7ritn/VaulTLS v1.2.0

on GitHub

v1.2.0

ACME (@jordanruthe)

VaulTLS now can act as an Automatic Certificate Management Environment (ACME) CA, enabling the automatic issuance and revocation of TLS certificates using tools such as acme.sh. Features include:

• External Account Binding (EAB): Securely tie ACME registrations to your VaulTLS accounts.
• Domain Restrictions: Define "Allowed Domains" for each ACME account, supporting exact matches (example.com), single-level subdomains (*.example.com), and multi-level depth (**.example.com).
• Challenge Support: Supports both HTTP-01 and DNS-01 challenges, including support for wildcard certificates.
• Security & Control: Built-in rate limiting (default 20 orders/24h) and optional email notifications for every issued certificate.
• Flexible DNS Validation: Custom DNS resolver support (UDP, DoT, and DoH) for DNS-01 challenge verification.

How to get started:

1. Enable ACME by setting the environment variable VAULTLS_ACME_ENABLED=true (or via the Admin UI).
2. Create an ACME account in the new ACME tab to receive your EAB credentials.
3. Point your ACME client to https://<your-vaultls-instance>/api/acme/directory.

For detailed configuration examples for Traefik, acme.sh, and more, check out the ACME Documentation.

Web UI Translations (@jordanruthe)

VaulTLS is now available in Spanish! You can configure both the current as well as default language used by VaulTLS. If you think you can contribute, I would appreciate your PRs, every language is appreciated! While the French language is currently already selectable in the web UI there are no translations available yet.

Minor Changes

• It is now possible again to delete SSH certificates. Thanks for bringing this up @madkoin.
• The password field in the web UI now has a copy button and adjusted style. Thanks for your contribution @raspberrydev.

Dependency Updates

A lot of dependencies were again updated, so it is advisable to update to the latest version as soon as possible.