apache

www/apache

Fork 0

mirror of https://github.com/apache/httpd.git synced 2025-09-11 09:30:48 +03:00

Commit Graph

Author	SHA1	Message	Date
Stefan Eissing	77c96847ce	*) mod_md: Adding the several new features. The module offers an implementation of OCSP Stapling that can replace fully or for a limited set of domains the existing one from mod_ssl. OCSP handling is part of mod_md's monitoring and message notifications. If can be used for sites that do not have ACME certificates. The url for a CTLog Monitor can be configured. It is used in the server-status to link to the external status page of a certicate. The MDMessageCmd is called with argument "installed" when a new certificate has been activated on server restart/reload. This allows for processing of the new certificate, for example to applications that require it in different locations or formats. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868506 13f79535-47bb-0310-9956-ffa450edef68	2019-10-16 12:31:43 +00:00
Stefan Eissing	2498e69562	*) mod_md: bringing over v2.0.6 from github. - supports the ACMEv2 protocol - supports the new challenge method 'tls-alpn-01' - supports command configuration to setup/teardown 'dns-01' challenges - supports wildcard certificates when dns challenges are configured - ACMEv2 is the new default and will be used on the next certificate renewal, unless another MDCertificateAuthority is configured - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer - a domain exposes its status at https://<domain>/.httpd/certificate-status - Managed Domains are now in Apache's 'server-status' page - A new handler 'md-status' exposes verbose status information in JSON format - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a Managed Domain that uses static files. Auto-renewal is turned off for those. - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and 'errored'. New 'MDWarnWindow' directive to configure when expiration warnings shall be issued. - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see announcement by Let's Encrypt: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862013 13f79535-47bb-0310-9956-ffa450edef68	2019-06-24 16:04:32 +00:00

Author

SHA1

Message

Date

Stefan Eissing

77c96847ce

*) mod_md: Adding the several new features.

The module offers an implementation of OCSP Stapling that can replace fully or
     for a limited set of domains the existing one from mod_ssl. OCSP handling
     is part of mod_md's monitoring and message notifications. If can be used
     for sites that do not have ACME certificates.
     The url for a CTLog Monitor can be configured. It is used in the server-status
     to link to the external status page of a certicate.
     The MDMessageCmd is called with argument "installed" when a new certificate
     has been activated on server restart/reload. This allows for processing of
     the new certificate, for example to applications that require it in different
     locations or formats.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868506 13f79535-47bb-0310-9956-ffa450edef68

2019-10-16 12:31:43 +00:00

Stefan Eissing

2498e69562

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol
     - supports the new challenge method 'tls-alpn-01' 
     - supports command configuration to setup/teardown 'dns-01' challenges
     - supports wildcard certificates when dns challenges are configured
     - ACMEv2 is the new default and will be used on the next certificate renewal,
       unless another MDCertificateAuthority is configured
     - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer
     - a domain exposes its status at https://<domain>/.httpd/certificate-status
     - Managed Domains are now in Apache's 'server-status' page
     - A new handler 'md-status' exposes verbose status information in JSON format
     - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a
       Managed Domain that uses static files. Auto-renewal is turned off for those.
     - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and
       'errored'. New 'MDWarnWindow' directive to configure when expiration warnings
       shall be issued.
     - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see
       announcement by Let's Encrypt: 
       https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862013 13f79535-47bb-0310-9956-ffa450edef68

2019-06-24 16:04:32 +00:00

2 Commits