github fabriziosalmi/certmate v1.8.0
on GitHub

latest release: v1.8.2
8 hours ago

What's Changed

v1.8.0 resolves all five open bug reports (#55, #56, #57, #59, #61), upgrades the CI and Docker infrastructure, and ships documentation and security improvements.

Bug Fixes

#57/health always returned version 1.2.1
Centralized the application version in a single __version__ variable in app.py. The /health endpoint, Swagger API info, and Prometheus metrics all read from this source. Two regression tests verify the health response includes the correct version string.

#56unexpected keyword argument 'san_domains'
The build_certbot_command() method in ca_manager.py was missing the san_domains parameter. Added the parameter with proper -d flag generation for each SAN domain. Return type updated to tuple(cmd, env) to support private CA environment variables. Five regression tests cover the full call chain from web handler through certificate manager to certbot command generation.

#61 — Local authentication broken
The /help route was missing the @require_web_auth decorator, allowing unauthenticated access. Added authentication to /help and added a logout button to all four page templates (index, settings, help, client-certificates). The button auto-hides when local auth is disabled by checking /api/auth/me on page load. Five regression tests verify auth enforcement and logout functionality.

#59 — Cloudflare accounts not displayed in settings
The loadDNSProviders() JavaScript function did not recognize the canonical { accounts: { id: { name, ... } } } format that the backend writes to settings.json. Added a config.accounts check as the first detection branch, before the legacy flat-format fallback. Five regression tests verify the template handles the canonical format correctly.

#55 — API documentation and implementation differ

  • /{domain}/tls now returns a ZIP archive containing all certificate components (was returning only fullchain.pem)
  • Added /{domain}/tls/{component} endpoints for individual file downloads (cert, key, chain, fullchain)
  • Added /redoc/ route serving a standalone ReDoc UI backed by /api/swagger.json
  • Updated the help page with corrected documentation and cURL examples
  • Eight regression tests cover ZIP responses, individual component downloads, 404/400 error handling, and ReDoc rendering

Infrastructure

CI pipeline

  • Test matrix updated from Python 3.9/3.11/3.12 to 3.12 and 3.14
  • Bandit security scan scoped to production code only (modules/ and app.py); test files excluded from security analysis
  • Added # nosec B104 annotations to seven intentional 0.0.0.0 bindings (server bind, argparse default, rate-limit IP fallback, log messages)
  • Fixed coverage upload and Docker build step conditions (were gated on Python 3.11, which was removed from the matrix)

Docker

  • Base image updated from python:3.11-slim to python:3.12-slim
  • Added Acquire::Retries=3 to apt-get install commands to handle transient Debian CDN mirror failures

Other Changes

  • Transparent background for the CertMate logo across all templates and favicon
  • Consolidated 17 root-level documentation files into organized /docs/ directory structure
  • Fixed datetime.utcnow() deprecation warnings in private_ca.py (8 occurrences updated to timezone-aware datetime.now(timezone.utc))
  • Added conftest.py for proper e2e test exclusion via pytest markers
  • Resolved all pytest warnings (clean output: 54 passed, 1 skipped, 0 warnings)

Test Coverage

54 unit and integration tests passing across Python 3.12 and 3.14. New test files added in this release:

  • test_health_version.py (2 tests)
  • test_san_domains.py (5 tests)
  • test_auth_protection.py (5 tests)
  • test_dns_accounts_display.py (5 tests)
  • test_api_docs.py (8 tests)

Full Changelog: v1.7.2...v1.8.0

Check out latest releases or
releases around fabriziosalmi/certmate v1.8.0

Don't miss a new certmate release

NewReleases is sending notifications on new releases.

Get notifications