A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.
Identical to v2.5.0
Full Changelog: https://github.com/letsencrypt/pebble/compare/v2.4.0...v2.5.0
Our heartfelt thanks to @ldez, @alexzorin, @szepeviktor, @cpu, and @meyskens for their contributions to this release.
SERVFAIL
responses for a hostname.pebble-challtestsrv
's mock CNAME delete API is fixed to remove the CNAME mock record instead of the CAA mock record for the given hostname.PEBBLE_ALTERNATE_ROOTS
intermediate certificates to have the same subject, matching the issuer of issued leaf certificate's.badCSR
type problem. See RFC 8555 §11.1.443
).14000
and 15000
) are now marked exposed in Dockerfile metadata.golangci-lint
v1.21.0PEBBLE_WFE_ORDERS_PER_PAGE
env var can be used to control the account orders list endpoint's pagination. By default up to 15 order URLs are returned per response."externalAccountBindingRequired"
config file boolean field can be used to control whether all newAccount
requests must use external account binding."externalAccountMACKeys"
config file key/value object field can be used to specify external account binding key IDs and encoded MAC keys See test/config/pebble-config-external-account-binding.json
for an example.Heartfelt thanks to @felixfontein, @sergioaugrod, @0pq76r, @Drakezul, @JoshVanL and @munnerz for their contributions to this release.
The previous v2.2.0 release mistakenly tagged the same commit as v2.1.0. Apologies for the mistake. This v2.2.1 release fixes this issue and should be used in its place.
Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for their contributions to this release.
Pebble v2.2.0 was mistakenly tagged at the same commit as Pebble v2.1.0.
Please disregard this release and use v2.2.1. We leave this tag in place for immutability sake. Apologies for the inconvenience.
features:
misc:
bug-fixes:
pebble-challtestsrv
. Thanks to @ryansouza for implementing!