Skip to content

Releases: icing/mod_md

mod_md v2.1.3 (beta)

05 Sep 13:34
@icing icing
v2.1.3
2b36ce5
Compare
Choose a tag to compare
mod_md v2.1.3 (beta)
  • added more trace2 level logging in server-status collection to help issue #141
  • fixed the status handling to return job information from staging also when the certificate
    is not there yet.
  • fixed a bug in JSON handling that decremented refcounters wrongly when setting another
    JSON object at a key where none was allowed. Added test case.
  • OCSP Stapling information in "server-status" is now sorted alphabetically.
  • add a CA column to Managed Domains table
  • urls are now displayed as links with the hostname or known name as text.
  • similary to ocsp status, certificate status 'ok' is now 'good'. Will turn to 'expired'
    should the certificate validity pass the current clock.
Assets 3
Loading

mod_md v2.1.2 (beta)

02 Sep 15:14
@icing icing
v2.1.2
0241c3c
Compare
Choose a tag to compare
mod_md v2.1.2 (beta)
  • Refactoring the initialization to distinguish between VirtualHost definitions that have
    SSLEngine on and those who do not. The advantages are:
    • No MDPortMap definition is necessary to detect where SSL certificates are needed.
    • mod_md will only collect ServerName/ServerAlias from VirtualHosts that use SSL.
    • One can have a 'catch-all' VirtualHost on port 80 using all domains without them
      bleeding back into the MD definitions.
  • Initialization no longer traverses the complete md store, reads configured MD JSON
    files only once and writes them only when changed. When a new MD is added or
    an existing one renamed (the first domain member changes), will the store be searched
    for old definitions and certificates. This search only looks at MDs outside the current
    set and should remain efficient with many MDs configured.
    Example: if you have 100 MDs and rename 1, mod_md will see the 99 directories that stayed
    and load the one unmatched to check for a rename.
Assets 3
Loading

mod_md v2.1.1 (beta)

22 Aug 13:57
@icing icing
v2.1.1
0cb9598
Compare
Choose a tag to compare
mod_md v2.1.1 (beta)
  • Fixed a bug where the "acme-tls/1" protocol setting was not recognized on the base server
    (with "MDBaseServer on").
  • ACME errors returned during account creation are now added to the job log.
  • A missing ServerAdmin is now properly logged at the renewal job.
Assets 3
Loading

mod_md v2.1.0 (beta)

21 Aug 13:32
@icing icing
v2.1.0
2129181
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
mod_md v2.1.0 (beta)

This is a beta release. For a more mature version, use the v2.0.x release line. This release is for Apache httpd 2.4.41 or later.

The main new feature in 2.1 vs. 2.0 is the introduction of the new OCSP Stapling implementation. You can use this for all your certificates, only your Let's Encrpyt certificates or just enable it on a specific MDomain. See the sections in the README.md for a description.

  • New directives "MDStapling on|off"
  • New directive "MDStaplingRenewWindow" to configure when OCSP response should be renewed.
  • New directive "MDStaplingKeepResponse" for controlling how long OCSP responses are
    kept in the store and older ones get removed at start up.
  • "server-status" page now carries a new table of all OCSP stapling certificates managed
    by mod_md stapling. Shifted ocsp related information in JSON "md-status" around a bit.
  • "md-status" handler now also adds OCSP stapling logs to the JSON output.
  • MDMessageCmd is now also invoked for stapling with reasons 'ocsp-renewed' and 'ocsp-errored'.
  • backoff timing for failed ocsp retrieval attempts. specific ocsp update will be
    delayed accordingly.
  • new directive 'MDCertificateMonitor' to allow configuration of the check HTML links rendered
    in the server-status page.
  • toning down some INFO level logging to DEBUG or lower.
  • server-status timestamps now in a better readable format. Some columns have been merged.
  • Much more verbose data logging when OCSP responses could not be parsed.
  • Fixed a bug with suppressing "Expect" header sending.
  • Fixed a bug where notifications about an expiring certificate were sent out too often.
  • Converted pytest suite from python2 to python3. "make test" now calls "python3 -m pytest".
  • Errors reports by an ACME CA may include "subproblems", where several causes may be reported.
    These are now part of the md-status reporting and also logged. Test cases added.
Assets 3
Loading

mod_md v2.0.10

21 Aug 13:18
@icing icing
v2.0.10
0721ecb
Compare
Choose a tag to compare
mod_md v2.0.10

The wrong branch was labelled in v2.0.9 and the sources.zip contained the files from master. The release tar file was correct, however.

This release tags the correct maintenance-2.0.x branch, but is otherwise equivalent.

Assets 3
Loading

mod_md v2.0.9

01 Aug 14:38
@icing icing
v2.0.9
8131786
Compare
Choose a tag to compare
mod_md v2.0.9

Update: this release tagged the wrong source branch. The attached tar file mod_md-2.0.9.tar.gz contains
the correct files, however the github generated zips came - my mistake - from the master branch. I will release a - otherwise equivalent - v2.0.10 from the correct branch.

  • fixed a compile error on warn level about redefintion of AP_ENABLE_EXCEPTION_HOOK. Fixes #132.
Assets 3
Loading

mod_md v2.0.8

11 Jul 11:10
@icing icing
v2.0.8
95612de
Compare
Choose a tag to compare
mod_md v2.0.8
  • adapted to latest mod_ssl api changes in trunk
  • fixed a use-after-free when updating account information from the server.
  • removed httpd trunk patch as no longer needed
  • updated httpd 2.4.x patch with mod_ssl changes
Assets 3
Loading

mod_md v2.0.7

09 Jul 11:31
@icing icing
v2.0.7
d3e1218
Compare
Choose a tag to compare
mod_md v2.0.7
  • supports the new mod_ssl hooks for interworking
  • fixing a crash when authentication status was deemed invalid by CA.
  • bringing back some internal changes from apache svn.
Assets 3
Loading

mod_md v2.0.6

24 Jun 15:19
@icing icing
v2.0.6
58d3605
Compare
Choose a tag to compare
mod_md v2.0.6
  • MDs with static certificate (MDCertificateFile) are not auto-renewed. But they are watched
    for expiration and trigger a configured MDMessageCmd.
  • ACME challenge method 'tls-alpn-01' is now checked for each domain in an MD individually
    and no longer needs to be available for all domains.
Assets 3
Loading

mod_md v2.0.5

19 Jun 15:16
@icing icing
v2.0.5
e73d653
Compare
Choose a tag to compare
mod_md v2.0.5
  • Renewal jobs now have their own log attached with timestamps when renewal was started,
    ran into errors, finished. The job JSON files are copied from staging into the domain
    directory for possible later review.
  • job logs now list all activities during renewal.
  • new MDMessageCmd added as alternative to MDNotifyCmd. This command is called with an
    addition "reason" parameter that specifies what happened to the manged domain.
  • MDNotifyCmd is now called for each domain that has been successfully renewed. Not for
    all Managed Domains after all have been processed. This gives notifications earlier.
    Notification errors are now also collected under MD status and notifications are retried
    with backoff delays.
  • New directive MDServerStatus to control if Managed Domains are listed in Apache's
    server-status handler or not. Default yes.
  • New directive MDCertificateStatus to control if JSON certificate information on a domain
    should be made available on https:///.httpd/certificate-status or not. Default yes.
  • fixed a bug that checked ACMEv2 authorizations against the server several times unnecessarily.
Assets 3
Loading