Releases: icing/mod_md
Releases · icing/mod_md
mod_md 1.99.9
- A domain that is managed by md now exposes a status resource at /.httpd/certificate-status
in JSON format. This lists serial number, valid-from, expires and the cert itself in base64url
encoding. Not highly relevant since the connection exposed the certificate already.
When a domain certificate has been renewed however, the same properties of the renewed
cert are available under the field "staging". When the server is restarted and the cert
is activated, these disappear again. This makes it easy to scan domains for pending
certificate renewals and also gives information of upcoming certificates right away. - Added MD section to Apache's "server-status" page listing all managed domains and their
settings, renewal status and error count.
mod_md v1.99.8
- Merge of changes up to 1.1.19
- Fix for #117, explicitly set file permissions to work around umask defaults.
mod_md v1.1.19
- Another tackle at #117, explicitly setting
specified permissions on all files created in md store.
mod_md v1.1.18
- Explicitly setting file permissions to break out of umasks. We want our
non-privilegded apache user to be able to read them. See github issue
#117. - Merged some default store dir change from trunk.
- Merged unread var removal from trunk.
mod_md v1.99.7
- Fix by @nono303 to fix the Windows build that was broken in the last release.
mod_md v1.99.6
- When the server is not started by root, the module no longer tries to chown() the
staging and challenges directories as User and Group directives are ignored. Fixes #115. - When a md.json file in the store cannot be parsed, it is ignore and overwritten during
initial synch at server start. - When migrating from ACMEv1 to ACMEv2 on the same host, the account private key of an
existing account is reused on registration. Let's Encrypt internally treats this as
the same account, although it is exposed using different urls. This helps keeping
the waste of large prime numbers at a manageable level and allows for more useful
statistics from ACME CAs.
mod_md v1.99.5
- Enhanced checks for wildcard domain names in certificate coverage.
- ACME authorizations and certificate requests only done for minimal set of domain names,
e.g. domain covered by a wildcard are left out. LE CA requires this. - First successful wildcard certificate signup in test suite
- Old and long deprecated configuration directives "ManagedDomain(s)" removed.
- Challenge type 'tls-sni-01' removed as it has been disabled by Let's Encrypt.
- When the ACME server threw its challenges at us, we selected the first among the
configured/supported ones and ran that. When it failed, the whole authorization
failed until the retry kicked in. Now, on a failed challenge startup, we look for the
next possible challenge type and try that.
This allows for challenge types that are configured and maybe supported in general,
but do not work for all domains. E.g. when we add DNS challenge support, that type
may only work for a subset of the domains.
Instead of putting the burden on the user to configured the MDomains individually
correct, the DNS challenge setup can just return APR_ENOTIMPL and another challenge
type is used (if available). - configure updated to better work with non-standard curl library locations.
mod_md v1.99.4
- tls-alpn-01 challenge method, when available, is now preferred.
- configure now checks the libcurl version to be at least 7.50, as does the Apache configure.
mod_md v1.99.3
- OpenSSL initialization disabled in the module. Leaving that to mod_ssl/APR.
- mod_ssl trunk patch is now empty, changes have been committed into Apache trunk.
- ACME order/challenge cleanup now runs immediately after a successful renewal and does
not wait for a server restart.
mod_md v1.99.2
- fixed bug where a new ACME account was created for each new ACME managed domain when the existing accounts did not exist or were no longer valid/applicable.