On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
This version upgrades the bundled version of the dehydrated library to fix certificate registration due to recent changes in the Let's Encrypt service. It also brings support for ACMEv2 which will be required for new account registration in November. Upgrading is recommended or certificate registration and renewal may fail. See #192, #189 for more details.
ssl_options
and renewal
arguments to the allow_domain
callback. Thanks to @gohai. (#123, #176)allow_domain
callback) on renewals. Thanks to @yveslaroche. (#176)This version upgrades the bundled version of the dehydrated library to deal with recent redirect changes in the Let's Encrypt service. The issue could lead to certificate registration failures in dehydrated and quota exhaustion, so upgrading is recommended. See 4aed490 or https://community.letsencrypt.org/t/dehydrated-caused-rate-limits-to-be-reached/52477/2 for more details.
db
number to be configured. Thanks to @RainFlying. (#103)allow_domain
callback so the Redis connection can be reused. (#38)generate_certs
option to allow for disabling SSL certification generation within specific server blocks. Thanks to @mklauber. (#91, #92)json_adapter
option for choosing a different JSON encoder/decoder library. Thanks to @meyskens. (#85, #84)allow_domain
callback if a certificate is not present in shared memory. This may improve efficiency in cases where the allow_domain
callback is more costly or takes longer. Thanks to @gohai. (#107)storage:get_cert()
and ssl_provider.issue_cert()
has changed to return a single table of data instead of multiple values (so it's easier to pass along other metadata).auto_ssl.storage
instead of auto_ssl:get("storage")
.This update mostly fixes bugs related to edge-case situations, so upgrading is recommended. However, it requires a couple of small adjustments to your nginx configuration, so if you're upgrading, be sure to make the following changes:
Add this line to nginx's http
block:
lua_shared_dict auto_ssl_settings 64k;
(This is in addition to the existing lua_shared_dict auto_ssl
you should already have.)
Add these 2 lines to the server
block that is listening on port 8999:
client_body_buffer_size 128k;
client_max_body_size 128k;
See the README for a full example of the updated config.
lua_shared_dict
ran out of memory that could lead to sockproc trying to be started twice. (#76)