github polymind-inc/acmebot v5.1.0
on GitHub

6 hours ago

🚀 Upgrade

Update your existing Acmebot deployment using the Azure deployment template:

Deploy to Azure

Important

The update process modifies Azure resources in-place.

Please back up your Function App configuration before updating production environments.

⚠️ Breaking Changes

A DNS provider is now required for every certificate request (#1136)

Acmebot no longer infers the DNS provider automatically. The dnsProviderName field must be specified explicitly for every certificate request through the dashboard, CLI, and API.

  • API — requests that omit dnsProviderName are now rejected by validation.
  • CLI — the DNS provider name must be passed explicitly when issuing a certificate.
  • Dashboard — a DNS provider must be selected in the Add Certificate dialog.

Existing certificates already record their DNS provider, so automatic renewals are not affected. However, any external automation (scripts, CI pipelines, custom API/CLI callers) that relied on automatic DNS provider inference must be updated to pass dnsProviderName explicitly before upgrading.

The certificate renewal process has been overhauled (#1126, #1160)

Automatic renewal has moved from a single daily batch pass to a per-certificate, state-driven scheduler built on Durable Functions. The daily RenewCertificates timer no longer renews certificates directly — it now starts or refreshes one independent scheduler per certificate, and each scheduler manages its own check/renew/retry lifecycle.

Key behavioral changes:

  • ACME Renewal Information (ARI) aware — when the CA provides renewal information, Acmebot follows its suggestedWindow (picking a random time inside the window) and honors Retry-After. When ARI is unavailable, it falls back to Acmebot__RenewBeforeExpiry as before.
  • Per-certificate retry — a failed renewal now puts that certificate's scheduler into a Retrying state and re-checks after 6 hours, instead of waiting for the next daily batch.
  • Schedulers stop immediately when a certificate is deleted or disabled.
  • The previous global renewal jitter has been removed — load is now distributed via the per-certificate randomized window instead.
  • New /api/renewals endpoint exposes each certificate's scheduler state (Checking / Scheduled / Renewing / Retrying / Stopped) and next check time.

Acmebot__RenewBeforeExpiry continues to work as the fallback threshold, so no configuration changes are required. Renewal timing for individual certificates may differ from previous versions because ARI-driven scheduling now takes precedence when available. See the Operations guide for details.

What's Changed

New Features

  • Implement certificate renewal scheduler and enhance validation logic by @shibayan in #1126
  • Show key reuse and refactor metadata handling by @shibayan in #1134
  • Simplify DNS zone loading and error handling by @shibayan in #1135
  • Require DNS provider for certificate requests by @shibayan in #1136
  • Add support for delegated DNS-01 validation mode by @shibayan in #1138
  • Extract advanced certificate options into component by @shibayan in #1142
  • Rename CI workflow file and update its name to match the purpose by @shibayan in #1154
  • Refactor CI workflows: streamline job definitions by @shibayan in #1163
  • Refactor certificate renewal logic and introduce new models by @shibayan in #1160
  • Add per-certificate ACME profile support by @shibayan in #1155

Bug Fixes

  • Fix ACME nonce reuse, signer thread-safety, and state durability by @shibayan in #1139
  • Fix auth check to fail closed when User.Identity is null by @shibayan in #1148
  • Fix selector specificity for empty table SVG color by @shibayan in #1150
  • Preserve cert order and reverse chain for merge by @shibayan in #1141
  • Fix ArgumentNullException in Route53Provider.DeleteTxtRecordAsync when no TXT record exists by @shibayan with @Copilot in #1158

Documentation

  • Bump dependencies in docs/package-lock.json by @shibayan in #1137
  • Clarify renewal behavior, auth roles, and UI sort by @shibayan in #1140
  • Update URL for asking questions in issue template by @shibayan in #1147
  • Enhance documentation and integration details for Azure services by @shibayan in #1149

Dependency Updates

  • Bump actions/checkout from 6.0.3 to 7.0.0 in the github-actions group by @dependabot[bot] in #1143
  • Bump @types/node from 25.9.3 to 25.9.4 in /src/Acmebot.App/ClientApp in the client-app group by @dependabot[bot] in #1144
  • Bump the nuget group with 4 updates by @dependabot[bot] in #1145
  • Bump reka-ui from 2.9.10 to 2.10.0 in /src/Acmebot.App/ClientApp in the client-app group by @dependabot[bot] in #1151
  • Update devDependencies in package.json by @shibayan in #1161
  • Bump the github-actions group with 2 updates by @dependabot[bot] in #1165
  • Bump the client-app group in /src/Acmebot.App/ClientApp with 2 updates by @dependabot[bot] in #1166
  • Bump the nuget group with 6 updates by @dependabot[bot] in #1167

Other Changes

  • Fix Acmebot:Endpoint migration: document /directory requirement by @shibayan with @Copilot in #1159
  • Stop renewal scheduler immediately when certificate is deleted by @shibayan in #1164

Full Changelog: v5.0.4...v5.1.0

Check out latest releases or
releases around polymind-inc/acmebot v5.1.0

Don't miss a new acmebot release

NewReleases is sending notifications on new releases.

Get notifications