- drop support for Elixir < v1.16
- allow all
Logger.levels()
in:log_level
option
Breaking: changed the endpoint setup. Previously the client code had to configure https via the Phoenix.Endpoint.init/2
callback. However, this callback is deprecated in the latest Phoenix, which now favours passing endpoint options via an argument to start_link/1
(or child_spec/1
). This style was previously not supported by site_encrypt.
So to make all of this work, the setup flow has been changed and simplified. To upgrade from the previous version you need to do the following:
- Remove
use SiteEncrypt.Phoenix
from the endpoint module. - Replace
use Phoenix.Endpoint
withuse SiteEncrypt.Phoenix.Endpoint
. Keep the:otp_app
option. - Remove invocation of
SiteEncrypt.Phoenix.configure_https/1
from your endpoint'sinit/1
. - In the parent supervisor children list, replace the child
{SiteEncrypt.Phoenix, MyEndpoint}
withMyEndpoint
.
Note that init/1
callback is deprecated. To specify endpoint config at runtime, you can use the spec {MyEndpoint, endpoint_config}
. Alternatively, you can override the child_spec/1
function in the endpoint module:
# in your endpoint module
defoverridable child_spec: 1
def child_spec(_arg) do
endpoint_config = [
http: [...],
https: [...],
...
]
super(endpoint_config)
end
- Support bandit 1.x
- added
SiteEncrypt.refresh_config/1
- added the support for bandit web server
- correctly handle relative paths
- use dialyxir only on dev
This version upgrades to the Parent 0.11 and changes the internals. Strictly speaking this version doesn't change anything, so it could have been a patch update. However, moving to Parent 0.11 might introduce breaking changes in the client code, so the major version is bumped.
- Fixes invalid dependency requirement.
- Exposed lower-level ACME client API functions through
SiteEncrypt.Acme.Client
andSiteEncrypt.Acme.Client.API
. - Native client keeps the history of old keys.
- Key size is configurable, with the default of 4096.
- Added support for manual production testing through
SiteEncrypt.dry_certify/2
. See "Testing in production" section in readme for details. - Renewal happens at a random time of day to avoid possible spikes on CA.
- The internal folders structure has been changed. If you're running a site_encrypt system in production and using the certbot client, you need to create the folder
acme-v02.api.letsencrypt.org
(assuming you're using Let's Encrypt production) underdb_folder/certbot
, and then recursively copy the contents ofdb_folder/certbot
into the new folder. If you're using the native client, you don't need to do anything.
-
The interface for writing tests has been changed. A certification test should now be written as
defmodule MyEndpoint.CertificationTest do use ExUnit.Case, async: false import SiteEncrypt.Phoenix.Test test "certification" do clean_restart(MyEndpoint) cert = get_cert(MyEndpoint) assert cert.domains == ~w/mysite.com www.mysite.com/ end end
- added a basic native ACME client
- simplified interface
- improved tests
- expanded docs
This version introduces many breaking changes. If you've been using a pre 0.1 version, here's how to upgrade your project:
- In your endpoint, replace
@behaviour SiteEncrypt
withuse SiteEncrypt.Phoenix
- Also in the endpoint, change the
certification/0
callback to pass the options toSiteEncrypt.configure/1
instead of just returning them. - Changes in options:
:mode
is no longer supported. Manual mode will be automatically set in tests.- use
:domains
instead of:domain
and:extra_domain
:ca_url
has been renamed todirectory_url
:email
has been renamed toemails
and must be a list:base_folder
has been renamed to:db_folder
:cert_folder
is no longer supported. It will chosen automatically inside the:db_folder
- The internal folders structure has been changed. If you're running a site_encrypt system in production, you need to create the folder called
certbot
inside the:db_folder
, and recurisvely copy top-level folders under:db_folder
into the newly createdcertbot
folder. - If you have been using
SiteEncrypt.Phoenix.Test.verify_certification
for certification testing, drop that test, and add the following module somewhere in your test suite:defmodule CertificationTest do use SiteEncrypt.Phoenix.Test, endpoint: MyEndpoint end