Commit 836b55d1 authored by Adrien Dorsaz's avatar Adrien Dorsaz
Browse files

add CHANGELOG which contains same information than git tags

parent 587d41ea
# [v2.4]( on 2021-10-01
Feature fixed on v2.4:
* correctly retrieve account information when it was already registred (afb7e988)
* when DNS Host configuration is an IP address, use it correctly as name server (2776348a)
* improve code stability by following hints from [pyright](
(raises more explicit errors, fix function return type...)
Continuous Integration:
* Remove tests for Debian Jessie and add tests for Debian Bullseye (a745e655)
* Validate all tests with the [pebble]( tiny ACME server
* Move documentation from wiki to [`/documentations`](./documentations) directory so we can always synchronize it with code
# [v2.3]( on 2019-06-07
Feature fixed on v2.3:
* fix compatibility with dnspython 2.0 (#11)
* fix issue when trying to apply DNS update on secondary server (thanks Sebastian Koechlin)
* fix debug message when CNAME was not found
* fix test chain assertion (a chain contains more than 1 certificate)
Feature added:
* skip already validated authorization challenge
Continuous Integration improvement:
* Debian Stretch tests were using Debian Jessie image
* Enable Docker build uses [BUILDKIT](
and the `overlay2` filesystem driver
* the .gitignore file has been simplified
# [v2.2]( on 2020-06-14
Some bug fixes, code style following pep8 and updated Continuous Integration stages
* more robust search of the domain name in the Subject field of the CSR (thanks [MatthaeusHarris](
* fixed a bug which required Contact to be filled (thanks [adrium](
* fixed forgotten format for log message (thanks [nurelin](
* support of CSR with SAN extension marked as critical (#9)
* code style updated to follow the python recommendations
* simplified regexp used to read the account key (#10)
* new Gitlab Continuous Integration configuration to build automatically docker images to run tests with always updated Debian Docker image (including Jessie, Stretch and Buster releases)
# [v2.1]( on 2018-12-09
A general rework of code has been made to be compatible with the latest ACME draft 16 (v2.0 of acme-dns-tiny was based on draft 9).
First, unit tests now creates one account key by configuration sample, they correctly create and remove temporary files, and they read the `GITLABCI_CONTACT` environment variable.
Then, tools created from acme-dns-tiny has been updated too: key rollover has been redesigned completely by the RFC and it has been updated to be compatible with latest acme-dns-tiny style. Style of account deactivation has been updated too.
Finally, acme-dns-tiny itself had a lot of improvements:
* Use standard Python3 doc strings instead of comments
* Simplify returns of the `_send_signed_request` internal function to take advantage of the `requests` module
* `_send_signed_request` is able to launch `POST-as-GET` authenticated requests as defined in recent RFC drafts
* Config file now read the `CertificateFormat` key: it allows you, if needed, to ask for a specific chain file format instead of the default `application/pem-certificate-chain` as defined in the RFC.
* Example config file now avoid to define optional keys, it only give documentation
* In the `CSR` file, the `CN` value can be anywhere in the `Subject` string
* If the `order` is already `ready` on the ACME server side, acme-dns-tiny doesn't run full process, but just ask the certificate chain.
# [v2.0]( on 2018-05-02
** This release is only compatible with Let's Encrypt V2 API which is based on the 9th draft of ACME RFC. **
News with the v2 release, the acme-dns-tiny code :
* is only compatible with ACME RFC draft-09 (the one currently used by Let's Encrypt API v2)
* can now requests for wildcard certificates (due to the use of the new API)
* has replaced the `CheckChallengeDelay` option by a `TTL` one. This one is used when installing TXT records on your server and is used too to delay the challenge check (defaulted to 10 seconds)
* contact options have been simplified to follow the draft-09 recommendation (there's only one variable using URI list)
* has now a `--verbose` command argument to have a little bit more output
Please see the new `example.ini` file to retrieve all changes on the options.
Note, that the other tools which allows you to deactivate an ACME account and to rollover keys have been updated too to use the new API.
Some extra options has been added for advanced users:
* For those who need to install exactly same configuration file on multiple servers, you can use the `--csr` command argument to specify the CSR file path (which is the unique option which will be different in that case)
* If you installed a CNAME on domains prefixed by `_acme-challenge`, it will be followed to install the TXT records on the alias instead (note, it won't follow a chain of CNAME, just one alias as the project don't use a recursive DNS tool). That allows you to configure TSIG keys on a different zone and have more precise DNS update policy.
# [v1.5]( on 2017-04-07
A bit of code rework to be more clear, simpler unit tests and support for Windows end of lines
(not tested on this OS, feedbacks are welcome !)
# [v1.4]( on 2017-02-28
* Use Nonce received in latest ACME server response if available
* Added a script to implement account key rollover
* Moved aside the script used to delete account key
# [v1.3]( on 2016-10-27
Use of ACME Directory and automatic update agreement to terms of service
* Update main script to:
* Use the ACME directory to retrieve correct URLs from the ACME servers
* Be able to update account informations (contact information and agreed terms of service)
* Read terms of service links from either the ACME directory or account informations
* Automatically update terms of service agreement with latest changes (user have to stay informed about the updates himself)
* Fix HTTP errors handling
* Update configuration to:
* Configure ACME directory instead of CAUrl
* Allow to specify contact informations (email and phone number ; beware that Let's Encrypt servers don't allow phones)
* Update tests to:
* Correctly setup before running tests without using global variable
* Correctly clean setup after running tests (correctly remove ACME account and close temporary files)
* Update requirements to latest dnspython release (as release 1.15 has fixed the dns updates issue)
* Update account delete script (you can find it in /tests/) according to updates of the main script
# [v1.2]( on 2016-08-24
* Add tests to cover more code
* Clean a bit info messages
* Fix typos
# [v1.1]( on 2016-08-16
* Update README links
# [v1.0]( on 2016-08-16
* First release of acme-dns-tiny.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment