diff --git a/ChangeLog b/ChangeLog index 7648cae..eaefbc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,21 +1,25 @@ +v2.4.8 +---------------------------------------------------------------------------------------------------- * `MDContactEmail` can now be specified inside a `` section. - * Added workaround for ACME servers that do not accept account retrieval - via a GET-AS-POST. This is commonly used to detect if a known account - is still usable. In case this fails, a "termsOfServiceAgreed" is set - on an account to verify its existence. - * First successful tests with a Sectigo demo setup. * Treating 401 HTTP status codes for orders like 403, since Sectigo seems to prefer that for accessing oders from other accounts. * When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized (Sectigo workaround). - * Ignore ACME accounts when the verification results in a 400 response. - This seems to happen on Sectigo for some not fully understood reason - when a account is re-used. Needs more test cases. * Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See #268. * Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. + * New: experimental support for ACME External Account Binding (EAB). + Use the new directive `MDExternalAccountBinding` to provide the + server with the value for key identifier and hmac as provided by + your CA. + While working on some servers, EAB handling is not uniform across CAs. + First tests with a Sectigo Certificate Manager in demo mode are + successful. But ZeroSSL, for example, seems to regard EAB values as + a one-time-use-only thing, which makes them fail if you create a + seconde account or retry the creation of the first account with + the same EAB. v2.4.7 ---------------------------------------------------------------------------------------------------- diff --git a/configure.ac b/configure.ac index 1067a7e..9c56902 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ # AC_PREREQ([2.69]) -AC_INIT([mod_md], [2.4.7], [stefan.eissing@greenbytes.de]) +AC_INIT([mod_md], [2.4.8], [stefan.eissing@greenbytes.de]) LT_PREREQ([2.2.6]) LT_INIT() diff --git a/src/md_version.h b/src/md_version.h index fae28d0..0b9dcb2 100644 --- a/src/md_version.h +++ b/src/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.4.7-git" +#define MOD_MD_VERSION "2.4.8-git" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020407 +#define MOD_MD_VERSION_NUM 0x020408 #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"