Java client for ACME (Let's Encrypt)
ENGLISH
locale for uppercase/lowercase conversion (fixes #156, thanks to @emirhannaneli)This is a bugfix release. Update is only necessary if your system's default locale is set to Turkish.
acme://ssl.com
URI for SSL.com. (Thanks to @fergadis, @ifindthanh, @thanhsmvn for the contribution.)acme://zerossl.com
protocol provider for ZeroSSL.AcmeRetryAfterException
is not necessary anymore.No changes to your source code are required, unless you are using ARI.
Please read the Migration Guide for further information and caveats.
ZeroSSL makes use of EAB and the Retry-After
header. The example has been changed accordingly. It now shows how to do EAB and how to properly handle the Retry-After
header.
This is a maintenance release with updated dependencies. There are no changes to acme4j itself.
Bouncy Castle is updated to version 1.77, which fixes a vulnerability (CVE-2023-33201). acme4j-client
was not affected by this CVE, as the X509 certificates from the CA are only passed through. acme4j-smime
however is validating certificates, so it could have been affected. If you use the acme4j-smime
module, I recommend to update to this release.
Fixes #142.
AccountBuilder.withMacAlgorithm()
) and usage of HMAC keys of arbitrary length. Thanks to @aarcloudera and @Radranic.@draft
. As the draft evolves, they can change without prior notice. SemVer does not apply to parts that are marked as @draft
. This is a preparation for draft-ietf-acme-ari-02, which will introduce major and breaking changes.In the future, I will generally handle all draft implementations like that, as I don't want to do a major version bump of acme4j for every breaking change in a draft.
This is a major update!
Still the migration to v3.0.0 should be easy for most of you. See the migration guide for further information.
acme4j-utils
module has been merged into acme4j-client
. You can just remove the dependency on acme4j-utils
from your project. This also means that BouncyCastle is now a hard requirement for acm4j. The separation of acme4j-client
and acme4j-utils
has become a blocker for new features though, so this step had to be taken.Certificate.findCertificate(String issuer)
helps to find a certificate from the given issuer.null
values where possible. Methods that could have returned null
in v2, will now return an Optional
(or throw an exception if more appropriate). Collections may be empty, but are never null
.PebbleAcmeProvider
now accepts a port without having to set a host. Thanks to @mloesch for the contribution!Order.execute(KeyPair)
method takes care for creating a CSR for you. You won't need to do that anymore. See the acme4j-example
for how it works.AcmeNotSupportedException
is thrown when the ACME server does not support a certain feature.gzip
compression. It can be turned off in the NetworkSettings
or via org.shredzone.acme4j.gzip_compression
system property.java.net.http
client now.The change to v3.0.0 has been blocking acme4j for much too long. I am happy that it is published now, and I can focus on adding new features again.
EmailProcessor.smimeMessage()
is now deprecated, see the migration guide. It only affects the acme4j-smime module and is quickly resolved.Note that the S/MIME module is still experimental. I appreciate your feedback!
There is an official acme4j Mastodon feed for release announcements and other acme4j related stuff: @[email protected]. Thanks to foojay for providing the instance.
Note that the S/MIME module is still experimental. I appreciate your feedback!
Next I am planning an acme4j v3.0.0 release with the following major changes:
acme4j v2 will still be maintained for a while, but will only experience security updates.
For the upcoming v3.0.0, I also appreciate your input and feedback. Thank you!
CSRBuilder
and SMIMECSRBuilder
have a new method addValue()
that allow to set further non-standard CSR attributes. Thanks to @kimmerin for the contribution!Dns01Challenge.toRRName()
helps building the DNS resource record name for the TXT record needed for domain name validation.After a much too long time, there's a new release of acme4j!
Login.bindChallenge(URL, Class)
helps binding to a challenge of a known typeAbout the new S/MIME support, please note that the implementation is experimental, and has only been unit tested against the RFC so far. Your feedback is welcome.
Also note that Let's Encrypt does not issue S/MIME certificates (discussion see here).