mod_md_drive.c

Checkout Tools
  • last updated 35 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
*) mod_md: Adding the several new features.

The module offers an implementation of OCSP Stapling that can replace fully or

for a limited set of domains the existing one from mod_ssl. OCSP handling

is part of mod_md's monitoring and message notifications. If can be used

for sites that do not have ACME certificates.

The url for a CTLog Monitor can be configured. It is used in the server-status

to link to the external status page of a certicate.

The MDMessageCmd is called with argument "installed" when a new certificate

has been activated on server restart/reload. This allows for processing of

the new certificate, for example to applications that require it in different

locations or formats.

  1. … 50 more files in changeset.
* mod_md: fix compiler warnings

  1. … 7 more files in changeset.
*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

  1. … 48 more files in changeset.