Skip to content

Releases: k-krew/triplec

Release list

v1.0.0

Choose a tag to compare

@github-actions github-actions released this 28 Jun 20:48

Changelog

  • acbaf7b Defined the YAML configuration structure for all three operational modes
  • 4c5f9ae Initial commit
  • c2f81dc bugfix: Client mode now correctly executes pre-hooks before writing updated certificates to disk
  • d1a0d94 bugfix: Fixed IPv6-only binding for embedded DNS, cleaned up solver logs, and fixed graceful shutdown during ACME operations
  • 10c5046 bugfix: Fixed Let's Encrypt validation failures caused by case-sensitive DNS lookups (DNS 0x20 encoding)
  • aec851a bugfix: Fixed an issue where the updater failed to find existing certificates
  • 3435a72 bugfix: Fixed client polling for wildcard certificates
  • 54b79a6 bugfix: Fixed execution of pre/post hooks containing spaces and quotes by routing them through the shell
  • baf2069 bugfix: Fixed potential deadlocks in hook execution, race conditions in file writes, and centralized configuration defaults
  • 81feb20 bugfix: Refactored DNS propagation logic to only apply local bypasses to the embedded provider
  • 6bf77b8 eat: Added randomized jitter to client polling intervals to prevent server spikes
  • e8b8113 eat: Clients can now fetch certificates securely via the REST API
  • 56791ad feat: Added strict configuration validation and API rate limiting for improved stability
  • 0dc4173 feat: Added support for zero-downtime configuration reloads via SIGHUP and a -t flag to test configuration validity
  • 6e75373 feat: Automated renewal loop implemented using config-driven intervals and per-certificate expiration thresholds
  • 56b6d74 feat: Basic HTTP server structure with Bearer token authentication
  • eb6cafc feat: Certificates are safely saved to disk and can trigger post-renewal bash hooks
  • 8c4256e feat: Client can poll the TripleC server for certificate updates using configured intervals, with support for self-signed server certificates
  • 132fd9e feat: Client correctly skips updates when local certificates are already current using byte comparison
  • 5bd31ef feat: Client mode is fully functional for air-gapped deployments
  • 61900f0 feat: Core ACME account registration and key management implemented
  • 92984a9 feat: Embedded DNS server implemented as primary challenge provider, alongside Cloudflare support
  • b5c412c feat: Improved server observability with HTTP request logging and structured JSON error responses
  • b694bab feat: Server mode is fully functional
  • 5f6523f feat: Server supports explicit TLS configuration for the REST API
  • f3d2cfa feat: Standalone mode is fully functional for local certificate management
  • 4566d22 feat: Structured logging implemented via slog, supporting text and JSON formats
  • 97cd675 mv repo from kreicer to k-krew
  • 75b6d46 perf: Server now serves certificates from an in-memory cache, eliminating disk I/O on every API request
  • e9d45bc polish: Sanitized wildcard domains
  • 8f37886 refactor: Grouped provider name and options into a single nested object
  • 6340ac8 refactor: Improved logging clarity by moving lego noise to debug level
  • f447f0d security: Hardened embedded DNS server against UDP flood