- Use post-as-get
- Remove deprecated keyAuthorization
- Add an option to retry bad nonce errors
- Do not try to set the body on GET request
- Fix constant lookup on InvalidDirectory
- Forward connection options when fetching nonce
- Fix splats without parenthesis warning
- Properly require URI
- Release of the
ACMEv2
branch
- Development for
ACMEv1
moved into1.0.x
- Handle Faraday::ConnectionFailed errors as Timeout error.
- Do not cache error type
- Fix typo in ECDSA curves
- Support external account keys
- Release script fixes.
- Enable ECDSA certificates
- Build release script
- Fix acme error names
- ASN1 parsing improvements
- Set serial number of self-signed certificate
- Allow access to
Acme::Client#endpoint
andAcme::Client#directory_uri
- Add
Acme::Client#fetch_authorization
- Setup cyclic dependency between challenges and their authorization for easier access of either with the other.
- Drop
Acme::Client#challenge_from_hash
andAcme::Client::Resources::Challenges::Base#to_h
in favor of the new API. - Delegate
Acme::Client::Resources::Challenges::Base#verify_status
toAcme::Client::Resources::Authorization#verify_status
and make it update existing challenge objects. This makes it so that whichever is called, the correct status is reflected everywhere. - Add
Authorization#verify_status
- Recent versions of boulder will no longer process a challenge if the associated authorization is already valid, that is another challenge was previously solved. This means we need to allow people to poll on the authorizations status rather than the challenge status so they don't have to poll on the status of all challenges of an authorization all the time. See https://community.letsencrypt.org/t/upcoming-change-valid-authz-reuse/16982 and letsencrypt/boulder#2057
- Set the X509 version of the self-signed certificate
- Fix requiring of time standard library
- Drop json-jwt dependency, implement JWS on our own
- Drop ActiveSupport dependency
- Simplify internal
require
statements - Fix usage of json-jwt return value
- Remove usage of deprecated
qualified_const_defined?
- Add user agent to upstream calls
- Fix gem requiring
- Set CSR version
- Handle non-json errors better
- Handle non protocol related server error
- Make
Acme::Client#challenge_from_hash
more strict with the arguments it receives
- Add new
unsupportedIdentifier
error from acme protocol
- Adds
rejectedIdentifier
error - Adds
RateLimited
error class - Clean up gem loading
- Make client connection options configurable
- Add URL to certificate
- Add ability to serialize challenges
- Use ISO8601 format for time parsing
- Expose the authorization expiration timestamp. The ACME server returns an optional timestamp that signifies the expiration date of the domain authorization challenge. The time format is RFC3339 and can be parsed by Time#parse. See: https://letsencrypt.github.io/acme-spec/ Section 5.3 - expires
- Update dns-01 record content to comply with ACME spec
- Fix
SelfSignCertificate#default_not_before
- Support tls-sni-01
- Support certificate revocation
- Move everything under the
Acme::Client
namespace - Improved errors