Skip to content

Releases: icing/mod_md

v2.4.28

12 Sep 13:16
Compare
Choose a tag to compare
  • When the server starts, it looks for new, staged certificates to activate. If
    the staged set of files in 'md/staging/' is messed up, this could
    prevent further renewals to happen. Now, when the staging set is present, but
    could not be activated due to an error, purge the whole directory.

mod_md v2.4.27

06 Sep 11:38
Compare
Choose a tag to compare
  • Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. Refs #265.
  • Restore compatibility with OpenSSL < 1.1. [ylavic]

mod_md v2.4.26

03 Jan 10:14
Compare
Choose a tag to compare
  • Using OCSP stapling information to trigger certificate renewals. Proposed
    by Fraser Tweedale.
  • Added directive MDCheckInterval to control how often the server checks
    for detected revocations. Added proposals for configurations in the
    README.md chapter "Revocations".
  • OCSP stapling: accept OCSP responses without a nextUpdate entry which is
    allowed in RFC 6960. Treat those as having an update interval of 12 hours.
    Added by @frasertweedale.
  • Adapt OpenSSL usage to changes in their API. By Yann Ylavic.

mod_md v2.4.25

31 Oct 10:13
Compare
Choose a tag to compare
  • Fix the reported "until" validity of a certificate in the status handler.
    [Rainer Jung]
  • Fix possible NULL deref when logging the error that an authentication
    resource could not be retrieved from the ACME server. Refs #324

mod_md v2.4.24

16 Aug 11:27
Compare
Choose a tag to compare
  • Fixed passing of the server environment variables to programs started via
    MDMessageCmd and MDChallengeDns01 on *nix system. See #319.

mod_md v2.4.23

14 Jul 11:25
Compare
Choose a tag to compare
  • New directive MDMatchNames all|servernames to allow more control over how
    MDomains are matched to VirtualHosts.
  • New directive MDChallengeDns01Version. Setting this to 2 will provide
    the command also with the challenge value on teardown invocation. In version
    1, the default, only the setup invocation gets this parameter.
    Refs #312. Thanks to @domrim for the idea.

mod_md v2.4.22

12 Jul 08:56
Compare
Choose a tag to compare
  • For Managed Domain in "manual" mode, the checks if all used ServerName and
    ServerAlias are part of the MDomain now reports a warning instead of an error
    (AH10040) when not all names are present.
    This should resolve #301.

mod_md v2.4.21

02 Mar 17:22
Compare
Choose a tag to compare
  • MDChallengeDns01 can now be configured for individual domains.
    Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working
  • Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
    teardown not being invoked as it should.

mod_md v2.4.20

16 Nov 11:30
Compare
Choose a tag to compare
  • Enabling ED25519 support and certificate transparency information when
    building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.

mod_md v2.4.19

25 Aug 13:13
Compare
Choose a tag to compare
  • restored curl_easy cleanup behaviour from v2.4.14 and refactored
    the use of curl_multi for OCSP requests to work with that. Fixes #293.