- Fixed an integer overrun for renewal window configuration on 32bit systems that caused
renewal windows to drop to 0, e.g. renewal when expired. This only happened when
MDRenewWindow was explicitly configured. - JSON format of /.httpd/certificate-status slightly altered. See README.md for details.
- ACME errors and problems in challenge selection that point to configuration mistakes
are now visible in the md-status handler. - Testsuite cleanup and use of new md-status handler to verify progress.
- IMPORTANT: upgrade behaviour changed. MDs that have not
MDCertificateAuthority
configured
explicitly all get the new ACMEv2 default endpoint of Let's Encrypt. See README.md chapter
about upgrading for the background of this. - Added chapter about the upcoming end-of-life changes for ACMEv1 at LetsEncrypt.
- Extracting certificate transparency SCT (the signature from CT logs) from a staged
certificate and displaying these on /.httpd/certificate-status. A monitoring client
may use this to verify the signatures against the CT logs, even though the log may not
yet show the certificate (maximum merge delay seems to be at 24 hours on most logs).