Skip to content

Releases: caddyserver/certmagic

v0.13.0

01 Apr 18:43
@mholt mholt
v0.13.0
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
14b314f
This commit was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.13.0

Version 0.13 collects about 6 months of improvements to CertMagic. Along with a number of bug fixes, this release:

  • Improves performance and logic related to certificate management at scale and On-Demand TLS
  • Adds support for alternate chain preferences
  • Supports multiple issuers (including automatic fallback for redundancy)
  • Adds Config.Unmanage()
  • Adds Config.ClientCredentials() (useful for client certificates!)
  • Makes OCSP stapling configurable
  • Enhances ACME account lookup/storage/management
  • ⚠️ This release conforms to a recent change in libdns convention regarding DNS names passed to providers when solving the ACME DNS challenge. Some DNS providers may need to be updated to support this if they were not already.
Assets 2

v0.12.0

17 Sep 18:36
@mholt mholt
v0.12.0
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
81657a2
This commit was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.12.0

v0.12.0 is a major upgrade that significantly lightens the code base and makes ACME operations more efficient and reliable. We now have full control of our ACME stack, which was completely rewritten: we now use ACMEz instead of lego as our underlying ACME library, with some API changes. Please see the latest godoc for details.

Assets 2

v0.10.0

07 Mar 05:53
@mholt mholt
v0.10.0
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
b9edcb8
This commit was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.0

This tag has some significant changes to the exported API and the default certificate storage location.

  • I've separated ACME-specific configuration from the main Config struct. Please see the godoc to see the latest Config definition, and get familiar with the ACMEManager type.

  • The refactoring of the configuration makes CertMagic much more compatible with non-ACME issuers/managers.

  • Certificates are now stored in <storage base>/certificates/<issuer_key>, where the <issuer_key> is derived from the CA URL like before, but now includes the path portion as well. This structure allows for greater versatility in the future.

  • The DecisionFunc is now invoked for on-demand TLS renewals (before, it was only queried for initial obtain).

  • The import path has changed! It's now github.com/caddyserver/certmagic. More on that later.

  • Huge benefits with these changes! CertMagic can work with certificate lifetimes down to less than an hour. It works well with non-ACME certificate sources, it is much more resilient to errors, is more efficient at the scale of hundreds of thousands of certificates, and we've improved distributed locks with active locking in case processes get killed forcefully! You'll love these improvements in production.

Sorry for the breaking changes. It's for the better, I promise! This year I hope to tag a stable 1.0.

Assets 2