github fabriziosalmi/certmate v2.4.3
v2.4.3 — issue triage (closes #125, #113, #121, #117)
on GitHub

latest releases: v2.4.7, v2.4.6, v2.4.5...
7 hours ago

Patch release closing four open issues with code/docs and triaging five more.

Bug fixes

  • #125 Cross-origin deployment status checks blocked by CSP (8064ad1) — connect-src was 'self', so the per-cert deployment check (which fetches the monitored domain to verify the cert is the one being served) was a no-op for any cert that didn't match the server URL. Relaxed to 'self' https: wss: — narrower than the reporter's suggested * (still excludes data:/blob:/file:/ftp:) while unblocking the actual use case. Reported by @rob-infoglobe.
  • #113 Azure DNS: ambiguous option: --dns-azure (8064ad1) — certbot-dns-azure registers --dns-azure-credentials, --dns-azure-propagation-seconds, and --dns-azure-config. Passing the bare --dns-azure flag as the authenticator selector hits argparse's ambiguity check. AzureStrategy now overrides configure_certbot_arguments to use the explicit --authenticator dns-azure form, mirroring PowerDNSStrategy. Reported by @jensaops.
  • #121 Docker setup half-succeeds when host dirs aren't writable (2890cb2) — setup_directories used to swallow the OSError, fall back to tempdirs, and let the wizard run with broken state. It now probes each of certificates/, data/, backups/, logs/ with a write+unlink test at boot and raises RuntimeError listing the failed paths, including the hint that the container runs as UID/GID 1000:1000. Reported by @ITJamie.

Documentation

  • #117 Deploy hooks docs (0d06941) — new docs/deploy-hooks.md covering hook schema, UI vs API config, the CERTMATE_* environment variables, manual triggering paths, the v2.4.0 security model (blocked patterns + sensitive-file denylist), common recipes (nginx reload, Slack, scp+ssh wrapper), and the audit/history/debug paths.

Triaged (commented on issue, not yet fixed)

  • #114 Missing API routes — 4 of 5 frontend-referenced routes (/api/notifications/config, /api/notifications/test, /api/digest/send, /api/webhooks/deliveries) return 404. Backend logic exists, just not surfaced. Audit posted, fix scoped for v2.4.4.
  • #112 Route53 + credentials-file DNS providers fail on renewalrenew_certificate skips both prepare_environment and the credentials-file recreate path. Diagnosed jointly by @jplandry908 and @jensaops. Fix scoped for v2.4.4.
  • #115 Webhook validator + script-editor request — the bug part was already fixed in v2.4.1 (verified). The feature request (GUI script CRUD on host) deferred on threat-model grounds.
  • #124 Domain alias mode — tracked via PR #122 from @ITJamie. Will review and merge in v2.4.4 → v2.5.0 timeframe.
  • #116 Akamai DNS — closed as not-a-bug (supported as the edgedns provider, UI label "Akamai Edge DNS"). Discoverability could improve in a future PR.

Full diff: v2.4.2...v2.4.3

Check out latest releases or
releases around fabriziosalmi/certmate v2.4.3

Don't miss a new certmate release

NewReleases is sending notifications on new releases.

Get notifications