Skip to content

@icing icing released this Jun 6, 2019 · 43 commits to master since this release

  • Fixed an integer overrun for renewal window configuration on 32bit systems that caused
    renewal windows to drop to 0, e.g. renewal when expired. This only happened when
    MDRenewWindow was explicitly configured.
  • JSON format of /.httpd/certificate-status slightly altered. See for details.
  • ACME errors and problems in challenge selection that point to configuration mistakes
    are now visible in the md-status handler.
  • Testsuite cleanup and use of new md-status handler to verify progress.
  • IMPORTANT: upgrade behaviour changed. MDs that have not MDCertificateAuthority configured
    explicitly all get the new ACMEv2 default endpoint of Let's Encrypt. See chapter
    about upgrading for the background of this.
  • Added chapter about the upcoming end-of-life changes for ACMEv1 at LetsEncrypt.
  • Extracting certificate transparency SCT (the signature from CT logs) from a staged
    certificate and displaying these on /.httpd/certificate-status. A monitoring client
    may use this to verify the signatures against the CT logs, even though the log may not
    yet show the certificate (maximum merge delay seems to be at 24 hours on most logs).
Assets 3
You can’t perform that action at this time.