1# Change Log 2This file contains a log of major changes in dehydrated 3 4## [0.7.0] - 2020-12-10 5## Added 6- Support for external account bindings 7- Special support for ZeroSSL 8- Support presets for some CAs instead of requiring URLs 9- Allow requesting preferred chain (`--preferred-chain`) 10- Added method to show CAs current terms of service (`--display-terms`) 11- Allow setting path to domains.txt using cli arguments (`--domains-txt`) 12- Added new cli command `--cleanupdelete` which deletes old files instead of archiving them 13 14## Fixed 15- No more silent failures on broken hook-scripts 16- Better error-handling with KEEP_GOING enabled 17- Check actual order status instead of assuming it's valid 18- Don't include keyAuthorization in challenge validation (RFC compliance) 19 20## Changed 21- Using EC secp384r1 as default certificate type 22- Use JSON.sh to parse JSON 23- Use account URL instead of account ID (RFC compliance) 24- Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated 25- Added `OCSP_FETCH` and `OCSP_DAYS` to per-certificate configurable options 26- Cleanup now also removes dangling symlinks 27 28## [0.6.5] - 2019-06-26 29## Fixed 30- Fixed broken APIv1 compatibility from last update 31 32## [0.6.4] - 2019-06-25 33## Changed 34- Fetch account ID from Location header instead of account json 35 36## [0.6.3] - 2019-06-25 37## Changed 38- OCSP refresh interval is now configurable 39- Implemented POST-as-GET 40- Call exit_hook on errors (with error-message as first parameter) 41 42## Added 43- Initial support for tls-alpn-01 validation 44- New hook: sync_cert (for syncing certificate files to disk, see example hook description) 45 46## Fixes 47- Fetch account information after registration to avoid missing account id 48 49## [0.6.2] - 2018-04-25 50## Added 51- New deploy_ocsp hook 52- Allow account registration with custom key 53 54## Changed 55- Don't walk certificate chain for ACMEv2 (certificate contains chain by default) 56- Improved documentation on wildcards 57 58## Fixes 59- Added workaround for compatibility with filesystem ACLs 60- Close unwanted external file-descriptors 61- Fixed JSON parsing on force-renewal 62- Fixed cleanup of challenge files/dns-entries on validation errors 63- A few more minor fixes 64 65## [0.6.1] - 2018-03-13 66## Changed 67- Use new ACME v2 endpoint by default 68 69## [0.6.0] - 2018-03-11 70## Changed 71- Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support) 72- Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory) 73 74## Added 75- Support for ACME v02 (including wildcard certificates!) 76- New hook: generate_csr (see example hook script for more information) 77- Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored... 78 79## [0.5.0] - 2018-01-13 80## Changed 81- Certificate chain is now cached (CHAINCACHE) 82- OpenSSL binary path is now configurable (OPENSSL) 83- Cleanup now also moves revoked certificates 84 85## Added 86- New feature for updating contact information (--account) 87- Allow automatic cleanup on exit (AUTO_CLEANUP) 88- Initial support for fetching OCSP status to be used for OCSP stapling (OCSP_FETCH) 89- Certificates can now have aliases to create multiple certificates with identical set of domains (see --alias and domains.txt documentation) 90- Allow dehydrated to run as specified user (/group) 91 92## [0.4.0] - 2017-02-05 93## Changed 94- dehydrated now asks you to read and accept the CAs terms of service before creating an account 95- Skip challenges for already validated domains 96- Removed need for some special commands (BusyBox compatibility) 97- Exported a few more variables for use in hook-scripts 98- fullchain.pem now actually contains the full chain instead of just the certificate with an intermediate cert 99 100## Added 101- Added private-key rollover functionality 102- Added `--lock-suffix` option for allowing parallel execution 103- Added `invalid_challenge` hook 104- Added `request_failure` hook 105- Added `exit_hook` hook 106- Added standalone `register` command 107 108## [0.3.1] - 2016-09-13 109## Changed 110- Renamed project to `dehydrated`. 111- Default WELLKNOWN location is now `/var/www/dehydrated` 112- Config location is renamed to `dehydrated` (e.g. `/etc/dehydrated`) 113 114## [0.3.0] - 2016-09-07 115## Changed 116- Config is now named `config` instead of `config.sh`! 117- Location of domains.txt is now configurable via DOMAINS_TXT config variable 118- Location of certs directory is now configurable via CERTDIR config variable 119- signcsr command now also outputs chain certificate if --full-chain/-fc is set 120- Location of account-key(s) changed 121- Default WELLKNOWN location is now `/var/www/letsencrypt` 122- New version of Let's Encrypt Subscriber Agreement 123 124## Added 125- Added option to add CSR-flag indicating OCSP stapling to be mandatory 126- Initial support for configuration on per-certificate base 127- Support for per-CA account keys and custom config for output cert directory, license, etc. 128- Added option to select IP version of name to address resolution 129- Added option to run letsencrypt.sh without locks 130 131## Fixed 132- letsencrypt.sh no longer stores account keys from invalid registrations 133 134## [0.2.0] - 2016-05-22 135### Changed 136- PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid confusion with certificate keys 137- deploy_cert hook now also has the certificates timestamp as standalone parameter 138- Temporary files are now identifiable (template: letsencrypt.sh-XXXXXX) 139- Private keys are now regenerated by default 140 141### Added 142- Added documentation to repository 143 144### Fixed 145- Fixed bug with uppercase names in domains.txt (script now converts everything to lowercase) 146- mktemp no longer uses the deprecated `-t` parameter. 147- Compatibility with "pretty" json 148 149## [0.1.0] - 2016-03-25 150### Changed 151- This is the first numbered version of letsencrypt.sh 152