blob: 59d5153f0db8a69e748342948e568cf4d84b005a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
lacme (0.3) upstream;
+ When parsing config-cert files and directories (default "lacme-certs.conf
lacme-certs.conf.d"), import the default section of files read earlier.
+ new-cert: create certificate files atomically.
+ webserver: allow listening to multiple addresses (useful when
dual-stack IPv4/IPv6 is not supported). Listen to a UNIX-domain
socket by default </var/run/lacme.socket>.
+ webserver: don't install temporary iptables by default. Hosts
without a public HTTP daemon listening on port 80 need to set the
'listen' option to [::] and/or 0.0.0.0, and possibly set the
'iptables' option to Yes.
+ Change 'min-days' default from 10 to 21, to avoid expiration notices
from Let's Encrypt when auto-renewal is done by a cronjob.
+ Provide nginx configuration snippet.
- Ensure lacme's config file descriptor is not passed to the accountd
or webserver components.
- new-cert: sort section names if not passed explicitely.
- new-cert: new CLI option "min-days" overriding the value found in
the configuration file.
- new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3
extensions as critical in the CSR, following upstream fix of
Boulder's issue #565.
-- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100
lacme (0.2) upstream;
+ Honor Retry-After headers for certificate issuance and challenge
responses.
+ Update example of Subscriber Agreement URL to v1.1.1.
+ lacme: automaticall spawn lacme-acountd when a "[accountd]" section
is present in the configuration file. The "socket" option is then
ignored, and the two processes communicate through a socket pair.
+ lacme: add an option --quiet to avoid mentioning valid certs (useful
in cronjobs)
+ "config-certs" now points to a space separated list of files or
directories. New default "lacme-certs.conf lacme-certs.conf.d/".
- Minor manpage fixes
- More useful message upon Validation Challenge failure.
-- Guilhem Moulin <guilhem@guilhem.org> Sat, 03 Dec 2016 16:40:56 +0100
lacme (0.1) upstream;
* Initial public release. Development was started in December 2015.
-- Guilhem Moulin <guilhem@guilhem.org> Tue, 14 Jun 2016 17:30:58 +0200
|
