rl-2003: Update the release documentation

It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not. (cherry picked from commit 21c4a33cee)
2024-12-27 05:43:50 +03:00 · 2020-04-16 13:38:15 +02:00 · 2020-04-16 13:38:15 +02:00 · 3dbd3f2651
commit 3dbd3f2651
parent b9c027da07
1 changed files with 5 additions and 3 deletions
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
     As well as this, the options <literal>security.acme.acceptTerms</literal> and either
     <literal>security.acme.email</literal> or <literal>security.acme.certs.&lt;name&gt;.email</literal>
     must be set in order to use the ACME module.
-     Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are
-     preserved and thus it is possible to roll back to previous versions without breaking certificate
-     generation.
+     Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le.
+     In particular private keys will not be preserved. However, the credentials for simp-le are preserved and
+     thus it is possible to roll back to previous versions without breaking certificate generation.
+     Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can
+     have consequences if you embed your public key in apps.
    </para>
   </listitem>
   <listitem>