diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2105.xml')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2105.xml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index 12a9ae2f44ea8..489d74e1aef19 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -804,6 +804,16 @@ environment.systemPackages = [ the deprecated <option>services.radicale.config</option> is used. </para> </listitem> + <listitem> + <para> + In the <option>security.acme</option> module, use of <literal>--reuse-key</literal> + parameter for Lego has been removed. It was introduced for HKPK, but this security + feature is now deprecated. It is a better security practice to rotate key pairs + instead of always keeping the same. If you need to keep this parameter, you can add + it back using <literal>extraLegoRenewFlags</literal> as an option for the + appropriate certificate. + </para> + </listitem> </itemizedlist> </section> |