Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
- When you move the last domain name from an MD to another one, that now empty MD gets moved
to the store archive. The JSON file will still show the last domain, in case you want
to ressurect after a (human) configuration error. Fixes PR 62572
- Using libressl new integration of openssl API functions when available.
- making some timed wait in test_0700 more robust
- adding test cases for accessing a variety of paths for http-01 challenges to confirm
proper http responses (see #92). Reworked handler to fix edge cases discovered.
- adapted test cases for new ACME boulder versions that shifted ACMEv1 to another port
- adapted test case domain from the now forbidden example.org to not-forbidden.org
- less confusing logging when MDNotifyCmd returns a failure exit code
- MDNotifyCmd can be configured with arguments to which the managed domain
names are appended on invocation
- added more test cases for MDNotifyCmd use
- fixes error in renew window calculation that may lead to mod_md running
watchdog in a tight loop until actual renewal becomes necessary.
- /.well-known/acme-challenge requests that cannot be answered for hostnames
outside the configured MDs are free to be answered by other handlers. This allows
co-existance between mod_md and other ACME clients on the same server (implements PR62189).
Suggested by Arkadiusz Miskiewicz firstname.lastname@example.org.
- Removed bould check from configure. Not everone building the module needs it installed.
- Tests with boulder now need a mater revision >= 2018-01-10 or you will see failures in the
- Updated with log format fixes and copyright ASF insistence from apache httpd trunk
- new configuration directive "MDBaseServer on|off" to allow/inhibit management of the base
server domains outside VirtualHosts. By default, this is "off", e.g. mod_md will not manage
certificates or perform https: redirections on the base server. This follows the
principle of least surprise.
- Fixed gcc warnings.
- MDMustStaple was unable to create the necessary OpenSSL OBJ identifier on some platforms,
possibly because this fails if the OID is already configured in
- Two memory leaks in cert issuer and alt-names lookup eliminated by Yann Ylavic.
- Changing MDMustStaple triggers certificate renewal.