A new stable release has been published few days ago : v3.9.9
What’s New ?
Let’s Encrypt
In this release, the most important part was refactoring acme.sh integration to make it more modular and to be able to support incoming features.
We added support for another acme challenge : DNS Alias. It’s pretty similar to DNS API, and it provide the ability to use a domain with DNS API to secure another one. You can read more about this feature in acme.sh wiki.
In WordOps, you can use DNS Alias mode this way :
wo site update site.tld -le --dns=dns_cf --dnsalias=aliasdomain.tld
We also improve error log in case of failure during certificate issuance and DNS check to make sure the domain is pointing to the server IP.
Security
To harden server security, we previously added UFW setup in our install script. It’s now available with the command wo stack install --ufw
and has been removed from the install script.
We also added two flags to the command wo secure
:
– --ssh
: harden ssh security with a sshd_config template following the Mozilla Infosec guidelines
– --sshport
: update SSH port to any custom port
Changelog
Added
- [STACK] UFW now available as a stack with flag
--ufw
- [SECURE]
wo secure --ssh
to harden ssh security - [SECURE]
wo secure --sshport
to change ssh port - [SITE] check domain DNS records before issuing a new certificate without DNS API
- [STACK] Acme challenge with DNS Alias mode
--dnsalias=aliasdomain.tld
acme.sh wiki
Changed
- [APP] WordOps dashboard updated to v1.2, shipped as a html file, it can be used without PHP stack
- [STACK] Refactor Let’s Encrypt with acme.sh
- [STACK] Log error improved with acme.sh depending on the acme challenge (DNS API or Webroot)
- [INSTALL] Removed UFW setup from install script
- [APP] phpMyAdmin updated to v4.9.1
- [STACK] Commit possible Nginx configuration changes into Git before and after performing tasks (in
wo secure
for example) - [CORE] Update deprecated handlers and hooks registration
Fixed
- [STACK]
wo stack purge --all
failure if mysql isn’t installed - [INSTALL] Fix EEv3 files cleanup
- [SECURE] Incorrect variable usage in
wo secure --port
- [INSTALL] Fix backup_ee function in install script