v3.9.9 – WordOps stable release

Jc4tidm0ht

A new stable release has been published few days ago : v3.9.9

What’s New ?

Let’s Encrypt

In this release, the most important part was refactoring acme.sh integration to make it more modular and to be able to support incoming features.
We added support for another acme challenge : DNS Alias. It’s pretty similar to DNS API, and it provide the ability to use a domain with DNS API to secure another one. You can read more about this feature in acme.sh wiki.

In WordOps, you can use DNS Alias mode this way :

wo site update site.tld -le --dns=dns_cf --dnsalias=aliasdomain.tld

We also improve error log in case of failure during certificate issuance and DNS check to make sure the domain is pointing to the server IP.

Security

To harden server security, we previously added UFW setup in our install script. It’s now available with the command wo stack install --ufw and has been removed from the install script.

We also added two flags to the command wo secure :
--ssh : harden ssh security with a sshd_config template following the Mozilla Infosec guidelines
--sshport : update SSH port to any custom port

Changelog

Added

  • [STACK] UFW now available as a stack with flag --ufw
  • [SECURE] wo secure --ssh to harden ssh security
  • [SECURE] wo secure --sshport to change ssh port
  • [SITE] check domain DNS records before issuing a new certificate without DNS API
  • [STACK] Acme challenge with DNS Alias mode --dnsalias=aliasdomain.tld acme.sh wiki

Changed

  • [APP] WordOps dashboard updated to v1.2, shipped as a html file, it can be used without PHP stack
  • [STACK] Refactor Let’s Encrypt with acme.sh
  • [STACK] Log error improved with acme.sh depending on the acme challenge (DNS API or Webroot)
  • [INSTALL] Removed UFW setup from install script
  • [APP] phpMyAdmin updated to v4.9.1
  • [STACK] Commit possible Nginx configuration changes into Git before and after performing tasks (in wo secure for example)
  • [CORE] Update deprecated handlers and hooks registration

Fixed

  • [STACK] wo stack purge --all failure if mysql isn’t installed
  • [INSTALL] Fix EEv3 files cleanup
  • [SECURE] Incorrect variable usage in wo secure --port
  • [INSTALL] Fix backup_ee function in install script

This post was last modified on 2019-12-04 13:32