Releases: icing/mod_md
Releases · icing/mod_md
mod_md v2.4.31
- Improved error reporting when waiting for ACME server to verify domains
or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names
and issue the certificate from 30 seconds to 5 minutes.
mod_md v2.4.30
- Changed a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL.
v2.4.29
v2.4.28
- When the server starts, it looks for new, staged certificates to activate. If
the staged set of files in 'md/staging/' is messed up, this could
prevent further renewals to happen. Now, when the staging set is present, but
could not be activated due to an error, purge the whole directory.
mod_md v2.4.27
- Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. Refs #265.
- Restore compatibility with OpenSSL < 1.1. [ylavic]
mod_md v2.4.26
- Using OCSP stapling information to trigger certificate renewals. Proposed
by Fraser Tweedale. - Added directive
MDCheckInterval
to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations". - OCSP stapling: accept OCSP responses without a
nextUpdate
entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale. - Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
mod_md v2.4.25
- Fix the reported "until" validity of a certificate in the status handler.
[Rainer Jung] - Fix possible NULL deref when logging the error that an authentication
resource could not be retrieved from the ACME server. Refs #324
mod_md v2.4.24
- Fixed passing of the server environment variables to programs started via
MDMessageCmd and MDChallengeDns01 on *nix system. See #319.
mod_md v2.4.23
- New directive
MDMatchNames all|servernames
to allow more control over how
MDomains are matched to VirtualHosts. - New directive
MDChallengeDns01Version
. Setting this to2
will provide
the command also with the challenge value onteardown
invocation. In version
1, the default, only thesetup
invocation gets this parameter.
Refs #312. Thanks to @domrim for the idea.
mod_md v2.4.22
- For Managed Domain in "manual" mode, the checks if all used ServerName and
ServerAlias are part of the MDomain now reports a warning instead of an error
(AH10040) when not all names are present.
This should resolve #301.