Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1862013 is being indexed.

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

  1. … 48 more files in changeset.
On the trunk:

mod_md: removing comments that documented that greenbytes has untransferable copyright to the sources. The rights, of course, remain unaffected, but maybe some people can sleep better.

  1. … 36 more files in changeset.
On the trunk:

mod_md v1.1.7 changes

  1. … 10 more files in changeset.
spelling fixes from Josh Soref via github
  1. … 12 more files in changeset.
On the trunk:

mod_md: v0.9.7

- Use of the new module flag

- Removed obsolete function from interface to mod_ssl.

- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)

- MDRequireHttps now happens before any Redirect.

  1. … 23 more files in changeset.
On the trunk:


* Improved interface to mod_ssl for fallback handling. Backward compatible to previous mod_ssl

patch, but fallbacks will not work.

* Provide a temporary, self-signed certificate with a speaking command and domain name if we

have no other cert for a Managed Domain, yet. Refs github issue #32

* Continue to provide expired or not-completely matching, existing certificate for a Managed

Domain until the renewal was successful. This is helpful when one adds a DNS name to

a MD, so the previous domains can be served while a new cert is requested.

* All files necessary to run tests are not in the release package.

* Making "http-01" the preferred challenge type again, as people "tls-sni-01" requires at least

one working certificate vhost right now - which not everyone has.

* moved part of the MD sanity checks from post_config to check_config phase, allowing for error

detection in check-only runs.

  1. … 8 more files in changeset.