This tag has some significant changes to the exported API and the default certificate storage location.
-
I've separated ACME-specific configuration from the main
Config
struct. Please see the godoc to see the latestConfig
definition, and get familiar with theACMEManager
type. -
The refactoring of the configuration makes CertMagic much more compatible with non-ACME issuers/managers.
-
Certificates are now stored in
<storage base>/certificates/<issuer_key>
, where the<issuer_key>
is derived from the CA URL like before, but now includes the path portion as well. This structure allows for greater versatility in the future. -
The DecisionFunc is now invoked for on-demand TLS renewals (before, it was only queried for initial obtain).
-
The import path has changed! It's now
github.com/caddyserver/certmagic
. More on that later. -
Huge benefits with these changes! CertMagic can work with certificate lifetimes down to less than an hour. It works well with non-ACME certificate sources, it is much more resilient to errors, is more efficient at the scale of hundreds of thousands of certificates, and we've improved distributed locks with active locking in case processes get killed forcefully! You'll love these improvements in production.
Sorry for the breaking changes. It's for the better, I promise! This year I hope to tag a stable 1.0.