-days"Guilhem Moulin2017-02-193
| |
| * new-cert: sort section names if not passed explicitely.Guilhem Moulin2017-02-192
| |
| * Ensure lacme's config file descriptor has the FD_CLOEXEC bit set.Guilhem Moulin2017-02-192
| |
| * config-cert: import the default section of files already read.Guilhem Moulin2017-02-192
| |
| * wibbleGuilhem Moulin2017-02-192
| |
* | Change domain part of email address to debian.org.Guilhem Moulin2017-05-152
| |
* | Prepare new release.debian/0.2-1Guilhem Moulin2016-12-051
| |
* | lacme: Install /etc/lacme/lacme-certs.conf.dGuilhem Moulin2016-12-051
| |
* | Merge tag 'upstream/0.2' into debianGuilhem Moulin2016-12-057
|\| | | | | | | Upstream version 0.2
| * s/lacme-certs.d/lacme-certs.conf.d/upstream/0.2Guilhem Moulin2016-12-055
| |
| * "config-certs" now points to a list of files or directories.Guilhem Moulin2016-12-055
| |
| * s/fd-conn/conn-fd/Guilhem Moulin2016-12-052
| |
| * Prepare new release.Guilhem Moulin2016-12-031
| |
| * s/--fdopen/--fd-conn/Guilhem Moulin2016-12-032
| |
| * Precise that --socket=PATH is ignored when the config file as an "accountd" ↵Guilhem Moulin2016-12-031
| | | | | | | | section.
| * Improve formatting of config files.Guilhem Moulin2016-12-012
| |
| * wibbleGuilhem Moulin2016-12-011
| |
| * manpage: change reg ID example to 123456.Guilhem Moulin2016-12-011
| |
| * lacme: terminate the accountd when the ACME client terminates.Guilhem Moulin2016-12-011
| |
| * Revert "lacme: avoid spawning multiple accountd processes."Guilhem Moulin2016-12-011
| | | | | | | | | | | | This reverts commit 8faab5db6571972156f45b5838b23dbb0fadd5c4. We can't reuse the socket pair as we don't connect(2) to it.
| * lacme.conf: mention the default groupname for the ACME client.Guilhem Moulin2016-12-011
| |
* | Bump Standards-Version to 3.9.8. No changes.Guilhem Moulin2016-12-012
| |
* | lacme: Promote lacme-accountd from Suggests to Recommends.Guilhem Moulin2016-12-012
| |
* | Refresh patches.Guilhem Moulin2016-12-011
| |
* | Merge branch 'master' into debianGuilhem Moulin2016-12-018
|\|
| * lacme: avoid spawning multiple accountd processes.Guilhem Moulin2016-12-011
| |
| * lacme: add an option --quiet to avoid mentioning valid certs.Guilhem Moulin2016-12-012
| |
| * s/priv.key/account.key/Guilhem Moulin2016-12-011
| |
| * wibbleGuilhem Moulin2016-12-011
| |
| * wibbleGuilhem Moulin2016-12-012
| |
| * Make lacme able to spawn lacme-accountd.Guilhem Moulin2016-12-014
| |
| * typoGuilhem Moulin2016-11-303
| |
| * Stop mentioning GET-based renewal, as it was removed from the ACME IETF draft.Guilhem Moulin2016-11-301
| | | | | | | | | | https://github.com/ietf-wg-acme/acme/issues/62 https://github.com/ietf-wg-acme/acme/pull/67 :-(
| * Manpage: update Subscriber Agreement URL to v1.1.1.Guilhem Moulin2016-10-101
| | | | | | | | Cf. https://letsencrypt.org/repository/ .
| * Honor Retry-After headers for certificate issuance and challenge responses.Guilhem Moulin2016-06-301
| |
| * Add link to Boulder issue #359 (Implement Certificate Refresh).Guilhem Moulin2016-06-301
| |
| * More useful message upon Validation Challenge failure.Guilhem Moulin2016-06-301
| | | | | | | | | | Format the problem document if the JSON has an “error” key. Cf. section 7 “Identifier Validation Challenges”.
| * Minor manpage fixes.Guilhem Moulin2016-06-302
| |
* | Prepare new release.debian/0.1-1Guilhem Moulin2016-06-161
| |
* | Enclose Debian BTS URL with </>.Guilhem Moulin2016-06-151
| |