diff options
Diffstat (limited to 'nixos/doc/manual')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index fc301aecbb97e..106612d059532 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -655,6 +655,21 @@ auth required pam_succeed_if.so uid >= 1000 quiet now uses the short rather than full version string. </para> </listitem> + <listitem> + <para> + The ACME module has switched from simp-le to <link xlink:href="https://github.com/go-acme/lego">lego</link> + which allows us to support DNS-01 challenges and wildcard certificates. The following options have been added: + <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsProvider</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.credentialsFile</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsPropagationCheck</link>. + As well as this, the options <literal>security.acme.acceptTerms</literal> and either + <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> + must be set in order to use the ACME module. + Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are + preserved and thus it is possible to roll back to previous versions without breaking certificate + generation. + </listitem> <listitem> <para> It is now possible to unlock LUKS-Encrypted file systems using a FIDO2 token |