- Fix bug where depending on call order
jwsget generated with the wrongkid
- Refactor Directory
- Fix an issue where the client would crash when ACME provider return nonce for directory endpoint
- Also pass connection_options to Faraday for Client#get_nonce
- Fix Faraday HTTP exceptions leaking out, always raise
Acme::Client::Errorinstead
- Add support for External Account Binding
- Update test matrix to current Ruby versions (2.7 to 3.2)
- Support for Faraday retry 2.x
- Add support for error code
AlreadyRevokedandBadPublicKey
- Support for Faraday 1.0 / 2.0
- Support for Ruby 3.0 and Faraday 0.17.x
- Raise when directory is rate limited
- Add support for the keyChange endpoint
https://tools.ietf.org/html/rfc8555#section-7.3.5
- Add support for alternate certificate chain
- Change
Linkheaders parsing to return array of value. This add support multiple entries at the samerel
- Allow Faraday up to
< 2.0
- Use post-as-get
- Remove deprecated keyAuthorization
- Add an option to retry bad nonce errors
- Do not try to set the body on GET request
- Fix constant lookup on InvalidDirectory
- Forward connection options when fetching nonce
- Fix splats without parenthesis warning
- Properly require URI
- Release of the
ACMEv2branch
- Development for
ACMEv1moved into1.0.x
- Handle Faraday::ConnectionFailed errors as Timeout error.
- Do not cache error type
- Fix typo in ECDSA curves
- Support external account keys
- Release script fixes.
- Enable ECDSA certificates
- Build release script
- Fix acme error names
- ASN1 parsing improvements
- Set serial number of self-signed certificate
- Allow access to
Acme::Client#endpointandAcme::Client#directory_uri - Add
Acme::Client#fetch_authorization - Setup cyclic dependency between challenges and their authorization for easier access of either with the other.
- Drop
Acme::Client#challenge_from_hashandAcme::Client::Resources::Challenges::Base#to_hin favor of the new API. - Delegate
Acme::Client::Resources::Challenges::Base#verify_statustoAcme::Client::Resources::Authorization#verify_statusand make it update existing challenge objects. This makes it so that whichever is called, the correct status is reflected everywhere. - Add
Authorization#verify_status- Recent versions of boulder will no longer process a challenge if the associated authorization is already valid, that is another challenge was previously solved. This means we need to allow people to poll on the authorizations status rather than the challenge status so they don't have to poll on the status of all challenges of an authorization all the time. See https://community.letsencrypt.org/t/upcoming-change-valid-authz-reuse/16982 and letsencrypt/boulder#2057
- Set the X509 version of the self-signed certificate
- Fix requiring of time standard library
- Drop json-jwt dependency, implement JWS on our own
- Drop ActiveSupport dependency
- Simplify internal
requirestatements - Fix usage of json-jwt return value
- Remove usage of deprecated
qualified_const_defined? - Add user agent to upstream calls
- Fix gem requiring
- Set CSR version
- Handle non-json errors better
- Handle non protocol related server error
- Make
Acme::Client#challenge_from_hashmore strict with the arguments it receives
- Add new
unsupportedIdentifiererror from acme protocol
- Adds
rejectedIdentifiererror - Adds
RateLimitederror class - Clean up gem loading
- Make client connection options configurable
- Add URL to certificate
- Add ability to serialize challenges
- Use ISO8601 format for time parsing
- Expose the authorization expiration timestamp. The ACME server returns an optional timestamp that signifies the expiration date of the domain authorization challenge. The time format is RFC3339 and can be parsed by Time#parse. See: https://letsencrypt.github.io/acme-spec/ Section 5.3 - expires
- Update dns-01 record content to comply with ACME spec
- Fix
SelfSignCertificate#default_not_before
- Support tls-sni-01
- Support certificate revocation
- Move everything under the
Acme::Clientnamespace - Improved errors