lua-resty-auto-ssl Files

Upgrade Notes

This version upgrades the bundled version of the dehydrated library to deal with recent redirect changes in the Let's Encrypt service. The issue could lead to certificate registration failures in dehydrated and quota exhaustion, so upgrading is recommended. See 4aed490 or https://community.letsencrypt.org/t/dehydrated-caused-rate-limits-to-be-reached/52477/2 for more details.

Added

• Allow for the Redis db number to be configured. Thanks to @RainFlying. (#103)
• Expose the storage adapter instance in the allow_domain callback so the Redis connection can be reused. (#38)
• Add generate_certs option to allow for disabling SSL certification generation within specific server blocks. Thanks to @mklauber. (#91, #92)
• Add json_adapter option for choosing a different JSON encoder/decoder library. Thanks to @meyskens. (#85, #84)

Changed

• Upgrade dehydrated to latest version from master to fix recent redirect changes in Let's Encrypt. The issue could lead to certificate registration failures in dehydrated and quota exhaustion. (4aed490)
• Make the renewal process more efficient so the dehydrated shell script is only executed when certificates are up for renewal (rather than every night). This can reduce CPU usage in environments with lots of certificates. Thanks to @brianlund. (#111, #110)
• Only call the allow_domain callback if a certificate is not present in shared memory. This may improve efficiency in cases where the allow_domain callback is more costly or takes longer. Thanks to @gohai. (#107)
• The internal APIs for storage:get_cert() and ssl_provider.issue_cert() has changed to return a single table of data instead of multiple values (so it's easier to pass along other metadata).

Deprecated

• If accessing the storage object off of the auto-ssl instance, use auto_ssl.storage instead of auto_ssl:get("storage").

Fixed

• Fix renewals when using the file adapter and too many certificate files were present for shell globbing (#109)