- Enable instantiated services (boo#1184165)
- Prepare instantiated service/timer support but not enable it:
This seems to fail due to missing systemd support right now.
So the only option at the moment is to copy the timer and unit
file for a 2nd instance. Mark all files as part of dehydrated.target
- Rework support for /etc/dehydrated/postrun-hooks.d/:
dehydrated.service nolonger starts them directly, the support was
moved to a separate unit file. Please run:
systemctl enable dehydrated-postrun-hooks.service
to restore this functionality
- Run dehydrated as dehydrated user again
- Do not use the full path for config.d in the config files, which
will simplify implementing multi instance support.
- Added more-examples.patch:
Explain how we can have per certificate key algorithms
- Add directory where cleanup can archive unused certificates
OBS-URL: https://build.opensuse.org/request/show/882190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=22
- Enable instantiated services (boo#1184165)
- Prepare instantiated service/timer support but not enable it:
This seems to fail due to missing systemd support right now.
So the only option at the moment is to copy the timer and unit
file for a 2nd instance. Mark all files as part of dehydrated.target
- Rework support for /etc/dehydrated/postrun-hooks.d/:
dehydrated.service nolonger starts them directly, the support was
moved to a separate unit file. Please run:
systemctl enable dehydrated-postrun-hooks.service
to restore this functionality
- Run dehydrated as dehydrated user again
OBS-URL: https://build.opensuse.org/request/show/882188
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=74
README.maintainer for details and how to return to RSA-based certificate
issuance. (jsc#ECO-3435, jsc#SLE-15909)
- Added a note about ACMEv1 deprecation
- Added a note on new ACME providers and the new non-URL provider syntax
See README.maintainer for details.
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=69
- Update to dehydrated 0.7.0 (JSC#SLE-15909)
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
OBS-URL: https://build.opensuse.org/request/show/854627
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=20
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=66
- Update to dehydrated 0.6.4
* Fetch account ID from Location header instead of account json
- Update to dehydrated 0.6.3
* OCSP refresh interval is now configurable
* Implemented POST-as-GET
* Call exit_hook on errors (with error-message as first parameter)
* Initial support for tls-alpn-01 validation
* New hook: sync_cert (for syncing certificate files to disk, see example
hook description)
* Fetch account information after registration to avoid missing account id
OBS-URL: https://build.opensuse.org/request/show/711919
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=38
- Update to dehydrated 0.6.2
Added
* New deploy_ocsp hook
* Allow account registration with custom key
Changed
* Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
* Improved documentation on wildcards
Fixes
* Added workaround for compatibility with filesystem ACLs
* Close unwanted external file-descriptors
* Fixed JSON parsing on force-renewal (bsc#1091216)
* Fixed cleanup of challenge files/dns-entries on validation errors
* A few more minor fixes
OBS-URL: https://build.opensuse.org/request/show/601877
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=33
