Releases: gregtwallace/certwarden
Cert Warden v0.21.6
[v0.21.6] - 2024-07-02
Minor updates and fixes.
Added
N/A
Fixed
- Fix percentage formatting in
dns_checker
debug messages. - Fix key pem formatting. In rare cases, an extra blank line was added
incorrectly. - Update a few dependencies to address Dependabot alerts.
- Fix backend mod file to properly set Go
1.22.4
.
Changed
- The key pem formatting function was tweaked for code clarity and is
likely a little more robust now as a result. - Update Node JS to 18.20.3.
- Update Alpine to 3.20.
Removed
N/A
Note: v0.21.5 was removed due to issues with Go 1.22.5.
Cert Warden v0.21.4
[v0.21.4] - 2024-06-13
Minor updates and fixes.
If you are coming from <0.21.0, please read the warnings on 0.21.0.
Added
- Add better async order fulfillment. This was already supported but
the additional changes make it more robust. If you have the
debug
log level set you will see more API calls to the remote
ACME server. - Add more robust checking of downloaded certificate chains. Also
lay the groundwork for preferred chain selection in a future
version. Add some additional log messages related to this.
Fixed
- Fix linux install script and service files.
Changed
- Update some log messages for clarity.
- Update to Go 1.22.4.
- Minor code cleanup for var type and name clarity.
- Change some usage of ToLower to EqualFold instead as a better
coding practice. - Update
braces
pkg.
Removed
N/A
Cert Warden v0.21.3
[v0.21.3] - 2024-05-17
Minor updates and fixes.
If you are coming from <0.21.0, please read the warnings on 0.21.0.
Added
N/A
Fixed
- Fix default certname. The app was looking for
certwarden
instead
ofserverdefault
. - Fix various issues in dependencies.
Changed
- Update to Go 1.22.3.
- Update all dependencies (backend and frontend).
Removed
N/A
Cert Warden v0.21.2
[v0.21.2] - 2024-05-07
Minor updates and fixes.
If you are coming from <0.21.0, please read the warnings on 0.21.0.
Added
- Always show Account URL. Some ACME providers (like Let's Encrypt)
allow CAA records that specify specific account(s) that are allowed
to issue certificates. Make the account URL always visible to make
it easier to generate such records. - Add refresh Account button on the edit account page. The button
queries the ACME server for the current state of the account and
saves it to Cert Warden. - Add debug log message that lists which dns servers dns_checker is
configured to use.
Fixed
- Update net package to address a dependabot alert re: http/2.
- Fix some file downloads having duplicate extension in the name of
the file (e.g..pem.pem
). - Fix retry after badNonce error for some ACME servers. (This is not
a Cert Warden bug. Some ACME servers apparently don't follow the
spec for how to handle badNonce. This fix allows Cert Warden to
handle these non-compliant servers. Cert Warden will log a warning
when this happens and the issue should be reported to the maintainer
of the non-compliant server.) - Fix some error messages printing in a garbled format.
Changed
- Minor API path rename for account registration.
- Minor styling changes in nonce manager.
Removed
N/A
Cert Warden v0.21.1
[v0.21.1] - 2024-04-19
Minor updates and fixes.
If you are coming from <0.21.0, please read the warnings on 0.21.0.
Added
- Add ability to use = (equal sign) in environment param values.
Fixed
- Fix environment param name and value checking. Be more strict about
what is allowed in a param name. Make the frontend logic match the
backend logic exactly. - Fix environment params slice not properly stripping quotes.
- Fix time parsing of old backup file names. (If you saw a bunch of
warn
messages in your logs about backups and times, this is the
fix.)
Changed
N/A
Removed
N/A
Cert Warden v0.21.0
[v0.21.0] - 2024-04-15
LeGo CertHub has changed to Cert Warden! This was done to avoid confusion
due to name overlap with another project. As part of this transition, a
number of things changed. I made efforts to make this upgrade cause
little to no pain, but there are changes that could trip you up.
Caution
You should not perform this updated in an unattended fashion. Something
might break and you may need to make tweaks. If you have problems,
please open an issue or post on the forum.
Compatibility Notes:
- Names of binaries, install, and upgrade scripts have changed. This includes
the default paths and user name. If you're using a build outside of docker,
you may need to update your local service to match the new file names.
Review the changes in
https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/install.sh
https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/upgrade.sh
and
https://github.com/gregtwallace/certwarden-backend/blob/master/scripts/linux/legocerthub.service - The Cert Warden Client route was changed. The server will attempt to
post to the old route if the new route 404'd. - The sqlite db was renamed to
appdata.db
. The old file should be
automatically renamed on first start. - The default certificate name this app uses has changed from
legocerthub
toserverdefault
. The db version will be updated on first start and if
one namedlegocerthub
exists, it will be renamed toserverdefault
. - The basepath for the app and api changed from
/legocerthub
to
/certwarden
. Redirects are in place (for now) but you should update
clients ASAP. A warning will be logged on the server any time a legacy
path is accessed. The warning includes the IP of the client so you
can go fix it. - Log and backup filename prefixes were changed but the old files should
still be accessible and viewable as if they had the new 'correct' name.
Most of the backwards compatibility bandages will be removed in a later
version. Please update clients asap to avoid future issues.
Added
N/A
Fixed
N/A
Changed
- Update to Vite 5 and use the new CSP injection feature (instead of the
custom implementation previously used). - Update to Go 1.22.1 and Node 18.20.2.
- Update a number of other dependencies.
- DB schema version changed from 5 to 6. The schema didn't actually change
but this was done to help with the name change migration.
Removed
N/A
LeGo CertHub v0.20.4
[v0.20.4] - 2024-03-25
Minor updates and fixes.
I plan to rename this project. Please let me know if you have any ideas!
See: https://community.letsencrypt.org/t/new-client-lego-certhub/215010
Added
- Add basic validation to frontend when editing envrionment variables, as
well as an error message specifying the correct format.
Fixed
- Fix email validation on frontend (thanks @oliverl-21).
Changed
- Overhaul environment variables for providers and certificates. These can
now have quotes around the name, value, both, or neither and still work
correctly. This was done as this format is common to other tools when
setting these. - Certain fields are no longer redacted when outputted (e.g. API Keys).
They are still redacted in the logs though. - The go-acme provider will now use the system default DNS server(s)
instead of Google (if they can be determined, which they should be on all
OSes). - Update go jose, protobuf, and do go mod tidy.
- Update axios and follow-redirects.
- Update some func names on backend pem output. This is in preparation to
add output in other formats (e.g., pfx). - Update frontend copyright notice to 2024.
Removed
- Removed provider config preview when viewing the page that shows all
providers. Edit a provider to see the full config.
LeGo CertHub v0.20.3
[v0.20.3] - 2024-03-06
Update to Go 1.22.1, which includes some security fixes.
LeGo CertHub v0.20.2
[v0.20.2] - 2024-03-05
Minor release that adds OCSP stapling and fixes a graceful shutdown bug.
Added
- Add OCSP stapling to the certificate that LeGo serves to clients
connecting to it.
Fixed
- Fix auth session cleaning service. Timer had a bug that stopped it from
running and also caused graceful shutdown to hang.
Removed
- Removed some unused dead code and vars.
LeGo CertHub v0.20.1
[v0.20.1] - 2024-03-01
Hotfix to prior version.
[v0.20.0] - 2024-02-29
This release breaks up the work being done to fulfill certificates and the
work that is done after they are fulfilled (post processing). This is done
to make it more clear what work is being done. It is also with an eye to
potential future functionality to allow canceling and rescheduling of jobs.
I have not yet decided what to do in that regard though.
It also adds an Extra Extensions option to certificates' CSRs. Certain ACME
Servers may support Extra Extensions on certificates and this allows the
user to specify desired extensions. There is a built-in button to add the
OCSP Must Staple extension. Note: Servers may or may not honor extensions
on the CSR and if they don't honor them, they may still continue and issue
a certificate without them. This is advanced functionality and your mileage
may vary. You should confirm what your ACME Server does and does not
support and verify that the resulting certificates that are produced
actually match your expectations.
Added
- Add separate post processing work queue to clearly separate this work
from certificate order work. - Add support for additional certificate extensions. There is also a
button to add the OCSP Must Staple extension. - Add help link to the CSR section of certificates.
Fixed
- Fix missing field in form field func in frontend code.
- Fix integer checking on frontend. Prevents things like page number
2.5
from being interpreted as2
.
Changed
- Move SafeMap to its own package.
- Some minor code cleanup in a couple areas removing unused vars / code.
- Don't include blank CSR fields as part of the CSR. Reduces size of the
CSR that is transmitted to the ACME Server.