-
Notifications
You must be signed in to change notification settings - Fork 642
/
pkg-descr
585 lines (403 loc) · 13.1 KB
/
pkg-descr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
This plugin contains a full ACME protocol implementation based on the
acme.sh project. According to the authors, it's probably "the easiest
and smallest and smartest shell script" to automatically issue and renew
the free certificates from Let's Encrypt.
WWW: https://github.com/acmesh-official/acme.sh
Plugin Changelog
================
3.17
Added:
* add DNS.services DNS API (#3399)
* add RegRu DNS API (#3359)
3.16
Added:
* add RegRu DNS API
* add JD Cloud DNS API (#3315)
* new automation: deploy certificates on Palo Alto Networks Firewall (#3289)
3.15
Added:
* add online.net DNS API (#3213)
Changed:
* increase max value for certificate renewal interval (#3219)
3.14
NOTE: Users of Selfhost need to manually fix their configuration, see
https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#151-use-selfhost-dns-api
Added:
* add support for Google CA (#3029)
* add support for querying public DNS services (#3079)
Fixed:
* fix Selfhost DNS API (#3122)
* fix invalid cert state due to deploy error (#3120)
Changed:
* change default DNS sleep time to 0 (#3079)
* remove saved deploy hook from acme.sh config files (#3120)
3.13
Added:
* add Mythic Beasts DNS API (#2998)
3.12
Added:
* add Simply.com DNS API (#2888)
* add Active24 challenge type (#3049)
* add united-domains Reselling challenge type (#3066)
* add support for Zone ID in Cloudflare challenge type (#2973)
* new automation: upload certificate to Vault (#2796)
Fixed:
* re-order function parameters due to PHP8 deprecation notice (#3043)
Changed:
* simplyfi DNS service names
* relax port number restriction in SSH/SFTP automations (#3005)
3.11
Fixed:
* add missing <style> field for TransIP (#2981)
3.10
Added:
* new automation: run remote commands via SSH (#2757)
Fixed:
* unable to configure key in TransIP API (#2924)
3.9
Added:
* add support for Transip DNS API ( #2871)
* execution order of automations can be changed (#2833)
Fixed:
* fix the use of a self hosted ACME-DNS service (#2898)
3.8
NOTE: Support for the cPanel and Selfhost API is not functional. It requires
a new version of acme.sh, which has not been released yet.
Added:
* add support for cPanel HTTP API (#2731)
* add support for Selfhost DNS API (#2746)
Fixed:
* fix calculation of renewal date (#2721)
* properly handle ecc certs in automations (#2723)
Changed:
* show CA in accounts list
3.7
Fixed:
* fix SFTP buttons not visible (#2712)
* fix invalid default value when no WAN interface can be found (#2712)
* fix incompatibility with new gcloud SDK (#2710)
3.6
Added:
* new automation: update local Unifi keystore (#2664)
* add support for dynv6 HTTP API (#2678)
* add support for TLS-ALPN-01 challenge type (#2661)
Fixed:
* fix SFTP upload (#2671)
* fix PHP error when acme.sh deploy hook returns an error (#2674)
* fix path for storing pf config files when using HTTP-01
3.5
Added:
* new automation: cert upload to Synology DSM (#2236)
* new automation: cert upload to FRITZ!Box router
Fixed:
* fix logging when clog is disabled (#2555)
Changed:
* refactor code to support acme.sh deploy hooks
3.4
Changed:
* rename "Linode Cloud API" to "Linode API (v4)" (#2609)
* rename "Linode API" to "Linode API (v3 / Deprecated)" (#2609)
3.3
Added:
* add support for custom ACME CAs (#2529)
* add support for Porkbun API (#2561)
Fixed:
* fix ACME Client reset (#2562)
Changed:
* change default Challenge Type from HTTP-01 to DNS-01
3.2
Added:
* add button to (re-) import a certificate into the trust storage
Fixed:
* associate certificates with the correct CA when multiple CAs use the same name (#2550)
3.1
Changed:
* rename "LE Account" to "ACME Account" in certificate dialog (#2526)
3.0
Added:
* add support for new ACME CAs: buypass, buypass_test, sslcom, zerossl (#2361)
* add CA setting to accounts, make it possible to use multiple CAs
* add introduction pages and an option to hide them
* add tooltips for account command buttons (#2188)
* add support for custom ACME EAB kid/hmac when registering accounts
Fixed:
* properly set/get the UUID of LE objects
Changed:
* rename plugin from "Let's Encrypt client" to "ACME Client" (#2361)
* change the suffix for imports to the certificate storage to "ACME Client" (#2361)
* rename "Let's Encrypt Environment" to "ACME CA" and move to account settings (#2361)
* preserve old LE accounts/certs by adding a compatibility layer (#2361)
* update tooltip style for 21.7 (#2188)
* show more options in list view for challenge types and automations
Removed:
* remove the legacy log file and only rely on syslog logging (#2366)
* remove obsolete account parameters: certificateAuthority, lastUpdate
2.6
Added:
* add support for Nederhost DNS API (#2407)
* add support for DDNSS DNS API (#2415)
* add support for Zone.eu DNS API (#2417)
* add support for Njalla DNS API (#2446)
* add support for Domeneshop DNS API (#2390)
* add support for IONOS domain API (#2345)
Fixed:
* sftp update of write protected cert files with a numeric owner (#2426)
Changed:
* Namecheap: change IP discovery URL to avoid rate-limits (#2419)
2.5
Added:
* add native support for Vultr DNS API (#2344)
Fixed:
* ensure that the auto renewal cron job is properly disabled (#2178)
Changed:
* reload settings page to show/hide cron tab
2.4
Added:
* add new page to show AcmeClient entries from system log
* add tooltips for certificate command buttons (#2188)
Fixed:
* fix missing "--ecc" parameter when renewing ECC certs (#2223)
* fix log file location (#2227)
* fix GUI log formatting (by using the syslog log)
* fix OCSP setting not honored (#2234)
Changed:
* let acme.sh log through syslog
* revamp logs page, move acme.sh log to a sub tab
* remove legacy logs page
2.3
Added:
* add support for Infomaniak domain API (#2169)
Fixed:
* fix "auto renewal" options not working in certificate and plugin settings (#2178)
* fix Aliyun DNS API (#2200)
2.2
Added:
* add support for hexonet.com DNS API (#2134)
Fixed:
* fix DNS challenge alias mode (#2128, #2130)
Changed:
* BREAKING: use configured DNS sleep time for Namesilo instead of hardcoded value (#2121)
* BREAKING: use configured DNS sleep time for Lexicon/Namesilo instead of hardcoded value
* BREAKING: use configured DNS sleep time for Linode instead of hardcoded value
* BREAKING: use configured DNS sleep time for Linode v4 instead of hardcoded value
* BREAKING: use configured DNS sleep time for Netcup instead of hardcoded value
2.1
Added:
* add support for deSEC.io domain API (#2120)
Fixed:
* fix creation of nsupdate secrets file
* fix certificate chain when existing cert was signed by a new CA (#2126)
2.0
Added:
* add new OOP backend to improve reliability and maintainability (#1398)
* add status for accounts to backend and WebGUI
* add button to manually trigger account registration
* add support for All-Inkl.com domain API (#1130)
* add plugin changelog
Fixed:
* fix bug where configuration changes could get lost (#1526)
* fix Cyon DNS API (password not set)
Changed:
* now an Automation may run multiple times during bulk issue/renewal (previously only once)
* rename "Validation Methods" to "Challenge Types" to adopt official LE wording
* rename menu entry "Automation" to "Automations"
* specify python version for gcloud SDK
* rephrase several log messages
* add more detailed output when debug logging is enabled
1.36
Added:
* add ability to rerun automations (#1962)
1.35
Added:
* add support for Linode Cloud API (#1940)
* add support for 1984Hosting API (#1945)
Changed:
* remove outdated bundled version of dns_opnsense.sh (#1888)
1.34
Added:
* add support for dnsapi ArvanCloud (#1834)
* add support for dnsapi Hetzner (#1870)
Changed:
* restore proper sorting in DNS API list
1.33
Added:
* add NSUPDATE_ZONE support to nsupdate DNS-01 service (#1851)
1.32
Added:
* add support for Acmeproxy DNS provider (#1838)
Changed:
* improve support for dnsapi Euserv.eu (#1790)
1.31
Added:
* add support for dnsapi SchlundTech (#1728)
* add support for dnsapi Euserv (#1779)
* add support for dnsapi Leaseweb (#1670)
Changed:
* sftp export: make the "fullchain" filename configurable (#1776)
1.30
Changed:
* update acme.sh GitHub link to new repo URL (#1744)
1.29
Added:
* add support for CloudFlare token (#1625)
* add support for MailinaBox DNS API (#1531)
* add support for Plesk XML API (#1567)
* add support for Variomedia DNS API
Fixed:
* fix IPv6 support for "automatic port forward" validation method (#1590)
Changed:
* validate IPv4 and IPv6 addresses before using them for "automatic port forward"
* enable IPv6 support on local ACME webservice (when system.ipv6allow is enabled)
1.28
Changed:
* correct minor spelling error (#1628)
* log filename not compatible with new log view (#1593)
1.27
Added:
* add support for Loopia DNS API (#1529)
* automations can now restart Captive Portal or IPsec service after cert renewal (#1534)
* add support for 60+ DNS APIs through Lexicon (#1524)
Fixed:
* don't break accounts when switching between stg/prod Let's Encrypt environments (#1528)
Changed:
* add py-dns-lexicon as plugin dependency to support it in DNS-01 out-of-the-box
* support acme.sh debug log level 2 and 3 (#1546)
1.26
Added:
* new automation: support cert upload via sftp (#1455)
* add support for OPNsense's BIND plugin (#1491)
* add support for DNS alias mode (#1492, #1301)
Changed:
* add headers for certificate options for the sake of clarity
1.25
Added:
* add support for netcup DNS API (#1350)
Fixed:
* updating an existing cert in Highwinds API failed with a 404 error (wrong HTTP method)
Changed:
* fix "Use of undefined constant" PHP errors
* treat certificate serial number as string not as integer
* move "remove certificate" button to the end of the button list
1.24
Added:
* add support for Domain-Offensive LetsEncrypt API dns_doapi (#1294)
* add support for Namecheap API (dns_namecheap)
* add support for Google Cloud DNS API dns_gcloud (#549)
* run acme.sh --remove when a cert is removed from the GUI (#1380)
* add a new button to remove the private key (#990)
Fixed:
* certificate status not correctly updated (#1307)
Changed:
* add log message when certificate status is updated (refs #1307)
1.23
Fixed:
* renewal interval is ignored (#1221)
1.22
Added:
* support DNS-01 with hosting.de API (#1234)
Changed:
* streamline log messages, use "AcmeClient" instead of "LE"
1.21
Added:
* possible breaking change: the API endpoint to update individual certs/accounts/etc. has been renamed from "set" to "update"
Fixed:
* bulk deleting does not work (#1163)
Changed:
* migrate to mutable controller (required to fix #1163)
1.20
Added:
* new button to reset all acme states, useful after importing a config backup to a new installation (#243)
1.19
Added:
* new automation: automatically upload certificates to Highwinds CDN (proof-of-concept, support for other APIs possible)
Changed:
* rename "Restart Actions" to "Automation" (the old name has always been rather clumsy)
* change "Automation" position in Menu (it's optional, the new position reflects this)
1.18
Added:
* add support for GratisDNS.dk (#1042)
* add support for ACME DNS
1.17
Fixed:
* fix OCSP always enabled (#794)
* fix acme operations when using multiple accounts (#789)
1.16
Added:
* add support for OCSP Must Staple extension
Fixed:
* fix ecc certs renewal bug
1.15
Added:
* add support to multiple dns api providers (#712)
Changed:
* mask passwords by using password fields (#707)
1.14
Added:
* add support for ClouDNS (#574)
1.13
Added:
* update acme.sh to 2.7.5 (#418)
Changed:
* fix missing fields for several DNS providers (#481)
1.12
Added:
* compatibility with HAProxy plugin version 2.0 (refs #330)
Fixed:
* fix missing fields for Hurricane Electric (#334)
1.11
Fixed:
* add missing field for DuckDNS (#287)
1.9
Added:
* update acme.sh to version 2.7.2 (#210)
* add support for new DNS API hooks (#225)
Fixed:
* Rename Certificate "Name" to "Common Name" for better clarity (#214)
* Fix title in "Renew" and "Revoke" dialogs
* Add dependency to BIND to fix nsupdate support
* fix 'Compilation failed: number too big' (#227)
1.8
Added:
* drop bundled acme.sh in favour of the FreeBSD port
Fixed:
* rename validation method "OPNsense Port Forward" to "OPNsense Web Service" to make it more clear that we're using an internal web service
1.7
Fixed:
* fix $backend is not declared (#132)
* fix null exception in api
1.6
Fixed:
* fix broken translation strings
1.5
Fixed:
* try to solve disconnection issue (mostly during auto-renewal) (#109)
* try to fix "Node no longer exists"
1.4
Changed:
* rename label "Validation Method" to "Challenge Type"
1.3
Changed:
* remove support for custom restart actions (#100)
* avoid log message on missing restart action
* simplify JS code
1.2
Fixed:
* properly import CA certificates (#84)
* don't make sensitive data world-readable
Changed:
* hide params for restart actions when not selected
* remove prefixes from validation name
* hide http service entries when not selected
* log acme status for each cert
1.1
Added:
* add HAProxy integration
Fixed:
* avoid API exception when HAProxy integration is incomplete
* avoid error message if no restart action was specified
* do not run restart actions if cert was not changed
Changed:
* add hide() trickery to hide entries when not selected
* relax fields validation (#70)
1.0
Initial release (#6)