Mod Md Versions Save

Let's Encrypt (ACME) in Apache httpd

v2.4.26

4 months ago
  • Using OCSP stapling information to trigger certificate renewals. Proposed by Fraser Tweedale.
  • Added directive MDCheckInterval to control how often the server checks for detected revocations. Added proposals for configurations in the README.md chapter "Revocations".
  • OCSP stapling: accept OCSP responses without a nextUpdate entry which is allowed in RFC 6960. Treat those as having an update interval of 12 hours. Added by @frasertweedale.
  • Adapt OpenSSL usage to changes in their API. By Yann Ylavic.

v2.4.25

6 months ago
  • Fix the reported "until" validity of a certificate in the status handler. [Rainer Jung]
  • Fix possible NULL deref when logging the error that an authentication resource could not be retrieved from the ACME server. Refs #324

v2.4.24

9 months ago
  • Fixed passing of the server environment variables to programs started via MDMessageCmd and MDChallengeDns01 on *nix system. See #319.

v2.4.23

10 months ago
  • New directive MDMatchNames all|servernames to allow more control over how MDomains are matched to VirtualHosts.
  • New directive MDChallengeDns01Version. Setting this to 2 will provide the command also with the challenge value on teardown invocation. In version 1, the default, only the setup invocation gets this parameter. Refs #312. Thanks to @domrim for the idea.

v2.4.22

10 months ago
  • For Managed Domain in "manual" mode, the checks if all used ServerName and ServerAlias are part of the MDomain now reports a warning instead of an error (AH10040) when not all names are present. This should resolve #301.

v2.4.21

1 year ago
  • MDChallengeDns01 can now be configured for individual domains. Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working
  • Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge teardown not being invoked as it should.

v2.4.20

1 year ago
  • Enabling ED25519 support and certificate transparency information when building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.

v2.4.19

1 year ago
  • restored curl_easy cleanup behaviour from v2.4.14 and refactored the use of curl_multi for OCSP requests to work with that. Fixes #293.

v2.4.18

1 year ago
  • New directive MDStoreLocks that can be used on cluster setups with a shared file system for MDStoreDir to order activation of renewed certificates when several cluster nodes are restarted at the same time. Store locks are not enabled by default.

v2.4.17

1 year ago
  • A bug was fixed that caused very large MDomains with the combined DNS names exceeding ~7k to fail, as request bodies would contain partially wrong data from uninitialized memory. This would have appeared as failure in signing-up/renewing such configurations. This was reported by Ronald Crane (Zippenhop LLC).