| Commit message (Collapse) | Author | Age | Files |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/
‘config-certs’/‘challenge-directory’ configuration options *before*
privilege drop; and for the [accountd] section ‘command’/‘config’
configuration options *after* privilege drop).
lacme-accountd(1): for --config=, --socket= and --privkey= (and
‘socket’/‘privkey’ configuration options).
This also changes the default configuration file location. lacme(8) and
lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp.
/etc/lacme/lacme-accountd.conf when running as root, and
$XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf
when running as a normal user. There is no fallback to /etc anymore.
|
| | |
|
| |
|
|
|
|
|
| |
../../lacme/apache2.conf.
This is useful for enabling the snippet with `a2enconf lacme`, cf.
https://bugs.debian.org/955859 .
|
| | |
|
| |
|
|
| |
Cf. https://community.letsencrypt.org/t/staging-hierarchy-new-root-cert/145677 .
|
| | |
|
| | |
|
| |
|
|
| |
See https://letsencrypt.org/docs/staging-environment/ .
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to fully validate provided X.509 chains using that
self-contained bundle, regardless of which CAs is marqued as trusted
under /etc/ssl/certs.
Also, remove cross-signed intermediate CAs from the bundle as they're
useless in a self-contained bundle.
Also, remove decomissioned intermediate CAs Authority X3 and X4 from the
bundle.
This change bumps the minimum OpenSSL version to 1.1.0 (for
verify(1ssl)'s ‘-trusted’ and ‘-show_chain’ options).
|
| |
|
|
| |
configurable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a breaking change. The certificate indicated by 'CAfile' is no
longer used as is in 'certificate-chain' (along with the leaf cert).
The chain returned by the ACME v2 endpoint is used instead. This allows
for more flexbility with respect to key/CA rotation, cf.
https://letsencrypt.org/2020/11/06/own-two-feet.html and
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt
which is a concatenation of all known active CA certificates (which
includes the previous default).
|
| | |
|
| | |
|
| |
|
|
| |
As it's a system command, see hier(7) for details.
|
| |
|
|
| |
Honor BUILD_DOCDIR and DESTDIR variables.
|
| |
|
|
| |
the script is just a plain copy, but now accessible without make
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
