aboutsummaryrefslogtreecommitdiffstats
path: root/lacme.8.md
Commit message (Collapse)AuthorAgeFiles
* accountd: replace internal option --conn-fd=FD with flag --stdio.Guilhem Moulin2021-02-181
| | | | | Using stdin/stdout makes it possible to tunnel the accountd connection through ssh.
* Split client/webserver/accountd commands on whitespace.Guilhem Moulin2021-02-181
| | | | This doesn't change the default behavior.
* Don't load configuration files from ./ by default.Guilhem Moulin2021-02-181
| | | | | | | This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer consider ./lacme.conf resp. ./lacme-accountd.conf as default location for the configuration file. Doing so has security implications when running these program from insecure directories.
* typofixGuilhem Moulin2021-02-151
|
* Add support for TLS Feature extension from RFC 7633.Guilhem Moulin2021-02-151
| | | | This is mostly useful for OCSP Must-Staple.
* challenge-directory now needs to be set to an *existing* directory.Guilhem Moulin2021-02-141
| | | | | | | Since lacme(8) spawns a builtin webserver by default the change doesn't affect default configurations. See https://bugs.debian.org/970800 for the rationale.
* lacme: allow direct use challenge-directory .well-known/acme-challengeBenjamin Tietz2021-02-141
|
* Improve user/group documentation.Guilhem Moulin2021-02-121
|
* Improve keyUsage documentation.Guilhem Moulin2021-02-121
|
* Raise client timeout from 10 to 30s.Guilhem Moulin2021-02-121
|
* lacme: new flag `--force`.Guilhem Moulin2020-12-091
| | | | | Which aliases to `--min-days=-1`, i.e., forces renewal regardless of the expiration date of existing certificates.
* Make unprivileged user/group for the internal client resp. webserver ↵Guilhem Moulin2020-12-091
| | | | configurable.
* Fix broken URLs.Guilhem Moulin2020-12-091
|
* documentation: emphasize default values in the config file.Guilhem Moulin2020-12-091
| | | | | Also, move the most common options ('hash', 'keyUsage', 'CAfile', 'min-days') to the default section.
* wibbleGuilhem Moulin2020-12-091
|
* documentation: suggest to generate private key material with genpkey(1ssl).Guilhem Moulin2020-12-091
| | | | | * Also suggest a command to generate an ECDSA key not just RSA. * Hint at which key algorithms are supported.
* Use upstream certicate chain instead of an hardcoded one.upstream/0.7Guilhem Moulin2020-11-261
| | | | | | | | | | | | | This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default).
* Upgrade links to secure HTTP.Guilhem Moulin2020-08-041
|
* Ignore [accountd] section from lacme.conf when the --socket option is defined.Guilhem Moulin2020-08-041
| | | | | This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 .
* Makefile: Use variables for target directories etc.Guilhem Moulin2020-08-041
|
* Change default libexec dir from /usr/lib/lacme to /usr/libexec/lacme.Guilhem Moulin2020-08-031
|
* Install lacme manpage to section 8.Guilhem Moulin2020-08-031
As it's a system command, see hier(7) for details.