same behaviour as before.
[Stefan Eissing]
- *) mod_md: bringing over v2.0.6 from github.
- - supports the ACMEv2 protocol
- - supports the new challenge method 'tls-alpn-01'
- - supports command configuration to setup/teardown 'dns-01' challenges
- - supports wildcard certificates when dns challenges are configured
- - ACMEv2 is the new default and will be used on the next certificate renewal,
- unless another MDCertificateAuthority is configured
- - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer
- - a domain exposes its status at https://<domain>/.httpd/certificate-status
- - Managed Domains are now in Apache's 'server-status' page
- - A new handler 'md-status' exposes verbose status information in JSON format
- - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a
- Managed Domain that uses static files. Auto-renewal is turned off for those.
- - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and
- 'errored'. New 'MDWarnWindow' directive to configure when expiration warnings
- shall be issued.
- - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see
- announcement by Let's Encrypt:
- https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
- [Stefan Eissing]
-
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
[Michael Kaufmann <mail michael-kaufmann.ch>]
- *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
- non-privilegded apache user to be able to read them. See github issue
- <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
-
*) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`.
[Eric Covener]
projects / apache / commitdiff