fastcgi's ServeHTTP method originally returned the correct value (0) in
b51e8bc1. Later, I mistakenly suggested
we change that to return the status code because I forgot that status
codes aren't logged by the return value. So fastcgi broke due in
3966936b due to my error.

We later had to try to make up for this with ugly Content-Length checks
like in c37ad7f6. Turns out that all we
had to do was fix the returned status here back to 0. The proxy
middleware behaves the same way, and returning 0 is correct. We should
only return a status code if the response has not been written, but with
upstream servers, we do write a response; they do not know about our
error handler.

Also clarifed this in the middleware.Handler documentation.

https: Fix build after https://github.com/xenolf/lego/commit/0e26b

Fix up last-second changes

Fixes #640

Without -ldflags, the verison information needs to be updated manually,
which is never done between releases, so development builds appear
indiscernable from stable builds using `caddy -version`.

This is part of a set of changes intended to relieve the burden of
always updating version information manually and distributing binaries
that look stable but actually may not be.

A stable build is defined as one which is produced at a git tag with
a clean working directory (no uncommitted changes). A dev build is
anything else. With this build script, `caddy -version` will now reveal
whether it is a development build and, if so, the base version, the
latest commit, the date and time of build, and the names of files with
changes as well as how many changes were made.

The output of `caddy -version` for stable builds remains the same.

Based on work started in, and replaces, #614

markdown: Implement .DocFlags and tests

fastcgi: Explicitly set Content-Length (fixes #626)

rewrite: Allow status to be 2xx or 4xx.

tls: Add SHA384 ciphers

middleware: Export ResponseRecorder and add a couple getter methods

errors: Set missing Content-Type for plaintext error messages

And corrected an error in a copy and pasted comment

It was implemented for almost a year but we'll probably never use it, especially since we'll match more than the path in the future.

Now attempt to staple OCSP even for certs that don't have an existing staple (issue #605). "tls off" short-circuits tls setup function. Now we call getEmail() when setting up an acme.Client that does renewals, rather than making a new account with empty email address. Check certificate expiry every 12 hours, and OCSP every hour.

Rotate process log

This fixes a regression introduced in recent commits that enabled TLS on the default ":2015" config. This fix is possible because On-Demand TLS is no longer implicit; it must be explicitly enabled by the user by setting a maximum number of certificates to issue.

Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.

If Caddy is running but not listening on port 80, reloading Caddy with a new Caddyfile that needs to obtain a TLS cert from the CA would fail, because it was just assumed that, if reloading, port 80 as already in use. That is not always the case, so we scan the servers to see if one of them is listening on port 80, and we configure the ACME client accordingly. Kind of a hack... but it works.

After 10 certificates are issued, no new certificate requests are allowed for 10 minutes after a successful issuance.