This patch release actually has some notable new features but nothing that affects existing API surface:
- New private keys are generated for every renewal (unless the new config property
ReusePrivateKeysis set totrue) -- previously, they were reused by default. - New
IssuerPolicyfield to configure how to choose from multiple issuers. By default, the first issuer that successfully provided a certificate is used. (This is unchanged.) Now, however, the issuers can be shuffled to implement basic load balancing before trying them in succession. - File storage locking mechanism is now more robust against short-lived locks in slow storage.
- The
cert_obtainedevent info was fixed.
(Skip v0.18.1, as it contains a bug caught by integration tests downstream.)
What's Changed
- Generate new private keys for new certificates by @mholt in #237
- Issuer policies that can randomize issuer used by @mholt in #238
Full Changelog: v0.18.0...v0.18.2