From 3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc Mon Sep 17 00:00:00 2001 From: Ismaël Bouya Date: Thu, 16 Apr 2020 13:38:15 +0200 Subject: rl-2003: Update the release documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not. (cherry picked from commit 21c4a33ceef77dec2b821f7164e13971862d5575) --- nixos/doc/manual/release-notes/rl-2003.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'nixos/doc/manual') diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index b0940391b56b..62251e0b25b9 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root"; As well as this, the options security.acme.acceptTerms and either security.acme.email or security.acme.certs.<name>.email must be set in order to use the ACME module. - Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are - preserved and thus it is possible to roll back to previous versions without breaking certificate - generation. + Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. + In particular private keys will not be preserved. However, the credentials for simp-le are preserved and + thus it is possible to roll back to previous versions without breaking certificate generation. + Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can + have consequences if you embed your public key in apps. -- cgit 1.4.1