aboutsummaryrefslogtreecommitdiffstats
path: root/config
Commit message (Collapse)AuthorAgeFiles
* Make unprivileged user/group for the internal client resp. webserver ↵Guilhem Moulin2020-12-091
| | | | configurable.
* s/\.pem$/.crt/Guilhem Moulin2020-12-091
|
* documentation: emphasize default values in the config file.Guilhem Moulin2020-12-091
| | | | | Also, move the most common options ('hash', 'keyUsage', 'CAfile', 'min-days') to the default section.
* documentation: clarify that "file:/path/to/account.key" can point to a ↵Guilhem Moulin2020-12-091
| | | | symmetrically-encrypted private key.
* Use upstream certicate chain instead of an hardcoded one.upstream/0.7Guilhem Moulin2020-11-261
| | | | | | | | | | | | | This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default).
* Ignore [accountd] section from lacme.conf when the --socket option is defined.Guilhem Moulin2020-08-041
| | | | | This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 .
* Makefile: Use variables for target directories etc.Guilhem Moulin2020-08-042
|
* Change default libexec dir from /usr/lib/lacme to /usr/libexec/lacme.Guilhem Moulin2020-08-031
|
* Install lacme manpage to section 8.Guilhem Moulin2020-08-031
| | | | As it's a system command, see hier(7) for details.
* Use /run for the listening socket of the webserver component.Guilhem Moulin2019-08-221
|
* Use ACME v2 endpointsGuilhem Moulin2018-04-271
| | | | https://tools.ietf.org/html/draft-ietf-acme-acme-12
* Bind webserver to /var/run/lacme-www.socket by default.Guilhem Moulin2017-07-081
|
* mv config/{apache2.conf,nginx.conf} snippets/Guilhem Moulin2017-07-082
|
* wibbleGuilhem Moulin2017-06-301
|
* Provide apache2 configuration snippet.Guilhem Moulin2017-06-292
|
* Improve docs.Guilhem Moulin2017-06-291
|
* Provide nginx configuration snippet.Guilhem Moulin2017-06-281
|
* Change the default 'min-days' from 10 to 21.Guilhem Moulin2017-06-281
| | | | | | This avoids expiration notices from Let's Encrypt when auto-renewal is done by a cronjob: Let's Encrypt sends a notice 19 (then 9) days before expiration.
* webserver: allow listening to multiple addresses.Guilhem Moulin2017-06-281
| | | | | | | | | | (Useful when dual-stack IPv4/IPv6 is not supported.) Also, change the default to listen to a UNIX-domain socket </var/run/lacme.socket>. Moreover temporary iptables rules are no longer installed. Hosts without a public HTTP daemon listening on port 80 need to set the 'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables' option to Yes.
* s/lacme-certs.d/lacme-certs.conf.d/upstream/0.2Guilhem Moulin2016-12-051
|
* "config-certs" now points to a list of files or directories.Guilhem Moulin2016-12-051
|
* Improve formatting of config files.Guilhem Moulin2016-12-012
|
* wibbleGuilhem Moulin2016-12-011
|
* lacme.conf: mention the default groupname for the ACME client.Guilhem Moulin2016-12-011
|
* s/priv.key/account.key/Guilhem Moulin2016-12-011
|
* wibbleGuilhem Moulin2016-12-011
|
* Make lacme able to spawn lacme-accountd.Guilhem Moulin2016-12-011
|
* typoGuilhem Moulin2016-11-303
|
* typoGuilhem Moulin2016-06-141
|
* Rename ‘letsencrypt-tiny’ to ‘lacme’.Guilhem Moulin2016-06-133
|
* Change the default CA from LE's X1 to X3.Guilhem Moulin2016-03-271
|
* Use restart not reload in notify commandsGuilhem Moulin2016-03-051
|
* Refactoring to use the account key manager.Guilhem Moulin2016-03-022
|
* letsencrypt-accountdGuilhem Moulin2016-03-021