blob: d20acdc2c373f6c015d0521a59a416916aa3e244 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
lacme (0.7-1) unstable; urgency=high
The certificate indicated by 'CAfile' is no longer used as is in
'certificate-chain' (along with the leaf cert). The chain returned
by the ACME v2 endpoint is used instead. This allows for more
flexibility with respect to key/CA rotation. See for instance
https://letsencrypt.org/2020/11/06/own-two-feet.html and
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt which
is a concatenation of all known active CA certificates (which
includes the previous default). Starting December 2020 Let's Encrypt
will use a different chain of trust for certificate issuance, so
users will a non-default 'CAfile' might need to adjust the value.
-- Guilhem Moulin <guilhem@debian.org> Thu, 26 Nov 2020 00:08:32 +0100
|