starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 14:20:30 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

10 Releases 15 Tags

RSS Feed
  • v0.7.2 fcca67b53c
    Compare

    Stable

    adam released this 2025-05-18 01:34:32 +02:00 | 11 commits to master since this release

    📅 Originally published on GitHub: Sat, 17 May 2025 23:37:55 GMT
    🏷️ Git tag created: Sat, 17 May 2025 23:34:32 GMT

    [0.7.2] - 2025-05-18

    Added

    • Implemented support for certificate profile selection
    • Added a configuration parameter to allow for timeouts during order processing (ORDER_TIMEOUT, defaults to 0 = no timeout)
    • Allowed for automatic deletion of old files (AUTO_CLEANUP_DELETE, disabled by default)
    • Added CA presets for Google Trust Services (prod: google, test: google-test)

    Changed

    • Renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs (RENEW_DAYS=32)

    Fixed

    • Changed behaviour of openssl req stdin handling to fix compatibility with OpenSSL version 3.2+
    Downloads
  • v0.7.1 ea84199863
    Compare

    Stable

    adam released this 2022-10-31 15:12:38 +01:00 | 31 commits to master since this release

    📅 Originally published on GitHub: Mon, 31 Oct 2022 14:17:03 GMT
    🏷️ Git tag created: Mon, 31 Oct 2022 14:12:38 GMT

    [0.7.1] - 2022-10-31

    Changed

    • --force no longer forces domain name revalidation by default, a new argument --force-validation has been added for that
    • Added support for EC secp521r1 algorithm (works with e.g. zerossl)
    • EC PARAMETERS are no longer written to privkey.pem (didn't seem necessary and was causing issues with various software)

    Fixed

    • Requests resulting in badNonce errors are now automatically retried (fixes operation with LE staging servers)
    • Deprecated egrep usage has been removed

    Added

    • Implemented EC for account keys
    • Domain list now also read from domains.txt.d subdirectory (behaviour might change, see docs)
    • Implemented RFC 8738 (validating/signing certificates for IP addresses instead of domain names) support (this will not work with most public CAs, if any!)
    Downloads
  • v0.7.0 082da2527c
    Compare

    Stable

    adam released this 2020-12-10 16:54:26 +01:00 | 76 commits to master since this release

    📅 Originally published on GitHub: Thu, 10 Dec 2020 15:57:13 GMT
    🏷️ Git tag created: Thu, 10 Dec 2020 15:54:26 GMT

    [0.7.0] - 2020-12-10

    Added

    • Support for external account bindings
    • Special support for ZeroSSL
    • Support presets for some CAs instead of requiring URLs
    • Allow requesting preferred chain (--preferred-chain)
    • Added method to show CAs current terms of service (--display-terms)
    • Allow setting path to domains.txt using cli arguments (--domains-txt)
    • Added new cli command --cleanupdelete which deletes old files instead of archiving them

    Fixed

    • No more silent failures on broken hook-scripts
    • Better error-handling with KEEP_GOING enabled
    • Check actual order status instead of assuming it's valid
    • Don't include keyAuthorization in challenge validation (RFC compliance)

    Changed

    • Using EC secp384r1 as default certificate type
    • Use JSON.sh to parse JSON
    • Use account URL instead of account ID (RFC compliance)
    • Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
    • Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
    • Cleanup now also removes dangling symlinks
    Downloads
  • v0.6.5 05eda91a2f
    Compare

    Stable

    adam released this 2019-06-26 12:33:35 +02:00 | 139 commits to master since this release

    📅 Originally published on GitHub: Wed, 26 Jun 2019 10:36:52 GMT
    🏷️ Git tag created: Wed, 26 Jun 2019 10:33:35 GMT

    [0.6.5] - 2019-06-26

    Fixed

    • Fixed broken APIv1 compatibility from last update
    Downloads
  • v0.6.4 4f358e22f4
    Compare

    Stable

    adam released this 2019-06-25 15:28:09 +02:00 | 140 commits to master since this release

    📅 Originally published on GitHub: Tue, 25 Jun 2019 13:40:37 GMT
    🏷️ Git tag created: Tue, 25 Jun 2019 13:28:09 GMT

    [0.6.4] - 2019-06-25

    Changed

    • Fetch account ID from Location header instead of account json
    Downloads
  • v0.6.3 f9d0b1bd70
    Compare

    Stable

    adam released this 2019-06-25 12:50:45 +02:00 | 141 commits to master since this release

    📅 Originally published on GitHub: Tue, 25 Jun 2019 11:03:08 GMT
    🏷️ Git tag created: Tue, 25 Jun 2019 10:50:45 GMT

    [0.6.3] - 2019-06-25

    Changed

    • OCSP refresh interval is now configurable
    • Implemented POST-as-GET
    • Call exit_hook on errors (with error-message as first parameter)

    Added

    • Initial support for tls-alpn-01 validation
    • New hook: sync_cert (for syncing certificate files to disk, see example hook description)

    Fixes

    • Fetch account information after registration to avoid missing account id
    Downloads
  • v0.6.2 ce3d658377
    Compare

    Stable

    adam released this 2018-04-25 23:22:40 +02:00 | 160 commits to master since this release

    📅 Originally published on GitHub: Fri, 27 Apr 2018 11:03:29 GMT
    🏷️ Git tag created: Wed, 25 Apr 2018 21:22:40 GMT

    [0.6.2] - 2018-04-25

    Added

    • New deploy_ocsp hook
    • Allow account registration with custom key

    Changed

    • Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
    • Improved documentation on wildcards

    Fixes

    • Added workaround for compatibility with filesystem ACLs
    • Close unwanted external file-descriptors
    • Fixed JSON parsing on force-renewal
    • Fixed cleanup of challenge files/dns-entries on validation errors
    • A few more minor fixes
    Downloads
  • v0.6.1 70d261a729
    Compare

    Stable

    adam released this 2018-03-13 20:57:52 +01:00 | 182 commits to master since this release

    📅 Originally published on GitHub: Tue, 13 Mar 2018 20:01:48 GMT
    🏷️ Git tag created: Tue, 13 Mar 2018 19:57:52 GMT

    [0.6.1] - 2018-03-13

    Changed

    • Use new ACME v2 endpoint by default
    Downloads
  • v0.6.0 fd3fc8af62
    Compare

    Stable

    adam released this 2018-03-11 20:19:25 +01:00 | 185 commits to master since this release

    📅 Originally published on GitHub: Sun, 11 Mar 2018 19:25:17 GMT
    🏷️ Git tag created: Sun, 11 Mar 2018 19:19:25 GMT

    [0.6.0] - 2018-03-11

    Changed

    • Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
    • Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)

    Added

    • Support for ACME v02 (including wildcard certificates!)
    • New hook: generate_csr (see example hook script for more information)
    • Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
    Downloads
  • v0.5.0 4a811759dc
    Compare

    Stable

    adam released this 2018-01-13 20:08:12 +01:00 | 231 commits to master since this release

    📅 Originally published on GitHub: Sat, 13 Jan 2018 19:12:50 GMT
    🏷️ Git tag created: Sat, 13 Jan 2018 19:08:12 GMT

    [0.5.0] - 2018-01-13

    Changed

    • Certificate chain is now cached (CHAINCACHE)
    • OpenSSL binary path is now configurable (OPENSSL)
    • Cleanup now also moves revoked certificates

    Added

    • New feature for updating contact information (--account)
    • Allow automatic cleanup on exit (AUTO_CLEANUP)
    • Initial support for fetching OCSP status to be used for OCSP stapling (OCSP_FETCH)
    • Certificates can now have aliases to create multiple certificates with identical set of domains (see --alias and domains.txt documentation)
    • Allow dehydrated to run as specified user (/group)
    Downloads