Releases: kpcyrd/acme-redirect
v0.7.0
What's Changed
This release benefited greatly from technical help by our friend @cpu (contributor to both ACME and rustls), thanks and much appreciated! He also wrote a blogpost explaining the technical details.
- Urgent: a recent change in Let's Encrypt broke issuing certificates with multiple domain names, this is fixed in acme-redirect 0.7.0 #40
- Fix badNonce detection (kpcyrd/acme-micro#8, thanks @franklx)
- Drop time 0.1 dependency (kpcyrd/acme-micro#7, thanks @benaryorg)
- Add feature flag to enable vendored openssl
- Replace
openssl::x509::X509
with the tls-parser Rust crate - Clarify license in Cargo.toml, bump Rust edition
- Add repro-env files for reproducible builds
- Improve error messages for fatal errors when starting the daemon
- Update dependencies - however none of these advisories seem exploitable beyond (potentially) DoS
- Fix RUSTSEC-2020-0071 -
time
- Fix RUSTSEC-2021-0145 -
atty
(windows only) - Fix RUSTSEC-2023-0001 -
tokio
- Fix RUSTSEC-2023-0005 -
tokio
- Fix RUSTSEC-2023-0022 -
openssl
- Fix RUSTSEC-2023-0023 -
openssl
- Fix RUSTSEC-2023-0024 -
openssl
- Fix RUSTSEC-2023-0034 -
h2
- Fix RUSTSEC-2023-0044 -
openssl
- Fix RUSTSEC-2023-0052 -
webpki
- Fix RUSTSEC-2023-0059 -
users
- Fix RUSTSEC-2023-0072 -
openssl
- Fix RUSTSEC-2024-0003 -
h2
- Fix RUSTSEC-2024-0019 -
mio
(windows only) - Fix RUSTSEC-2024-0332 -
h2
- Fix RUSTSEC-2024-0336 -
rustls
- Fix RUSTSEC-2024-0357 -
openssl
- Fix RUSTSEC-2020-0071 -
Thanks
We'd like to thank @SantiagoTorres and @repi for their support on github sponsors.
v0.6.2
- Fix issues with the release pipeline
Thanks
We'd like to thank @SantiagoTorres, @repi and @rgacogne for their support on github sponsors.
v0.6.1
Release v0.6.1
v0.6.0
- Write an additional
fullbundle
file - Update dependencies (clap to v4, actix-web to v4)
- Use /usr/bin instead of /usr/local/bin
Thanks
We'd like to thank @SantiagoTorres, @repi and @rgacogne for their support on github sponsors.
v0.5.3
- Fix "missing field `contact` at line 13 column 1" error caused by letsencrypt api response change
Thanks
We'd like to thank @SantiagoTorres and @repi for their support on github sponsors.
v0.5.2
- Update dependencies
Thanks
We'd like to thank @SantiagoTorres and @repi for their support on github sponsors.
v0.5.1
- Reduced timeout for check http requests
- Add flag to only execute hooks
- Make data and challenge directory configurable in config file
- Add subcommand to dump config as json
Thanks
We'd like to thank @repi for their support on github sponsors.
v0.5.0
- In addition to the regular files, also create
bundle
files that contain both the certificate and private key - Introduce a global
exec=
option that is executed if the certificate doesn't have anyexec=
hooks configured, and also add a globalexec_extra=
option for hooks that are always executed even if the certificate has hooks configured - In addition to
privkey
andfullchain
there's now also a file calledbundle
that's a combination of both - The certificate files are now created read-only
- Update the systemd unit to wait until the network is up
- Rename the development branch from
master
tomain
- Update dependencies
Thanks
We'd like to thank @repi for their support on github sponsors.
v0.4.0
The webroot changed slightly, make sure you restart the daemon after the update.
- Add setuid and chroot support
- Add a check subcommand to test if proofs can be fetched correctly
- Add openrc support for alpine
- Create files for just the cert and just the chain
- Detect permission errors for acme-redirect status
- Add boxxy to inspect sandbox
Thanks
We'd like to thank @repi for their support on github sponsors.
v0.3.0
- Allow only renewing specific certs
- Add manpages
- Fix an issue with the contact email not being passed through
- Improve debian packaging, documentation and error messages
Thanks
We'd like to thank @repi for their support on github sponsors.