diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2020-02-09 15:59:03 +0000 |
---|---|---|
committer | Lucas Savva <lucas@m1cr0man.com> | 2020-02-09 15:59:03 +0000 |
commit | d8e697b4fcfd929d05221ac3e67b9c04ac69df86 (patch) | |
tree | fecb9a4a0330f0edd4b67ec028df1a0181f2a336 /nixos/doc | |
parent | 636eb23157554af622f087f04ef0566853473d7a (diff) |
nixos/acme: update release notes for 20.03
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index 51f91268eff06..37ac4ec028810 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -441,6 +441,22 @@ users.users.me = now uses the short rather than full version string. </para> </listitem> + <listitem> + <para> + The ACME module has switched from simp-le to <link xlink:href="https://github.com/go-acme/lego">lego</link> + which allows us to support DNS-01 challenges and wildcard certificates. The following options have been added: + <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsProvider</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.credentialsFile</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsPropagationCheck</link>. + As well as this, the options <literal>security.acme.acceptTerms</literal> and either + <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> + must be set in order to use the ACME module. + Certificates will be regenerated from new on the next renewal date. The credentials for simp-le are + preserved and thus it is possible to roll back to previous versions without breaking certificate + generation. + </para> + </listitem> </itemizedlist> </section> </section> |