Arjan H
37dd9184a7
Bump boulder version to v0.20251216.0
2025-12-27 16:40:48 +01:00
Arjan H
78b63c2b9b
Bump boulder version to v0.20251110.0
2025-11-14 15:09:09 +01:00
Arjan H
e808b18d2a
Bump boulder version to v0.20251021.0
2025-11-09 17:03:16 +01:00
Arjan H
bed2da3c2b
Bump boulder version to v0.20250908.0
2025-09-09 18:24:10 +02:00
Arjan H
fd44d68df3
Allow non-self-signed CA certificate as 'root' ( #160 , #196 )
...
This allows using a sub-CA of an offline / external root CA to be used
as the root CA in LabCA.
2025-09-07 16:53:01 +02:00
Arjan H
c23a8762aa
Bump boulder version to v0.20250902.0
2025-09-06 12:39:43 +02:00
Arjan H
73fb58a13d
Bump boulder version to v0.20250728.0
2025-08-05 19:35:09 +02:00
Arjan H
d7740109a2
Fix redis certificate after IP range changed
2025-07-14 08:15:49 +02:00
Arjan H
1a5050b3b0
Bump boulder version to v0.20250707.0
2025-07-12 20:25:18 +02:00
Arjan H
0febdd24e6
Bump boulder version to release-2025-05-27
2025-05-31 12:29:07 +02:00
Arjan H
46a94695db
Fix check in bad-key-revoker to skip SMTP TLS verification ( #171 )
2025-04-03 19:50:18 +02:00
Arjan H
ad804b89f4
Fix previous CRL check when renewing CRL ( #169 )
...
Remove the 'No previous CRL found for ...' message
2025-03-25 19:53:18 +01:00
Arjan H
82f4cf9721
Prevent huge MySQL slow queries log file ( #168 )
...
No longer write slow queries to the log file, plus cleanup existing
log files from the install script.
2025-03-21 20:55:14 +01:00
Arjan H
c077f642d0
Use latest tag for nginx docker image
2025-03-20 20:02:44 +01:00
Arjan H
7d518d7ea4
Bump boulder version to release-2025-03-18
2025-03-20 19:57:14 +01:00
Arjan H
407a08a1a3
Bump boulder version to release-2025-03-10
2025-03-13 21:20:26 +01:00
Arjan H
adeb9d97da
Fix restart policy on bredis and bpkilint containers ( #162 )
2025-03-06 20:10:35 +01:00
Arjan H
8b7f5145a8
Fix CRL shard detection when revoking certs ( #158 )
...
Also fix admin.boulder ipki cert for older installations that only still
have admin-revoker.boulder ipki cert
2025-03-04 21:45:47 +01:00
Arjan H
57a2da41b9
Bump boulder version to release-2025-02-14
2025-02-22 09:50:37 +01:00
Arjan H
6f66bc73ac
Fix issuer and CRL URLs in certificates
2025-02-16 17:08:44 +01:00
Arjan H
9bad889fab
Use redis for OCSP as well, in different database number
2025-02-16 16:25:27 +01:00
Arjan H
f14a2636c5
Bump boulder version to release-2025-02-04; add redis container
...
Let's Encrypt has changed the rate limiter to require redis, so we can
no longer remove it from the docker compose filei completely. But at
least we can run it once instead of four instances.
2025-02-10 19:38:38 +01:00
Arjan H
de026c3086
Mount nginx data in consistent location; fix dependencies
2025-02-01 09:14:57 +01:00
Arjan H
6d72d32398
Use ceremony tool for generating keys and certs; store keys on SoftHSM
...
Replace openssl certificate / CRL generation with the tool as used by
Let's Encrypt, storing the keys on SoftHSMv2, a simulated HSM (Hardware
Security Module).
Include migration of old setups where key files were also stored on
disk.
2025-01-31 20:44:48 +01:00
Arjan H
8852d49425
Remove unnecessary make that causes an issue ( #138 )
2025-01-19 21:31:42 +01:00
Arjan H
131b8d3505
Fix new(ish) db migration and add check
2025-01-18 19:49:20 +01:00
Arjan H
3116c85c2c
Bump boulder version to release-2025-01-06
2025-01-12 11:43:41 +01:00
Arjan H
2cb4d797ec
Temporarily issue both ECDSA and RSA from same issuer ( #138 #144 #150 )
...
The official Let's Encrypt boulder code only issues RSA certificates
from RSA issuer certificates and only ECDSA certificates from an ECDSA
issuer CA. Many people are having issues with this in LabCA.
Until we have the option for multiple issuers per root CA and/or
multiple CA chains in the GUI of LabCA, use the single issuer CA for
both key types.
2025-01-12 10:30:36 +01:00
Arjan H
2898694cb2
Bump nginx from 1.27.1 to 1.27.3
2024-12-14 09:39:28 +01:00
Arjan H
120048ff30
Bump boulder version to release-2024-12-10
2024-12-13 18:00:40 +01:00
Arjan H
4c842e8977
Bump boulder version to release-2024-10-28
2024-11-01 19:09:54 +01:00
Arjan H
295cd00011
SMTP server can now use LabCA issued certificate ( #139 )
...
LabCA can optionally be configured to send emails. Until now it was only possible to send to SMTP
servers that use a certificate signed by a public root CA (e.g. gmail). Now this can also be an
internal server using a LabCA issued certificate, or you can skip TLS verification completely.
2024-09-28 16:00:21 +02:00
Arjan H
514c9116dc
Bump nginx from 1.26.0 to 1.27.1
2024-09-13 07:44:45 +02:00
Arjan H
5986ef4e7c
Remove bsetup container completely ( #138 )
2024-09-13 07:41:38 +02:00
Arjan H
cab022a4c8
Bump boulder version to release-2024-08-30a
2024-08-31 16:04:55 +02:00
Arjan H
cab563d1d7
Bump boulder version to release-2024-07-29
2024-08-30 16:31:07 +02:00
Arjan H
575f738443
Bump boulder version to release-2024-07-10
2024-08-29 18:54:36 +02:00
Arjan H
18b53030a1
Bump boulder version to release-2024-06-10
2024-08-26 20:16:12 +02:00
Arjan H
ddbaa63b5b
Bump boulder version to release-2024-05-20
2024-08-24 15:15:21 +02:00
Arjan H
4eb3ad877c
Bump boulder version to release-2024-05-06
2024-07-02 19:47:47 +02:00
Arjan H
1cc836f575
Bump nginx from 1.25.4 to 1.26.0
2024-05-05 10:04:57 +02:00
Arjan H
5d27e00fa4
Bump boulder version to release-2024-04-30
2024-05-04 21:26:13 +02:00
Arjan H
8b116d08e2
Bump boulder version to release-2024-04-08
2024-04-09 21:00:36 +02:00
Arjan H
5c41c8eff9
Remove now obsolete version attribute from docker-compose.yml
2024-04-07 14:12:39 +02:00
Arjan H
cbe2f4089c
Bump boulder version to release-2024-04-01
2024-04-07 13:47:10 +02:00
Arjan H
df520e64f7
Bump boulder version to release-2024-02-26
2024-03-03 11:41:24 +01:00
Arjan H
5c28148a98
Bump nginx from 1.25.3 to 1.25.4
2024-02-23 20:31:59 +01:00
Arjan H
df3d112d42
Bump boulder version to release-2024-02-20
2024-02-23 20:18:53 +01:00
Arjan H
98871cd6e7
Suppress 'must end in IANA registered TLD' error on renewal ( #114 )
...
When using whitelist/lockdown domains, also accept them in va.extractRequestTarget().
Apparently that method only gets used on renewal but not during the original request?
2024-02-23 17:52:38 +01:00
Arjan H
e88b72bb2f
Bump boulder version to release-2024-02-06
2024-02-06 20:25:29 +01:00
