diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index 51f91268eff06..37ac4ec028810 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -441,6 +441,22 @@ users.users.me = now uses the short rather than full version string. + + + The ACME module has switched from simp-le to lego + which allows us to support DNS-01 challenges and wildcard certificates. The following options have been added: + security.acme.acceptTerms, + security.acme.certs.<name>.dnsProvider, + security.acme.certs.<name>.credentialsFile, + security.acme.certs.<name>.dnsPropagationCheck. + As well as this, the options security.acme.acceptTerms and either + security.acme.email or security.acme.certs.<name>.email + must be set in order to use the ACME module. + Certificates will be regenerated from new on the next renewal date. The credentials for simp-le are + preserved and thus it is possible to roll back to previous versions without breaking certificate + generation. + +