v2.0 released

Les données de publications de cet article sont disponibles dans le code source de la page (voire les balises <meta>).
Si vous activez le moteur JavaScript de votre navigateur web, elles seront affichées ici.

Introduction

As announced last March, I've released the v2 branch in the master branch.

If you want to continue to use the older Let's Encrypt API, please don't follow master branch, but be sure to use the tags v1.*.

Note, I won't continue development of this version, as the ACME current draft allows to run wildcard requests and the developments made for the v2 branches have almost changed all the code.

I wanted to take the oportunity too to thanks Gigadoc2 for its two interesting requests: the --csr command line option and the finer grained DNS policy update by use of CNAME.

Release notes

News with the v2 release, the acme-dns-tiny code :

is only compatible with ACME RFC draft-09 (the one currently used by Let's Encrypt API v2)
can now requests for wildcard certificates (due to the use of the new API)
has replaced the CheckChallengeDelay option by a TTL one. This one is used when installing TXT records on your server and is used too to delay the challenge check (defaulted to 10 seconds)
contact options have been simplified to follow the draft-09 recommendation (there's only one variable using URI list)
has now a --verbose command argument to have a little bit more output

Please see the new example.ini file to retrieve all changes on the options.

Note, that the other tools which allow you to deactivate an ACME account and to rollover keys have been updated too to use the new API.

Some extra options has been added for advanced users:

For those who need to install exactly same configuration file on multiple servers, you can use the --csr command argument to specify the CSR file path (which is the unique option which will be different in that case)
If you installed a CNAME on domains prefixed by _acme-challenge, it will be followed to install the TXT records on the alias instead (note, it won't follow a chain of CNAME, just one alias as the project don't use a recursive DNS tool). That allows you to configure TSIG keys on a different zone and have more precise DNS update policy.