0.12.0 - 2018-02-04
Upgrade Notes
This version upgrades the bundled version of the dehydrated library to deal with recent redirect changes in the Let's Encrypt service. The issue could lead to certificate registration failures in dehydrated and quota exhaustion, so upgrading is recommended. See 4aed490 or https://community.letsencrypt.org/t/dehydrated-caused-rate-limits-to-be-reached/52477/2 for more details.
Added
- Allow for the Redis
dbnumber to be configured. Thanks to @RainFlying. (#103) - Expose the storage adapter instance in the
allow_domaincallback so the Redis connection can be reused. (#38) - Add
generate_certsoption to allow for disabling SSL certification generation within specific server blocks. Thanks to @mklauber. (#91, #92) - Add
json_adapteroption for choosing a different JSON encoder/decoder library. Thanks to @meyskens. (#85, #84)
Changed
- Upgrade dehydrated to latest version from master to fix recent redirect changes in Let's Encrypt. The issue could lead to certificate registration failures in dehydrated and quota exhaustion. (4aed490)
- Make the renewal process more efficient so the dehydrated shell script is only executed when certificates are up for renewal (rather than every night). This can reduce CPU usage in environments with lots of certificates. Thanks to @brianlund. (#111, #110)
- Only call the
allow_domaincallback if a certificate is not present in shared memory. This may improve efficiency in cases where theallow_domaincallback is more costly or takes longer. Thanks to @gohai. (#107) - The internal APIs for
storage:get_cert()andssl_provider.issue_cert()has changed to return a single table of data instead of multiple values (so it's easier to pass along other metadata).
Deprecated
- If accessing the storage object off of the auto-ssl instance, use
auto_ssl.storageinstead ofauto_ssl:get("storage").
Fixed
- Fix renewals when using the file adapter and too many certificate files were present for shell globbing (#109)