From e0023c1ffa298cbb29fe163b06f65a288d5b05b6 Mon Sep 17 00:00:00 2001 From: Kyle Christensen Date: Mon, 17 Jun 2024 08:03:15 -0400 Subject: [PATCH 1/2] Bump Lego to v4.17.4 --- udm-le.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/udm-le.env b/udm-le.env index f2c3122..967449f 100644 --- a/udm-le.env +++ b/udm-le.env @@ -129,8 +129,8 @@ DNS_RESOLVERS="" UDM_LE_PATH="/data/udm-le" # LetsEncrypt Configuration -LEGO_VERSION="4.16.1" -LEGO_SHA1="9e97a07db0660c69100327a67e839186153ce5df" +LEGO_VERSION="4.17.4" +LEGO_SHA1="637144bb79f42f7a4884bd98be7decb1679e4322" LEGO_DOWNLOAD_URL="https://github.com/go-acme/lego/releases/download/v${LEGO_VERSION}/lego_v${LEGO_VERSION}_linux_arm64.tar.gz" LEGO_BINARY="${UDM_LE_PATH}/lego" LEGO_PATH="${UDM_LE_PATH}/.lego" From c5d18dc51cf17047c71b4c2f6e1dfd31511680f3 Mon Sep 17 00:00:00 2001 From: Kyle Christensen Date: Mon, 17 Jun 2024 08:03:31 -0400 Subject: [PATCH 2/2] Update README.md to reflect CNAME defaults --- udm-le.env | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/udm-le.env b/udm-le.env index 967449f..c46dcf3 100644 --- a/udm-le.env +++ b/udm-le.env @@ -23,12 +23,10 @@ NO_BUNDLE="no" # Enable updating Radius support ENABLE_RADIUS="no" -# Allows CNAMEs to be resolved. When true, allows resolving _acme-challenge.* in case it -# has a CNAME pointing to a different domain. With this, make sure the DNS provider config -# is for the provider the CNAME points to. -# -# Leave this disabled if you don't know what this means as most configurations don't need it. -LEGO_EXPERIMENTAL_CNAME_SUPPORT=false +# Disable support for CNAME resolution. When false, allows resolving _acme-challenge.* if you +# have a CNAME pointing to a different domain. This is generally not something people need, so leave +# this alone unless you've explicitly set up a CNAME and understand the implications. +LEGO_DISABLE_CNAME_SUPPORT=true # The DNS resolver used to verify records. Change this to a public DNS resolver if you have # modified your UDM's upstream DNS servers to point to an internal resolver that is the