From: Rich Bowen Date: Wed, 18 Mar 2026 16:25:07 +0000 (+0000) Subject: bz69981 - Update to new LetsEncrypt policies. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=236c428ebd497abacbb39435a889c64ba206813d;p=thirdparty%2Fapache%2Fhttpd.git bz69981 - Update to new LetsEncrypt policies. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932365 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_md.html.en.utf8 b/docs/manual/mod/mod_md.html.en.utf8 index 95f03fe71e..8d510f4916 100644 --- a/docs/manual/mod/mod_md.html.en.utf8 +++ b/docs/manual/mod/mod_md.html.en.utf8 @@ -1180,18 +1180,18 @@ MDomain example2.org auto

This about a non-standard ACME extension by Let's Encrypt.

- Lets Encrypt announced they will add Certificate Profiles - support in their CA during 2025, beginning with their staging - servers. This, among some other details, let's you select the - lifetime of the certificates you get. The "default" profile - will keep the 90 days and a "tlsserver" profile will issue - certificates with only 6 days of validity. + Lets Encrypt supports Certificate Profiles in their CA. This, + among some other details, let's you select the lifetime of the + certificates you get. The "classic" profile is the default and + will keep the 90 days, the "tlsserver" profile is also 90 days + with a max of 25 Subject Alternative Names. The "shortlived" + profile will issue certificates with only 6 days of validity.

If you do not change your mod_md configuration, you will continue to get the 90 days certificates. Should you believe that a shorter lifetime is beneficial for you (and take the risk that the renewal time is way shorter), - you can configure the profile to use via 'MDProfile tlsserver'. ++ you can configure the profile to use via 'MDProfile shortlived'.

The profile names are defined by the CA. If a profile you configure is not available, no profile will be used and diff --git a/docs/manual/mod/mod_md.html.fr.utf8 b/docs/manual/mod/mod_md.html.fr.utf8 index e0ee02d90b..76e2580993 100644 --- a/docs/manual/mod/mod_md.html.fr.utf8 +++ b/docs/manual/mod/mod_md.html.fr.utf8 @@ -1372,7 +1372,7 @@ MDomain example2.org auto entre autres détails, vous permettra de définir la durée de validité des certificats que vous recevez. À ce titre, le profile « default Â» conservera la valeur de 90 jours, alors que - le profile « tlsserver Â» délivrera des certificats dont la durée + le profile « shortlived » délivrera des certificats dont la durée de validité sera de 6 jours seulement.

Si vous ne modifiez pas la configuration de votre module mod_md, @@ -1381,7 +1381,7 @@ MDomain example2.org auto plus courte convient mieux à votre situation (et acceptez le risque que le temps de renouvellement soit beaucoup plus court), vous pouvez définir le profile à utiliser à l’aide de - « MDProfile tlsserver Â». + « MDProfile shortlived ».

Les noms de profile sont définis par le CA. Si vous tentez de définie un profile non valable, aucun profile ne sera utilisé, diff --git a/docs/manual/mod/mod_md.xml b/docs/manual/mod/mod_md.xml index b0eaca7f5e..c6444b73d5 100644 --- a/docs/manual/mod/mod_md.xml +++ b/docs/manual/mod/mod_md.xml @@ -1515,18 +1515,18 @@ MDMessageCmd /etc/apache/md-message

This about a non-standard ACME extension by Let's Encrypt.

- Lets Encrypt announced they will add Certificate Profiles - support in their CA during 2025, beginning with their staging - servers. This, among some other details, let's you select the - lifetime of the certificates you get. The "default" profile - will keep the 90 days and a "tlsserver" profile will issue - certificates with only 6 days of validity. + Lets Encrypt supports Certificate Profiles in their CA. This, + among some other details, let's you select the lifetime of the + certificates you get. The "classic" profile is the default and + will keep the 90 days, the "tlsserver" profile is also 90 days + with a max of 25 Subject Alternative Names. The "shortlived" + profile will issue certificates with only 6 days of validity.

If you do not change your mod_md configuration, you will continue to get the 90 days certificates. Should you believe that a shorter lifetime is beneficial for you (and take the risk that the renewal time is way shorter), - you can configure the profile to use via 'MDProfile tlsserver'. ++ you can configure the profile to use via 'MDProfile shortlived'.

The profile names are defined by the CA. If a profile you configure is not available, no profile will be used and diff --git a/docs/manual/mod/mod_md.xml.fr b/docs/manual/mod/mod_md.xml.fr index 2f321342ec..831edfd892 100644 --- a/docs/manual/mod/mod_md.xml.fr +++ b/docs/manual/mod/mod_md.xml.fr @@ -1807,7 +1807,7 @@ MDMessageCmd /etc/apache/md-message entre autres détails, vous permettra de définir la durée de validité des certificats que vous recevez. À ce titre, le profile « default » conservera la valeur de 90 jours, alors que - le profile « tlsserver » délivrera des certificats dont la durée + le profile « shortlived » délivrera des certificats dont la durée de validité sera de 6 jours seulement.

Si vous ne modifiez pas la configuration de votre module mod_md, @@ -1816,7 +1816,7 @@ MDMessageCmd /etc/apache/md-message plus courte convient mieux à votre situation (et acceptez le risque que le temps de renouvellement soit beaucoup plus court), vous pouvez définir le profile à utiliser à l’aide de - « MDProfile tlsserver ». + « MDProfile shortlived ».

Les noms de profile sont définis par le CA. Si vous tentez de définie un profile non valable, aucun profile ne sera utilisé,