In this release we made a couple of minor changes to our configurations on Hypernode.

Increased the server_names_hash_bucket_size to 128

The server_names_hash_bucket_size NGINX config value was increased from 64 to 128 as it was causing issues with longer domain names. For example previously trying to generate an SSL configuration for domains of a certain length could result in a configuration validation error.

~$ cat .dehydrated/domains.txt
~/nginx$ cat nginx_error_output
nginx: [emerg] could not build server_names_hash
nginx: configuration file /etc/nginx/nginx.conf test failed

This issue has now been resolved.

Disabled OCSP_MUST_STAPLE in the pre-installed Let’s Encrypt client configuration

OCSP_MUST_STAPLE is now disabled by default in the dehydrated configuration. This feature was causing some issues in various versions of FireFox.

If you noticed the following warning message while using a Let’s Encrypt certificate it was probably related to this issue.


We are now testing a new configuration so that we can re-enable this feature again as the standard configuration but until then you can configure it for yourself if you want to by creating a user specific dehydrated config file like so:

cp /etc/dehydrated/config /the/working/dir/where/you/run/dehydrated/
# edit config and add the following line

Take note that if you do so, future changes to that globally installed config file will not be propagated to your custom configuration.

Installed the fonts-droid package

As requested by Peter Jaap from Elgentos this package is now available. This means that the following fonts are now pre-installed:

# dpkg -L fonts-droid | grep ttf

Small change to the app SPF record

The record is now less restrictive. The ?all modifier was added.

dig TXT | grep spf
; <<>> DiG 9.10.3-P4-Ubuntu <<>> TXT
;        IN  TXT 599 IN  TXT "v=spf1 ip4:some_ip/24 ?all"

Also the is being deprecated. It was invalid due to it causing too many DNS lookups.