Recommended update for dehydrated

Announcement ID:	SUSE-RU-2021:0734-1
Rating:	moderate
References:	bsc#1154167 bsc#1178927 jsc#SLE-15909
Affected Products:	Server Applications Module 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that contains one feature and has two fixes can now be installed.

Description:

This update for dehydrated fixes the following issues:

Update to dehydrated 0.7.0 (jsc#SLE-15909)

• Added

• Support for external account bindings

• Special support for ZeroSSL
• Support presets for some CAs instead of requiring URLs
• Allow requesting preferred chain (--preferred-chain)
• Added method to show CAs current terms of service (--display-terms)
• Allow setting path to domains.txt using cli arguments (--domains-txt)

• Added new cli command --cleanupdelete which deletes old files instead of archiving them

• Fixed

• No more silent failures on broken hook-scripts

• Better error-handling with KEEP_GOING enabled
• Check actual order status instead of assuming it's valid

• Don't include keyAuthorization in challenge validation (RFC compliance)

• Changed

• Using EC secp384r1 as default certificate type

• Use JSON.sh to parse JSON
• Use account URL instead of account ID (RFC compliance)
• Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated

• Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options

• dehydrated-apache2: Check for mod_compat (bsc#1178927)

• Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page.

• Remove potentially harmful scriptlet (bsc#1154167).

• Removed lighttpd 1.x integration package. If you still would like to use lighttpd with dehydrated, follow the instructions in the README.maintainers file.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Server Applications Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-734=1

Package List:

• Server Applications Module 15-SP2 (noarch)
  • dehydrated-nginx-0.7.0-11.3.1
  • dehydrated-0.7.0-11.3.1
  • dehydrated-apache2-0.7.0-11.3.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1154167
• https://bugzilla.suse.com/show_bug.cgi?id=1178927
• https://jira.suse.com/browse/SLE-15909