daily autocommit

diff --git a/.etckeeper b/.etckeeper
index 8a6a1309b451948e47f50d59fe48d3c1d5a1b3f5..103690429d3838120474d23b66e2a136d6460207 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -1037,7 +1037,9 @@ maybe chown 'openldap' 'ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif'
 maybe chgrp 'openldap' 'ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif'
 maybe chmod 0600 'ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif'
 maybe chmod 0755 'letsencrypt'
+maybe chmod 0644 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
 maybe chmod 0700 'letsencrypt/accounts'
+maybe chmod 0700 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org'
 maybe chmod 0700 'letsencrypt/accounts/acme-staging.api.letsencrypt.org'
 maybe chmod 0700 'letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory'
 maybe chmod 0700 'letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/4fee9b4c205a4c1554f17b4b26ab41ad'

diff --git a/letsencrypt/.updated-options-ssl-apache-conf-digest.txt b/letsencrypt/.updated-options-ssl-apache-conf-digest.txt
new file mode 100644 (file)
index 0000000..5e65f80
--- /dev/null
+++ b/letsencrypt/.updated-options-ssl-apache-conf-digest.txt
@@ -0,0 +1 @@
+c0c022ea6b8a51ecc8f1003d0a04af6c3f2bc1c3ce506b3c2dfc1f11ef931082
\ No newline at end of file

diff --git a/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory
new file mode 120000 (symlink)
index 0000000..12215b8
--- /dev/null
+++ b/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory
@@ -0,0 +1 @@
+/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory
\ No newline at end of file

diff --git a/letsencrypt/options-ssl-apache.conf b/letsencrypt/options-ssl-apache.conf
index ec07a4ba31b08fb0ed09d2065cd874739752a401..8113ee81e5a6c562dfef0a1743b57d278ddbcd13 100644 (file)
--- a/letsencrypt/options-ssl-apache.conf
+++ b/letsencrypt/options-ssl-apache.conf
@@ -1,10 +1,14 @@
-# Baseline setting to Include for SSL sites
+# This file contains important security parameters. If you modify this file
+# manually, Certbot will be unable to automatically provide future security
+# updates. Instead, Certbot will print and log an error message with a path to
+# the up-to-date file that you will need to refer to when manually updating
+# this file.
 
 SSLEngine on
 
 # Intermediate configuration, tweak to your needs
 SSLProtocol             all -SSLv2 -SSLv3
-SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 SSLHonorCipherOrder     on
 SSLCompression          off