Releases: icing/mod_md
Releases · icing/mod_md
v2.4.28
- When the server starts, it looks for new, staged certificates to activate. If
the staged set of files in 'md/staging/' is messed up, this could
prevent further renewals to happen. Now, when the staging set is present, but
could not be activated due to an error, purge the whole directory.
mod_md v2.4.27
- Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. Refs #265.
- Restore compatibility with OpenSSL < 1.1. [ylavic]
mod_md v2.4.26
- Using OCSP stapling information to trigger certificate renewals. Proposed
by Fraser Tweedale. - Added directive
MDCheckInterval
to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations". - OCSP stapling: accept OCSP responses without a
nextUpdate
entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale. - Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
mod_md v2.4.25
- Fix the reported "until" validity of a certificate in the status handler.
[Rainer Jung] - Fix possible NULL deref when logging the error that an authentication
resource could not be retrieved from the ACME server. Refs #324
mod_md v2.4.24
- Fixed passing of the server environment variables to programs started via
MDMessageCmd and MDChallengeDns01 on *nix system. See #319.
mod_md v2.4.23
- New directive
MDMatchNames all|servernames
to allow more control over how
MDomains are matched to VirtualHosts. - New directive
MDChallengeDns01Version
. Setting this to2
will provide
the command also with the challenge value onteardown
invocation. In version
1, the default, only thesetup
invocation gets this parameter.
Refs #312. Thanks to @domrim for the idea.
mod_md v2.4.22
- For Managed Domain in "manual" mode, the checks if all used ServerName and
ServerAlias are part of the MDomain now reports a warning instead of an error
(AH10040) when not all names are present.
This should resolve #301.
mod_md v2.4.21
- MDChallengeDns01 can now be configured for individual domains.
Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
mod_md v2.4.20
- Enabling ED25519 support and certificate transparency information when
building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
mod_md v2.4.19
- restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that. Fixes #293.