From 192334c448f7e1e271bca93062f2f295cb3f35c8 Mon Sep 17 00:00:00 2001 From: xenolf Date: Thu, 13 Jul 2017 03:17:00 +0200 Subject: [PATCH] Lego version 0.4.0 --- CHANGELOG.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ LICENSE | 2 +- README.md | 51 ++++++++++++++++++++++++++++----------------------- cli.go | 2 +- 4 files changed, 79 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c43c4a93..7dc1c116 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,54 @@ # Changelog +## [0.4.0] - 2017-07-13 + +### Added: +- CLI: The `--http-timeout` switch. This allows for an override of the default client HTTP timeout. +- lib: The `HTTPClient` field. This allows for an override of the default HTTP timeout for library HTTP requests. +- CLI: The `--dns-timeout` switch. This allows for an override of the default DNS timeout for library DNS requests. +- lib: The `DNSTimeout` switch. This allows for an override of the default client DNS timeout. +- lib: The `QueryRegistration` function on `acme.Client`. This performs a POST on the client registration's URI and gets the updated registration info. +- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client. +- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR. +- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line. +- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together. +- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup. +- lib: Added a memcached provider for the HTTP challenge. +- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage. +- CLI: The `--must-staple` flag. This enables OCSP must staple in the generated CSR. +- lib: The library will now honor entries in your resolv.conf. +- lib: Added a field `IssuerCertificate` to the `CertificateResource` struct. +- lib: A new DNS provider for OVH. +- lib: A new DNS provider for DNSMadeEasy. +- lib: A new DNS provider for Linode. +- lib: A new DNS provider for AuroraDNS. +- lib: A new DNS provider for NS1. +- lib: A new DNS provider for Azure DNS. +- lib: A new DNS provider for Rackspace DNS. +- lib: A new DNS provider for Exoscale DNS. +- lib: A new DNS provider for DNSPod. + +### Changed: +- lib: Exported the `PreCheckDNS` field so library users can manage the DNS check in tests. +- lib: The library will now skip challenge solving if a valid Authz already exists. + +### Removed: +- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder. + +### Fixed: +- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone. +- lib: Loading an account from file should fail if a integral part is nil +- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone. +- lib: If a registration encounteres a conflict, the old registration is now recovered. +- CLI: The account.json file no longer has the executable flag set. +- lib: Made the client registration more robust in case of a 403 HTTP response. +- lib: Fixed an issue with zone lookups when they have a CNAME in another zone. +- lib: Fixed the lookup for the authoritative zone for Google Cloud. +- lib: Fixed a race condition in the nonce store. +- lib: The Google Cloud provider now removes old entries before trying to add new ones. +- lib: Fixed a condition where we could stall due to an early error condition. +- lib: Fixed an issue where Authz object could end up in an active state after an error condition. + ## [0.3.1] - 2016-04-19 ### Added: diff --git a/LICENSE b/LICENSE index 17460b71..270cba08 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015 Sebastian Erhart +Copyright (c) 2015-2017 Sebastian Erhart Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 5dc9d550..7c773983 100644 --- a/README.md +++ b/README.md @@ -80,32 +80,37 @@ NAME: USAGE: lego [global options] command [command options] [arguments...] - + VERSION: - 0.3.1 - + 0.4.0 + COMMANDS: - run Register an account, then create and install a certificate - revoke Revoke a certificate - renew Renew a certificate - dnshelp Shows additional help for the --dns global option - help, h Shows a list of commands or help for one command - + run Register an account, then create and install a certificate + revoke Revoke a certificate + renew Renew a certificate + dnshelp Shows additional help for the --dns global option + help, h Shows a list of commands or help for one command + GLOBAL OPTIONS: - --domains, -d [--domains option --domains option] Add domains to the process - --csr, -c Certificate signing request filename, if an external CSR is to be used - --server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. - --email, -m Email used for registration and recovery contact. - --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. - --key-type, -k "rsa2048" Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 - --path "${CWD}/.lego" Directory to use for storing the data - --exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". - --webroot Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge - --http Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port - --tls Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port - --dns Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. - --help, -h show help - --version, -v print the version + --domains value, -d value Add domains to the process + --csr value, -c value Certificate signing request filename, if an external CSR is to be used + --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v01.api.letsencrypt.org/directory") + --email value, -m value Email used for registration and recovery contact. + --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. + --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048") + --path value Directory to use for storing the data (default: "/.lego") + --exclude value, -x value Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". + --webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge + --memcached-host value Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts. + --http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port + --tls value Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port + --dns value Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. + --http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) + --dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) + --dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use Google's DNS resolvers. + --pem Generate a .pem file by concatanating the .key and .crt files together. + --help, -h show help + --version, -v print the version ``` ##### CLI Example diff --git a/cli.go b/cli.go index 03589a23..cfae16c1 100644 --- a/cli.go +++ b/cli.go @@ -32,7 +32,7 @@ func main() { app.Name = "lego" app.Usage = "Let's Encrypt client written in Go" - version := "0.3.1" + version := "0.4.0" if strings.HasPrefix(gittag, "v") { version = gittag }