diff options
| author | Stefan Eissing <icing@apache.org> | 2019-06-24 18:04:32 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2019-06-24 18:04:32 +0200 |
| commit | 2498e69562bf086ad2a9f05292a988d75fbd3aa3 (patch) | |
| tree | 73c8bfa40cee8bb41fb0ee0db9a18cfd47e8201f /CHANGES | |
| parent | mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+. (diff) | |
| download | apache2-2498e69562bf086ad2a9f05292a988d75fbd3aa3.tar.xz apache2-2498e69562bf086ad2a9f05292a988d75fbd3aa3.zip | |
*) mod_md: bringing over v2.0.6 from github.
- supports the ACMEv2 protocol
- supports the new challenge method 'tls-alpn-01'
- supports command configuration to setup/teardown 'dns-01' challenges
- supports wildcard certificates when dns challenges are configured
- ACMEv2 is the new default and will be used on the next certificate renewal,
unless another MDCertificateAuthority is configured
- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer
- a domain exposes its status at https://<domain>/.httpd/certificate-status
- Managed Domains are now in Apache's 'server-status' page
- A new handler 'md-status' exposes verbose status information in JSON format
- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a
Managed Domain that uses static files. Auto-renewal is turned off for those.
- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and
'errored'. New 'MDWarnWindow' directive to configure when expiration warnings
shall be issued.
- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see
announcement by Let's Encrypt:
https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862013 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -1,6 +1,27 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_md: bringing over v2.0.6 from github. + - supports the ACMEv2 protocol + - supports the new challenge method 'tls-alpn-01' + - supports command configuration to setup/teardown 'dns-01' challenges + - supports wildcard certificates when dns challenges are configured + - ACMEv2 is the new default and will be used on the next certificate renewal, + unless another MDCertificateAuthority is configured + - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer + - a domain exposes its status at https://<domain>/.httpd/certificate-status + - Managed Domains are now in Apache's 'server-status' page + - A new handler 'md-status' exposes verbose status information in JSON format + - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a + Managed Domain that uses static files. Auto-renewal is turned off for those. + - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and + 'errored'. New 'MDWarnWindow' directive to configure when expiration warnings + shall be issued. + - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see + announcement by Let's Encrypt: + https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380 + [Stefan Eissing] + *) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+. [Graham Leggett] |