aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
* Use upstream certificate chain instead of an hardcoded one.debian/0.5-1+deb10u2debian/busterGuilhem Moulin2020-11-264
| | | | | | | | | | | | | This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default).
* Issue GET and POST-as-GET requests (RFC 8555 sec. 6.3)debian/0.5-1+deb10u1Guilhem Moulin2019-08-264
| | | | | | | | | | For the authorizations, order and certificate URLs. See RFC 8555 sec. 7.1. Let's Encrypt will remove support of unauthenticated GETs from the V2 API on 01 Nov 2019: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
* Prepare new release.debian/0.5-1Guilhem Moulin2018-05-091
|
* Apply wrap-and-sort(1)Guilhem Moulin2018-05-093
|
* New dependency (lacme): libtypes-serialiser-perlGuilhem Moulin2018-05-092
|
* Build-Depends on pandoc >= 2.1Guilhem Moulin2018-05-092
|
* Bump Standards-Version to 4.1.4 (no changes necessary).Guilhem Moulin2018-05-092
|
* Refresh patchesGuilhem Moulin2018-05-091
|
* Bump Debian versionGuilhem Moulin2018-05-091
|
* Updated version 0.5 from 'upstream/0.5'Guilhem Moulin2018-05-098
|\
| * New dependency: perl module Types::Serialiserupstream/0.5Guilhem Moulin2018-05-091
| |
| * Use ACME v2 endpointsGuilhem Moulin2018-04-276
| | | | | | | | https://tools.ietf.org/html/draft-ietf-acme-acme-12
| * Fix manpage generation with pandoc >=2.1Guilhem Moulin2018-04-262
| |
* | Prepare new release.debian/0.4-1Guilhem Moulin2017-07-281
| |
* | Fix manpage generation with pandoc >=1.18.Guilhem Moulin2017-07-282
| |
* | Updated version 0.4 from 'upstream/0.4'Guilhem Moulin2017-07-282
|\|
| * Copy snippets/*.conf to /etc/lacmeupstream/0.4Guilhem Moulin2017-07-282
| |
| * Fix generation of manpages with pandoc >=1.18Guilhem Moulin2017-07-282
| |
* | Prepare new release.debian/0.3-1Guilhem Moulin2017-07-091
| |
* | Update copyright info.Guilhem Moulin2017-07-091
| |
* | Updated version 0.3 from 'upstream/'Guilhem Moulin2017-07-096
|\|
| * Update copyright infoupstream/0.3Guilhem Moulin2017-07-096
| |
* | mv config/{apache2.conf,nginx.conf} snippets/Guilhem Moulin2017-07-081
| |
* | Merge branch 'master' into debianGuilhem Moulin2017-07-089
|\|
| * Bind webserver to /var/run/lacme-www.socket by default.Guilhem Moulin2017-07-086
| |
| * mv config/{apache2.conf,nginx.conf} snippets/Guilhem Moulin2017-07-082
| |
| * lacme: Specify minimum required Socket version 1.95.Guilhem Moulin2017-07-012
| |
| * Specify minimum required Perl versions.Guilhem Moulin2017-07-015
| |
| * Avoid hash slices.Guilhem Moulin2017-07-011
| | | | | | | | That's mostly what prevents us from supporting Perl older than 5.20.
| * Ensure fdopen is called with an integer.Guilhem Moulin2017-07-014
| |
| * wibbleGuilhem Moulin2017-06-301
| |
* | Provide apache2 configuration snippet.Guilhem Moulin2017-06-291
| |
* | Merge branch 'master' into debianGuilhem Moulin2017-06-299
|\|
| * Improve docs.Guilhem Moulin2017-06-291
| |
| * Provide apache2 configuration snippet.Guilhem Moulin2017-06-293
| |
| * webserver: improve serving logic for ACME challenge responses.Guilhem Moulin2017-06-291
| | | | | | | | | | In particular, we now return "403 Forbidden" for /.well-known/acme-challenge/
| * webserver: open ACME challenge files with O_NOFOLLOW.Guilhem Moulin2017-06-291
| |
| * Remove potential race when creating ACME challenge response files.Guilhem Moulin2017-06-292
| |
| * lacme(1), lacme-accountd(1): fix version number.Guilhem Moulin2017-06-293
| |
| * webserver: refuse to follow symlink when serving ACME challenge responses.Guilhem Moulin2017-06-293
| |
| * wibbleGuilhem Moulin2017-06-291
| |
| * wibbleGuilhem Moulin2017-06-291
| |
| * Improve docs.Guilhem Moulin2017-06-292
| |
| * Improve docs.Guilhem Moulin2017-06-281
| |
| * Update README.Guilhem Moulin2017-06-281
| |
* | Bump Standards-Version from 3.9.8 to 4.0.0.Guilhem Moulin2017-06-282
| |
* | New upstream release.Guilhem Moulin2017-06-282
| |
* | Merge branch 'master' into debianGuilhem Moulin2017-06-288
|\|
| * Provide nginx configuration snippet.Guilhem Moulin2017-06-282
| |
| * Change the default 'min-days' from 10 to 21.Guilhem Moulin2017-06-284
| | | | | | | | | | | | This avoids expiration notices from Let's Encrypt when auto-renewal is done by a cronjob: Let's Encrypt sends a notice 19 (then 9) days before expiration.