Changes from upstream

CHANGELOG

@@ -3,10 +3,40 @@ This file contains a log of major changes in dehydrated
 
 ## [x.x.x] - xxxx-xx-xx
 ## Changed
+- OCSP refresh interval is now configurable
+
+## Added
+- Initial support for tls-alpn-01 validation
+
+## [0.6.2] - 2018-04-25
+## Added
+- New deploy_ocsp hook
+- Allow account registration with custom key
+
+## Changed
+- Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
+- Improved documentation on wildcards
+
+## Fixes
+- Added workaround for compatibility with filesystem ACLs
+- Close unwanted external file-descriptors
+- Fixed JSON parsing on force-renewal
+- Fixed cleanup of challenge files/dns-entries on validation errors
+- A few more minor fixes
+
+## [0.6.1] - 2018-03-13
+## Changed
+- Use new ACME v2 endpoint by default
+
+## [0.6.0] - 2018-03-11
+## Changed
 - Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
+- Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
 
 ## Added
 - Support for ACME v02 (including wildcard certificates!)
+- New hook: generate_csr (see example hook script for more information)
+- Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
 
 ## [0.5.0] - 2018-01-13
 ## Changed

README.md

@@ -2,19 +2,21 @@
 
 ![](docs/logo.jpg)
 
-This is a client for signing certificates with an ACME-server (currently only provided by Let's Encrypt) implemented as a relatively simple bash-script.
+Dehydrated is a client for signing certificates with an ACME-server (e.g. Let's Encrypt) implemented as a relatively simple (zsh-compatible) bash-script.
+This client supports both ACME v1 and the new ACME v2 including support for wildcard certificates!
 
 It uses the `openssl` utility for everything related to actually handling keys and certificates, so you need to have that installed.
 
-Other dependencies are: cURL, sed, grep, mktemp (all found on almost any system, cURL being the only exception)
+Other dependencies are: cURL, sed, grep, awk, mktemp (all found pre-installed on almost any system, cURL being the only exception).
 
 Current features:
-- Signing of a list of domains
-- Signing of a CSR
-- Renewal if a certificate is about to expire or SAN (subdomains) changed
+- Signing of a list of domains (including wildcard domains!)
+- Signing of a custom CSR (either standalone or completely automated using hooks!)
+- Renewal if a certificate is about to expire or defined set of domains changed
 - Certificate revocation
 
-Please keep in mind that this software and even the acme-protocol are relatively young and may still have some unresolved issues. Feel free to report any issues you find with this script or contribute by submitting a pull request.
+Please keep in mind that this software, the ACME-protocol and all supported CA servers out there are relatively young and there might be a few issues. Feel free to report any issues you find with this script or contribute by submitting a pull request,
+but please check for duplicates first (feel free to comment on those to get things rolling).
 
 ## Getting started
 
@@ -72,6 +74,7 @@ Parameters:
  --config (-f) path/to/config     Use specified config file
  --hook (-k) path/to/hook.sh      Use specified script for hooks
  --out (-o) certs/directory       Output certificates into the specified directory
+ --alpn alpn-certs/directory      Output alpn verification certificates into the specified directory
  --challenge (-t) http-01|dns-01  Which challenge should be used? Currently http-01 and dns-01 are supported
  --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
 ```
@@ -86,12 +89,12 @@ Without those hobbies I probably would never have started working on dehydrated
 I'd really appreciate if you could [donate a bit of money](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=23P9DSJBTY7C8)
 so I can buy cool stuff (while still being able to afford food :D).  
 
-If you have hardware laying around that you think I'd enjoy playing with (e.g. decomissioned but still modern-ish servers,
+If you have hardware laying around that you think I'd enjoy playing with (e.g. decommissioned but still modern-ish servers,
 10G networking hardware, enterprise grade routers or APs, interesting ARM/MIPS boards, etc.) and that you would be willing
-to ship to me please contact me at `donations@dehydrated.de` or on Twitter [@lukas2511](https://twitter.com/lukas2511).
+to ship to me please contact me at `donations@dehydrated.io` or on Twitter [@lukas2511](https://twitter.com/lukas2511).
 
-If you want your name to be added to the [donations list](https://dehydrated.de/donations.html) please add a note or send me an
-email `donations@dehydrated.de`. I respect your privacy and won't publish your name without permission.
+If you want your name to be added to the [donations list](https://dehydrated.io/donations.html) please add a note or send me an
+email `donations@dehydrated.io`. I respect your privacy and won't publish your name without permission.
 
 Other ways of donating:
  - [My Amazon Wishlist](http://www.amazon.de/registry/wishlist/1TUCFJK35IO4Q)