- Raise an error when the HTTP challenge is nil (#71). Thanks @mashedkeyboard!
- Return the response body on a 403 Forbidden from Heroku, not that it's that useful.
- Relax
platform-apiversion requirements, as it works OK with v3 too.
- Include OpenSSL::SSL::SSLError as a valid error we retry for when waiting for the app to come back up.
- Fixed a typo that broke renewals with existing certificates.
Thanks to @mashedkeyboard for their work on ACME v2, saving registration, and DNS-based validation.
- BREAKING You must indicate your acceptance of Let's Encrypt's terms
and conditions by setting the
ACME_TERMS_AGREEDconfiguration variable. - BREAKING Removed
ACME_ENDPOINTenvironment variable reference. We never documented that we support alternative endpoints, and we never tested it, and the gem is called letsencrypt-rails-heroku, so let's not pretend. Please get in touch if you were using this configuration variable, we'd like to hear from you! Psst; you can still setacme_directorywhen configuring the gem in an initializer. - Use version 2 of the ACME API, paving the way for DNS validation.
- Save private key & key ID variables after registering with Let's Encrypt.
This will create two new permanent environment variables,
ACME_PRIVATE_KEYandACME_KEY_ID.
-
Update
rackandnokogiridependencies due to reported vulnerabilities in those libraries. Note that these don't affect letsencrypt-rails-heroku directly. CVE-2018-16471, CVE-2016-4658, CVE-2017-5029, CVE-2018-14404, CVE-2017-18258, CVE-2017-9050. -
Stop using jalada/platform-api because the newer version of the official version supports the API endpoints we need now.
- Support SSL Endpoint configuration, as well as the default SNI.
- 1.1.1 wasn't a correct fix for catching redirects during polling, this should work better!
- Increase challenge file poll wait time to 60 seconds to match Heroku's limit.
- Capture
OpenURI::HTTPRedirectexceptions when polling for challenge filename. Heroku apps configured for zero downtime will be able to respond straight away to the request, but will probably respond with a redirect if configured withforce_ssl. Closes issue #41.
- Make
ACME_DOMAINoptional by using the Heroku API to get a full list of configured domains for the app. Useful for apps with lots of domains. ConfiguringACME_DOMAINis still supported.
The major version bump reflects the backwards-incompatible change around how
errors are handled; abort vs. custom exception types.
Huge thanks to everyone that contributed to this release, either via raising issues or submitting pull requests.
-
Raise exceptions on errors, instead of just
aborting. This should help you catch when your certificate renewal fails, before it expires completely. Closes issue #21 and pull request #28. Thanks @abigailmcp! -
Wait up to 30 seconds for LetsEncrypt to verify a domain challenge. Closes issue #6 and pull requests #30, #25 and #7. Thanks @abigailmcp!
-
Attempt to fetch the challenge URL for up to 30 seconds before giving up. Closes issue #9 and pull request #28. Thanks @abigailmcp!
- Remove some Rails-specific methods and code to allow the gem to be used (with some extra steps) by non-Rails applications like Sinatra. Closes issue #14 and pull request #15, thanks @cbetta!
- Add more details of the error returned by LetsEncrypt when a challenge fails. Closes pull request #2, thanks @fjg!
- Verify multiple domains individually, fixing support for multiple domains. Closes issue #1, thanks @richardvenneman!