Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
This release vastly improves storage cleaning as well improving a few smaller things. There is a minor breaking change as we get ever closer to v1.0.
DecisionFunc
for On-Demand TLS now takes a context.Context
value as its first argument. The context carries the ClientHelloInfo
value (keyed by ClientHelloInfoCtxKey
) for logging purposes..home.arpa
is now considered an internal suffix.checkIfCertShouldBeObtained
returns an error by @ankon in https://github.com/caddyserver/certmagic/pull/256
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.19.2...v0.20.0
This release fixes a couple of bugs in on-demand TLS and also improves the context used during handshakes for cert operations. (Contexts assist with timeouts and cancellation.)
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.19.1...v0.19.2
A minor patch that fixes a race condition when NewAccountFunc changes the ACMEIssuer it is called on.
A new error value is also exposed: ErrNoOCSPServerSpecified
to help users determine whether stapling failed only because the certificate doesn't support OCSP.
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.19.0...v0.19.1
This release has a few (relatively minor) API changes and additions to enable substantial performance improvements for large certificate deployments; for example, large and busy servers can now update a certificate cache's settings without having to make a new cache. This enables certificates already decoded into memory to remain even after a config change downstream.
:warning: As we are still pre-1.0, there are some breaking API changes in this release. Please take note :smiley:
Config.Manage*()
methods are now (basically) a no-op if a managed certificate for the name(s) passed in is already present in the cache. It doesn't really make sense to reload the certificate from storage and decode it and replace it in the cache, because it is managed it will do that automatically when it gets renewed.Config.Unmanage()
since it does not actually rely on the config at all. Replaced with Cache.RemoveManaged()
. Removing a managed cert from the cache stops maintenance.Cache.Remove()
which removes a certificate from the cache given its hash.Cache.SetOptions()
to update a cache's config while active.Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.18.2...v0.19.0
This patch release actually has some notable new features but nothing that affects existing API surface:
ReusePrivateKeys
is set to true
) -- previously, they were reused by default.IssuerPolicy
field to configure how to choose from multiple issuers. By default, the first issuer that successfully provided a certificate is used. (This is unchanged.) Now, however, the issuers can be shuffled to implement basic load balancing before trying them in succession.cert_obtained
event info was fixed.(Skip v0.18.1, as it contains a bug caught by integration tests downstream.)
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.18.0...v0.18.2
This update brings several optimizations and improvements:
FallbackServerName
that is like DefaultServerName
, except this one applies even if a ServerName is specified in the handshakeGetCertificateWithContext
function by @ankon in https://github.com/caddyserver/certmagic/pull/225
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.17.2...v0.18.0
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.17.1...v0.17.2
This release changes the OnEvent
API in a slightly breaking way, so if you are using events, please check out the new doc: https://pkg.go.dev/github.com/caddyserver/certmagic#Config.OnEvent
The new API is more flexible and easier to use. We are also documenting the events in our README.
Some bug fixes and improved logging. Minimum version is now Go 1.18.
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.16.2...v0.17.1
This release primarily improves DNS challenges, making them more efficient and correct (mostly edge cases).
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.16.1...v0.16.2
Minor enhancement allowing customization of the propagation delay/timeout for DNS challenge.
Full Changelog: https://github.com/caddyserver/certmagic/compare/v0.16.0...v0.16.1