Checkout Tools
  • last updated 5 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1815483 is being indexed.

On the trunk:

mod_md v1.0.3: fixes for getting stalled on new license agreemnet from CA. Job properties persisted now to preserve change when watchdog child changes.

  1. … 4 more files in changeset.
On the trunk:

mod_md: v1.0.2, fix staging reset when MDCertificateAgreemen was initially missing.

  1. … 2 more files in changeset.
mod_md: fix [-Werror=unused-but-set-variable].
On the trunk:

*) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual hosts are no longer

auto-added to a Managed Domain. Error counts of jobs are presisted. When the server

restarts (gracefully) any errored staging areas are purged to reset the signup/renewal


  1. … 4 more files in changeset.
On the trunk:

mod_md: v1.0.0, new config directive 'MDNotifyCmd' to hook in a program when Managed

Domains have obtained/renewed their certificates successfully.

  1. … 8 more files in changeset.
On the trunk:

mod_md: v0.9.9, fix for applying challenge type based on available ports.

  1. … 7 more files in changeset.
On the trunk:

mod_md: v0.9.7

- Use of the new module flag

- Removed obsolete function from interface to mod_ssl.

- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)

- MDRequireHttps now happens before any Redirect.

  1. … 23 more files in changeset.
On the trunk:

mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out HSTS (rfc 6797) headers in https: responses.

  1. … 6 more files in changeset.
updated mod_md log tags
On the trunk:

mod_md: v0.9.5:

- New directive (srly: what do you expect at this point?) "MDMustStaple on|off" to control if

new certificates are requested with the OCSP Must Staple extension.

- Known limitation: when the server is configured to ditch and restart child processes, for example

after a certain number of connections/requests, the mod_md watchdog instance might migrate

to a new child process. Since not all its state is persisted, some messsages might appear a

second time in the logs.

- Adding checks when 'MDRequireHttps' is used. It is considered an error when 'MDPortMap 443:-'

is used - which negates that a https: port exists. Also, a warning is logged if no

VirtualHost can be found for a Managed Domain that has port 443 (or the mapped one) in

its address list.

- New directive 'MDRequireHttps' for redirecting http: traffic to a Managed Domain, permanently

or temporarily.

- Fix for using a fallback certificate on initial signup of a Managed Domain. Requires also

a changed mod_ssl patch (v5) to take effect.

- compatibility with libressl

  1. … 14 more files in changeset.
On the trunk:

mod_md: v0.9.2: new directive 'MDHttpProxy' to define a proxy for outgoing connection,

some minor bugfixes, twiddle the build system to avoid non-pic code generation.

  1. … 19 more files in changeset.
On the trunk:

*) mod_md: v0.9.1:

- various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If

someone already used percent configurations, it is advised to change these to a new value,

reload and change back to the wanted ones.

- various fixes in handling of MDPrivateKeys when specifying 2048 bits (the default) explicitly.

- mod_md version removed from top level md_store.json file. The store has its own format version

to facilitate upgrades.

  1. … 10 more files in changeset.
On the trunk:


* Improved interface to mod_ssl for fallback handling. Backward compatible to previous mod_ssl

patch, but fallbacks will not work.

* Provide a temporary, self-signed certificate with a speaking command and domain name if we

have no other cert for a Managed Domain, yet. Refs github issue #32

* Continue to provide expired or not-completely matching, existing certificate for a Managed

Domain until the renewal was successful. This is helpful when one adds a DNS name to

a MD, so the previous domains can be served while a new cert is requested.

* All files necessary to run tests are not in the release package.

* Making "http-01" the preferred challenge type again, as people "tls-sni-01" requires at least

one working certificate vhost right now - which not everyone has.

* moved part of the MD sanity checks from post_config to check_config phase, allowing for error

detection in check-only runs.

  1. … 8 more files in changeset.
On the trunk:

mod_md: v0.8.1 from github, new feats in CHANGES

  1. … 26 more files in changeset.
On the trunk:

mod_md v0.7.0:

- LIVE: the real Let's Encrypt CA is now live by default! If you need to experiment, configure


- When existing, complete certificates are renewed, the activation of the new ones is

delayed by 24 hours (or until the existing ones expire, whatever is earler) to accomodate

for clients with weird clocks, refs #1.

- Fixed store sync when MDCAChallenges was removed again from an MD.

- Fixed crash when MD matched the base server, fixes #23

- Fixed watchgod resetting staging when server processes disappeared (e.g. reached

max requests or other limits).

  1. … 14 more files in changeset.
On the trunk:

mod_md: some internal refactoring of config/sectio handling

  1. … 6 more files in changeset.
log tags for mod_ssl changes and new mod_md
  1. … 4 more files in changeset.