- Use Let's Encrypt ceremony tool for generating keys and certs instead of openssl
- Store keys on SoftHSM instead of in plain text files on disk
- Add redis container for boulder rate limiting
- Fix standalone builds (both .debs and container) (#154)
- Use redis for OCSP as well, in different database number
- Fix issuer and CRL URLs in certificates
- Bump boulder version to release-2025-02-14
- Several fixes and tweaks
⚠️ WARNING: from this version forward it is NOT longer possible to keep the root CA key offline! If your current system does not contain the root key, upgrading to this or future versions will fail. Either setup a new instance of LabCA and import the root certificate WITH the key, or stick with v25.01.1 or earlier.
Allowing the root key to be offline made my code very complex to maintain, and with the change to the ceremony tool it would have become way more difficult. The keys are now stored in SoftHSMv2 and I will be looking into possibly supporting physical HSMs (Hardware Security Modules) in the future.