This is a beta release. For a more mature version, use the v2.0.x release line. This release is for Apache httpd 2.4.41 or later.
The main new feature in 2.1 vs. 2.0 is the introduction of the new OCSP Stapling implementation. You can use this for all your certificates, only your Let's Encrpyt certificates or just enable it on a specific MDomain. See the sections in the README.md for a description.
- New directives "MDStapling on|off"
- New directive "MDStaplingRenewWindow" to configure when OCSP response should be renewed.
- New directive "MDStaplingKeepResponse" for controlling how long OCSP responses are
kept in the store and older ones get removed at start up. - "server-status" page now carries a new table of all OCSP stapling certificates managed
by mod_md stapling. Shifted ocsp related information in JSON "md-status" around a bit. - "md-status" handler now also adds OCSP stapling logs to the JSON output.
- MDMessageCmd is now also invoked for stapling with reasons 'ocsp-renewed' and 'ocsp-errored'.
- backoff timing for failed ocsp retrieval attempts. specific ocsp update will be
delayed accordingly. - new directive 'MDCertificateMonitor' to allow configuration of the check HTML links rendered
in the server-status page. - toning down some INFO level logging to DEBUG or lower.
- server-status timestamps now in a better readable format. Some columns have been merged.
- Much more verbose data logging when OCSP responses could not be parsed.
- Fixed a bug with suppressing "Expect" header sending.
- Fixed a bug where notifications about an expiring certificate were sent out too often.
- Converted pytest suite from python2 to python3. "make test" now calls "python3 -m pytest".
- Errors reports by an ACME CA may include "subproblems", where several causes may be reported.
These are now part of the md-status reporting and also logged. Test cases added.