lego/CHANGELOG.md
2016-03-16 18:32:56 +00:00

3.6 KiB

Changelog

Unreleased

Added:

  • CLI: The --dns switch. To include the DNS challenge for consideration. Supported are the following solvers: cloudflare, digitalocean, dnsimple, gandi, route53, rfc2136 and manual.
  • CLI: The --accept-tos switch. Indicates your acceptance of the Let's Encrypt terms of service without prompting you.
  • lib: A new type for challenge identifiers Challenge
  • lib: A new interface for custom challenge providers ChallengeProvider
  • lib: SetChallengeProvider function. Pass a challenge identifier and a Provider to replace the default behaviour of a challenge.
  • lib: The DNS-01 challenge has been implemented with modular solvers using the ChallengeProvider interface. Included solvers are: cloudflare, digitalocean, dnsimple, gandi, route53, rfc2136 and manual.

Changed

  • lib: ExcludeChallenges now expects to be passed an array of Challenge types.
  • lib: HTTP-01 now supports custom solvers using the ChallengeProvider interface.
  • lib: TLS-SNI-01 now supports custom solvers using the ChallengeProvider interface.

Removed

Fixed

  • lib: Fixed a race condition in HTTP-01
  • lib: Fixed an issue where status codes on ACME challenge responses could lead to no action being taken.
  • lib: Fixed a regression when calling the Renew function with a SAN certificate.

0.2.0 - 2016-01-09

Added:

  • CLI: The --exclude or -x switch. To exclude a challenge from being solved.
  • CLI: The --http switch. To set the listen address and port of HTTP based challenges. Supports host:port and :port for any interface.
  • CLI: The --tls switch. To set the listen address and port of TLS based challenges. Supports host:port and :port for any interface.
  • CLI: The --reuse-key switch for the renew operation. This lets you reuse an existing private key for renewals.
  • lib: ExcludeChallenges function. Pass an array of challenge identifiers to exclude them from solving.
  • lib: SetHTTPAddress function. Pass a port to set the listen port for HTTP based challenges.
  • lib: SetTLSAddress function. Pass a port to set the listen port of TLS based challenges.
  • lib: acme.UserAgent variable. Use this to customize the user agent on all requests sent by lego.

Changed:

  • lib: NewClient does no longer accept the optPort parameter
  • lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain.
  • lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
  • lib: ObtainCertificate has a new parameter privKey crypto.PrivateKey which lets you reuse an existing private key for new certificates.
  • lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.

Removed:

  • CLI: The --port switch was removed.
  • lib: RenewCertificate does no longer offer to also revoke your old certificate.

Fixed:

  • CLI: Fix logic using the --days parameter for renew

0.1.1 - 2015-12-18

Added:

  • CLI: Added a way to automate renewal through a cronjob using the --days parameter to renew

Changed:

  • lib: Improved log output on challenge failures.

Fixed:

  • CLI: The short parameter for domains would not get accepted
  • CLI: The cli did not return proper exit codes on error library errors.
  • lib: RenewCertificate did not properly renew SAN certificates.

Security

  • lib: Fix possible DOS on GetOCSPForCert

0.1.0 - 2015-12-03

  • Initial release