Cert Warden v0.21.6

[v0.21.6] - 2024-07-02

Minor updates and fixes.

Added

N/A

Fixed

• Fix percentage formatting in dns_checker debug messages.
• Fix key pem formatting. In rare cases, an extra blank line was added
  incorrectly.
• Update a few dependencies to address Dependabot alerts.
• Fix backend mod file to properly set Go 1.22.4.

Changed

• The key pem formatting function was tweaked for code clarity and is
  likely a little more robust now as a result.
• Update Node JS to 18.20.3.
• Update Alpine to 3.20.

Removed

N/A

Note: v0.21.5 was removed due to issues with Go 1.22.5.

Cert Warden v0.21.4

[v0.21.4] - 2024-06-13

Minor updates and fixes.

If you are coming from <0.21.0, please read the warnings on 0.21.0.

Added

• Add better async order fulfillment. This was already supported but
  the additional changes make it more robust. If you have the
  debug log level set you will see more API calls to the remote
  ACME server.
• Add more robust checking of downloaded certificate chains. Also
  lay the groundwork for preferred chain selection in a future
  version. Add some additional log messages related to this.

Fixed

• Fix linux install script and service files.

Changed

• Update some log messages for clarity.
• Update to Go 1.22.4.
• Minor code cleanup for var type and name clarity.
• Change some usage of ToLower to EqualFold instead as a better
  coding practice.
• Update braces pkg.

Removed

N/A

Cert Warden v0.21.3

[v0.21.3] - 2024-05-17

Minor updates and fixes.

If you are coming from <0.21.0, please read the warnings on 0.21.0.

Added

N/A

Fixed

• Fix default certname. The app was looking for certwarden instead
  of serverdefault.
• Fix various issues in dependencies.

Changed

• Update to Go 1.22.3.
• Update all dependencies (backend and frontend).

Removed

N/A

Cert Warden v0.21.2

[v0.21.2] - 2024-05-07

Minor updates and fixes.

If you are coming from <0.21.0, please read the warnings on 0.21.0.

Added

• Always show Account URL. Some ACME providers (like Let's Encrypt)
  allow CAA records that specify specific account(s) that are allowed
  to issue certificates. Make the account URL always visible to make
  it easier to generate such records.
• Add refresh Account button on the edit account page. The button
  queries the ACME server for the current state of the account and
  saves it to Cert Warden.
• Add debug log message that lists which dns servers dns_checker is
  configured to use.

Fixed

• Update net package to address a dependabot alert re: http/2.
• Fix some file downloads having duplicate extension in the name of
  the file (e.g. .pem.pem).
• Fix retry after badNonce error for some ACME servers. (This is not
  a Cert Warden bug. Some ACME servers apparently don't follow the
  spec for how to handle badNonce. This fix allows Cert Warden to
  handle these non-compliant servers. Cert Warden will log a warning
  when this happens and the issue should be reported to the maintainer
  of the non-compliant server.)
• Fix some error messages printing in a garbled format.

Changed

• Minor API path rename for account registration.
• Minor styling changes in nonce manager.

Removed

N/A

Cert Warden v0.21.1

[v0.21.1] - 2024-04-19

Minor updates and fixes.

If you are coming from <0.21.0, please read the warnings on 0.21.0.

Added

• Add ability to use = (equal sign) in environment param values.

Fixed

• Fix environment param name and value checking. Be more strict about
  what is allowed in a param name. Make the frontend logic match the
  backend logic exactly.
• Fix environment params slice not properly stripping quotes.
• Fix time parsing of old backup file names. (If you saw a bunch of
  warn messages in your logs about backups and times, this is the
  fix.)

Changed

N/A

Removed

N/A

Cert Warden v0.21.0

[v0.21.0] - 2024-04-15

LeGo CertHub has changed to Cert Warden! This was done to avoid confusion
due to name overlap with another project. As part of this transition, a
number of things changed. I made efforts to make this upgrade cause
little to no pain, but there are changes that could trip you up.

Caution

You should not perform this updated in an unattended fashion. Something
might break and you may need to make tweaks. If you have problems,
please open an issue or post on the forum.

Compatibility Notes:

• Names of binaries, install, and upgrade scripts have changed. This includes
  the default paths and user name. If you're using a build outside of docker,
  you may need to update your local service to match the new file names.
  Review the changes in
  https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/install.sh
  https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/upgrade.sh
  and
  https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/legocerthub.service
• The Cert Warden Client route was changed. The server will attempt to
  post to the old route if the new route 404'd.
• The sqlite db was renamed to appdata.db. The old file should be
  automatically renamed on first start.
• The default certificate name this app uses has changed from legocerthub
  to serverdefault. The db version will be updated on first start and if
  one named legocerthub exists, it will be renamed to serverdefault.
• The basepath for the app and api changed from /legocerthub to
  /certwarden. Redirects are in place (for now) but you should update
  clients ASAP. A warning will be logged on the server any time a legacy
  path is accessed. The warning includes the IP of the client so you
  can go fix it.
• Log and backup filename prefixes were changed but the old files should
  still be accessible and viewable as if they had the new 'correct' name.

Most of the backwards compatibility bandages will be removed in a later
version. Please update clients asap to avoid future issues.

Added

N/A

Fixed

N/A

Changed

• Update to Vite 5 and use the new CSP injection feature (instead of the
  custom implementation previously used).
• Update to Go 1.22.1 and Node 18.20.2.
• Update a number of other dependencies.
• DB schema version changed from 5 to 6. The schema didn't actually change
  but this was done to help with the name change migration.

Removed

N/A

LeGo CertHub v0.20.4

[v0.20.4] - 2024-03-25

Minor updates and fixes.

I plan to rename this project. Please let me know if you have any ideas!
See: https://community.letsencrypt.org/t/new-client-lego-certhub/215010

Added

• Add basic validation to frontend when editing envrionment variables, as
  well as an error message specifying the correct format.

Fixed

• Fix email validation on frontend (thanks @oliverl-21).

Changed

• Overhaul environment variables for providers and certificates. These can
  now have quotes around the name, value, both, or neither and still work
  correctly. This was done as this format is common to other tools when
  setting these.
• Certain fields are no longer redacted when outputted (e.g. API Keys).
  They are still redacted in the logs though.
• The go-acme provider will now use the system default DNS server(s)
  instead of Google (if they can be determined, which they should be on all
  OSes).
• Update go jose, protobuf, and do go mod tidy.
• Update axios and follow-redirects.
• Update some func names on backend pem output. This is in preparation to
  add output in other formats (e.g., pfx).
• Update frontend copyright notice to 2024.

Removed

• Removed provider config preview when viewing the page that shows all
  providers. Edit a provider to see the full config.

LeGo CertHub v0.20.3

[v0.20.3] - 2024-03-06

Update to Go 1.22.1, which includes some security fixes.

LeGo CertHub v0.20.2

[v0.20.2] - 2024-03-05

Minor release that adds OCSP stapling and fixes a graceful shutdown bug.

Added

• Add OCSP stapling to the certificate that LeGo serves to clients
  connecting to it.

Fixed

• Fix auth session cleaning service. Timer had a bug that stopped it from
  running and also caused graceful shutdown to hang.

Removed

• Removed some unused dead code and vars.

LeGo CertHub v0.20.1

[v0.20.1] - 2024-03-01

Hotfix to prior version.

[v0.20.0] - 2024-02-29

This release breaks up the work being done to fulfill certificates and the
work that is done after they are fulfilled (post processing). This is done
to make it more clear what work is being done. It is also with an eye to
potential future functionality to allow canceling and rescheduling of jobs.
I have not yet decided what to do in that regard though.

It also adds an Extra Extensions option to certificates' CSRs. Certain ACME
Servers may support Extra Extensions on certificates and this allows the
user to specify desired extensions. There is a built-in button to add the
OCSP Must Staple extension. Note: Servers may or may not honor extensions
on the CSR and if they don't honor them, they may still continue and issue
a certificate without them. This is advanced functionality and your mileage
may vary. You should confirm what your ACME Server does and does not
support and verify that the resulting certificates that are produced
actually match your expectations.

Added

• Add separate post processing work queue to clearly separate this work
  from certificate order work.
• Add support for additional certificate extensions. There is also a
  button to add the OCSP Must Staple extension.
• Add help link to the CSR section of certificates.

Fixed

• Fix missing field in form field func in frontend code.
• Fix integer checking on frontend. Prevents things like page number 2.5
  from being interpreted as 2.

Changed

• Move SafeMap to its own package.
• Some minor code cleanup in a couple areas removing unused vars / code.
• Don't include blank CSR fields as part of the CSR. Reduces size of the
  CSR that is transmitted to the ACME Server.