diff options
-rw-r--r-- | docs/manual/convenience.map | 2 | ||||
-rw-r--r-- | docs/manual/mod/mod_authz_dbd.html.en | 2 | ||||
-rw-r--r-- | docs/manual/mod/mod_md.html.en | 74 | ||||
-rw-r--r-- | docs/manual/rewrite/flags.html.en | 3 | ||||
-rw-r--r-- | include/ap_release.h | 2 |
5 files changed, 68 insertions, 15 deletions
diff --git a/docs/manual/convenience.map b/docs/manual/convenience.map index 19befc854a..93d3f44f65 100644 --- a/docs/manual/convenience.map +++ b/docs/manual/convenience.map @@ -410,6 +410,8 @@ mdprivatekeys mod/mod_md.html#mdprivatekeys mdrenewmode mod/mod_md.html#mdrenewmode mdrenewwindow mod/mod_md.html#mdrenewwindow mdrequirehttps mod/mod_md.html#mdrequirehttps +mdretrydelay mod/mod_md.html#mdretrydelay +mdretryfailover mod/mod_md.html#mdretryfailover mdserverstatus mod/mod_md.html#mdserverstatus mdstapleothers mod/mod_md.html#mdstapleothers mdstapling mod/mod_md.html#mdstapling diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en index 22343407c3..ae69ba6c67 100644 --- a/docs/manual/mod/mod_authz_dbd.html.en +++ b/docs/manual/mod/mod_authz_dbd.html.en @@ -90,7 +90,7 @@ user to gain access.</p> <pre class="prettyprint lang-config">Require dbd-group team -AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"</pre> +AuthzDBDQuery "SELECT user_group FROM authz WHERE user = %s"</pre> diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en index d9a6a1f2b5..db55c31737 100644 --- a/docs/manual/mod/mod_md.html.en +++ b/docs/manual/mod/mod_md.html.en @@ -351,6 +351,8 @@ <li><img alt="" src="../images/down.gif" /> <a href="#mdrenewmode">MDRenewMode</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mdrenewwindow">MDRenewWindow</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mdrequirehttps">MDRequireHttps</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#mdretrydelay">MDRetryDelay</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#mdretryfailover">MDRetryFailover</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mdserverstatus">MDServerStatus</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mdstapleothers">MDStapleOthers</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#mdstapling">MDStapling</a></li> @@ -446,27 +448,34 @@ <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="MDCertificateAuthority" id="MDCertificateAuthority">MDCertificateAuthority</a> <a name="mdcertificateauthority" id="mdcertificateauthority">Directive</a></h2> <table class="directive"> -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL of the ACME Certificate Authority service.</td></tr> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL(s) of the ACME Certificate Authority to use.</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateAuthority <var>url</var></code></td></tr> -<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory</code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority letsencrypt</code></td></tr> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr> </table> <p> - The URL where the CA offers its service. + The URL(s) where the CA offers its service. + Instead of the actual URL, you may use 'letsencrypt' or 'buypass'. </p><p> - Let's Encrypt offers, right now, four such URLs. Two for - the own legacy version of the ACME protocol, commonly named ACMEv1. - And two for the RFC 8555 version, named ACMEv2. + If you configure more than one URL, each one is tried in a round-robin + fashion after a number of failures. You can configure how quickly or + delayed that happens via the <code class="directive">MDRetryDelay</code> and + <code class="directive">MDRetryFailover</code> directives. The default setting + makes a failover after about half a day of trying. </p><p> - Each version has 2 endpoints, as their is a production endpoint and a - "staging" endpoint for testing. The testing endpoint works the same, but will - not give you certificates recognized by browsers. However, it also has - very relaxed rate limits. This allows testing of the service repeatedly - without you blocking yourself. + All other settings apply to each of these URLs. It is therefore + not possible to have two with different + <code class="directive">MDExternalAccountBinding</code>s, for example. + </p><p> + For testing, CAs commonly offer a second service URL. + The 'test' service does not give certificates valid in a browser, + but are more relaxed in regard to rate limits. + This allows for verfication of your own setup before switching + to the production service URL. </p> - <div class="example"><h3>LE Staging Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre> + <div class="example"><h3>LE Test Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre> </div> </div> @@ -1192,6 +1201,47 @@ MDRenewWindow 10%</pre> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="MDRetryDelay" id="MDRetryDelay">MDRetryDelay</a> <a name="mdretrydelay" id="mdretrydelay">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryDelay <var>duration</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryDelay 5s</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr> +</table> + <p> + The amount of time to wait after an error before trying + to renew a certificate again. This duration is doubled after + each consecutive error with a maximum of 24 hours. + </p> + <p> + It is kept separate for each certificate renewal. Meaning an error + on one MDomain does not delay the renewals of other domains. + </p> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="MDRetryFailover" id="MDRetryFailover">MDRetryFailover</a> <a name="mdretryfailover" id="mdretryfailover">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryFailover <var>number</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryFailover 13</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr> +</table> + <p> + The number of consecutive errors on renewing a certificate before + another CA is selected. This only applies to configurations that + have more than one <code class="directive">MDCertificateAuthority</code> + specified. + </p> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="MDServerStatus" id="MDServerStatus">MDServerStatus</a> <a name="mdserverstatus" id="mdserverstatus">Directive</a></h2> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Control if Managed Domain information is added to server-status.</td></tr> diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en index 7cd4990755..686330c6ea 100644 --- a/docs/manual/rewrite/flags.html.en +++ b/docs/manual/rewrite/flags.html.en @@ -468,7 +468,8 @@ example.</p> <h2><a name="flag_ne" id="flag_ne">NE|noescape</a></h2> <p>By default, special characters, such as <code>&</code> and <code>?</code>, for example, will be converted to their hexcode -equivalent. Using the [NE] flag prevents that from happening. +equivalent for rules that result in external redirects. +Using the [NE] flag prevents that from happening. </p> <pre class="prettyprint lang-config">RewriteRule "^/anchor/(.+)" "/bigpage.html#$1" [NE,R]</pre> diff --git a/include/ap_release.h b/include/ap_release.h index 91251781d7..0cb21ab21d 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -44,7 +44,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 #define AP_SERVER_PATCHLEVEL_NUMBER 54 -#define AP_SERVER_DEVBUILD_BOOLEAN 1 +#define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ |