[PR #956] [CLOSED] implemented certificate profile selection (draft-aaron-acme-profiles-00) #972

New Issue

adam · 2025-12-29T02:18:50+01:00

adam commented

2025-12-29 02:18:50 +01:00

📋 Pull Request Information

Original PR: https://github.com/dehydrated-io/dehydrated/pull/956
Author: @zhangyoufu
Created: 1/14/2025
Status: ❌ Closed

Base: master ← Head: master

📝 Commits (1)

30f509b implemented certificate profile selection (draft-aaron-acme-profiles-00)

📊 Changes

1 file changed (+53 additions, -2 deletions)

View changed files

📝 dehydrated (+53 -2)

📄 Description

Let's Encrypt announced Certificate Profile Selection feature. A profile describes a collection of attributes about the certificate that will be issued, such as what extensions it will contain, how long it will be valid for, and more.

This feature is currently available in Let's Encrypt staging environment. ACME clients are encouraged to introduce support for this new field.

https://letsencrypt.org/2025/01/09/acme-profiles/
https://datatracker.ietf.org/doc/html/draft-aaron-acme-profiles-00

In this PR, this feature is implemented as global configuration, per-certificate configuration and command line parameter.

In case a profile is not specified, the behavior remains unchanged.

When a profile is specified but not available from the CA:

ERROR: ACME profile 'test' not found, available profiles:
  classic: The same profile you're accustomed to
  tlsserver: https://letsencrypt.org/2025/01/09/acme-profiles/

When a profile is specified but CA does not provide any valid profiles:

ERROR: ACME profile not supported by this CA

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dehydrated-io/dehydrated/pull/956 **Author:** [@zhangyoufu](https://github.com/zhangyoufu) **Created:** 1/14/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`30f509b`](https://github.com/dehydrated-io/dehydrated/commit/30f509b7b7968a652cd4732590d63240db3954f4) implemented certificate profile selection (draft-aaron-acme-profiles-00) ### 📊 Changes **1 file changed** (+53 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `dehydrated` (+53 -2) </details> ### 📄 Description Let's Encrypt announced Certificate Profile Selection feature. A profile describes a collection of attributes about the certificate that will be issued, such as what extensions it will contain, how long it will be valid for, and more. This feature is currently available in Let's Encrypt staging environment. ACME clients are encouraged to introduce support for this new field. https://letsencrypt.org/2025/01/09/acme-profiles/ https://datatracker.ietf.org/doc/html/draft-aaron-acme-profiles-00 --- In this PR, this feature is implemented as global configuration, per-certificate configuration and command line parameter. In case a profile is not specified, the behavior remains unchanged. When a profile is specified but not available from the CA: ``` ERROR: ACME profile 'test' not found, available profiles: classic: The same profile you're accustomed to tlsserver: https://letsencrypt.org/2025/01/09/acme-profiles/ ``` When a profile is specified but CA does not provide any valid profiles: ``` ERROR: ACME profile not supported by this CA ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 02:18:50 +01:00

adam closed this issue

2025-12-29 02:18:50 +01:00

adam referenced this issue

2025-12-29 02:18:52 +01:00

[PR #972] [CLOSED] Don't allow CDN's to send cached responses #977

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#972