README.maintainer for details and how to return to RSA-based certificate
issuance. (jsc#ECO-3435, jsc#SLE-15909)
- Added a note about ACMEv1 deprecation
- Added a note on new ACME providers and the new non-URL provider syntax
See README.maintainer for details.
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=69
- Update to dehydrated 0.7.0 (JSC#SLE-15909)
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
OBS-URL: https://build.opensuse.org/request/show/854627
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=20
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=66
- Update to dehydrated 0.6.4
* Fetch account ID from Location header instead of account json
- Update to dehydrated 0.6.3
* OCSP refresh interval is now configurable
* Implemented POST-as-GET
* Call exit_hook on errors (with error-message as first parameter)
* Initial support for tls-alpn-01 validation
* New hook: sync_cert (for syncing certificate files to disk, see example
hook description)
* Fetch account information after registration to avoid missing account id
OBS-URL: https://build.opensuse.org/request/show/711919
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=38
- Update to dehydrated 0.6.2
Added
* New deploy_ocsp hook
* Allow account registration with custom key
Changed
* Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
* Improved documentation on wildcards
Fixes
* Added workaround for compatibility with filesystem ACLs
* Close unwanted external file-descriptors
* Fixed JSON parsing on force-renewal (bsc#1091216)
* Fixed cleanup of challenge files/dns-entries on validation errors
* A few more minor fixes
OBS-URL: https://build.opensuse.org/request/show/601877
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=33
- Updated dehydrated to 0.6.0 (osc#1084854)
Changed
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
Added
* Support for ACME v02 (including wildcard certificates!)
* New hook: generate_csr (see example hook script for more information)
* Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored... (forwarded request 585800 from dmolkentin)
OBS-URL: https://build.opensuse.org/request/show/585801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=7
- Updated dehydrated to 0.6.0 (osc#1084854)
Changed
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
Added
* Support for ACME v02 (including wildcard certificates!)
* New hook: generate_csr (see example hook script for more information)
* Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
OBS-URL: https://build.opensuse.org/request/show/585800
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=26
