Update Info


Recommended update for dehydrated

Type: recommended
Severity: moderate
Issued: 2021-03-05
This update for dehydrated fixes the following issues:

- Clarified new default settings. KEY_ALGO=secp384r1. Please consult
  README.maintainer for details and how to return to RSA-based certificate
  issuance. (jsc#ECO-3435, jsc#SLE-15909)

- Added a note about ACMEv1 deprecation

- Added a note on new ACME providers and the new non-URL provider syntax
  See README.maintainer for details.

Update to dehydrated 0.7.0 (JSC#SLE-15909)

- Added

  - Support for external account bindings
  - Special support for ZeroSSL
  - Support presets for some CAs instead of requiring URLs
  - Allow requesting preferred chain (--preferred-chain)
  - Added method to show CAs current terms of service (--display-terms)
  - Allow setting path to domains.txt using cli arguments (--domains-txt)
  - Added new cli command --cleanupdelete which deletes old files instead of archiving them

- Fixed

  - No more silent failures on broken hook-scripts
  - Better error-handling with KEEP_GOING enabled
  - Check actual order status instead of assuming it's valid
  - Don't include keyAuthorization in challenge validation (RFC compliance)

- Changed

  - Using EC secp384r1 as default certificate type
  - Use JSON.sh to parse JSON
  - Use account URL instead of account ID (RFC compliance)
  - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
  - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
  - Cleanup now also removes dangling symlinks



  • dehydrated-0.7.0-11.1