github win-acme/win-acme v1.9.8.0
on GitHub

latest releases: v2.2.9.1680, v2.2.8.1635, v2.2.7.1621...
6 years ago

This release represents the third and final phase of re-architecting the program from monolithic plugins into smaller components which can be mixed and matched. Where v1.9.7.x dipped a toe into dependency injection, v1.9.8.x has gone all-in and opens the path for more maintainability, extensibility and testability. That's a little background for developers wanting to contribute to future releases, so let's go over the user visible features.

Validation plugins

The reliability of both IIS and SelfHosting validation has been greatly improved since 1.9.7. It's now possible to validate using different site than the target using the --validationsiteid switch. This is also offered as an option in interactive mode.

Store plugins

Stores for certificates are now implemented as plugins. This allows renewals to have more influence on their behaviour than previously possible, such as overriding the global CertificateStore setting with a --certificatestore command line argument, which can be different for each certificate. This was requested in #253 among others. In the future other plugins might be added, e.g. for specific 3rd-party web servers.

Installation plugins

Installation has now also been implemented as plugins. For now there are 'only' two of them (IIS and Script) but they have become more powerful because they are now decoupled from target plugins. So you can install a manual binding to IIS, or run a script after getting a certificate from an IIS target. Multiple installation plugins can even be chained after each other, as requested in #150 and others.

Manual installation (script)

Now comes with example scripts for RD Gateway, RD Listener and Exchange, big thanks to @LBegnaud for contributing the bulk and @WinnME and @nemchik for polishing.

IIS installer

Now capable of detecting and updating default bindings (without hostname) and wildcard bindings according to a new ruleset. It's possible to install to a different site than the target using the --installationsiteid switch. The option is also offered interactive mode. Should help support scenarios described in #330, #349, #356, #590 and others.

Revokation

If you fear your current certificate has been compromised, it's now possible to revoke it. As requested in #78.

Updated libraries

LEWS now targets .NET Framework 4.6.1, allowing us to update our own dependencies, mainly Microsoft.Web.Administration (a critical assembly used to manage IIS).

Smaller fixes

  • #591 - Make all new bindings non-IP specific to prevent 'ghost' bindings
  • #646 - tighter scope for temporary application to avoid conflicts with openid configuration
  • #654 - add command line switch to cancel renewal
  • #656 - don't re-apply SNI flag on IIS binding if administrator removes it
  • #665 - don't re-issue the certificate if the previously issued one is less than 24 hours old
  • Change default renewal to 55 from 60 days, preventing 'expires within 1 month` warnings
  • Reduce size of registry keys by omitting null-values
  • Don't print FTP/WebDav password on screen in interactive mode
Check out latest releases or
releases around win-acme/win-acme v1.9.8.0

Don't miss a new win-acme release

NewReleases is sending notifications on new releases.

Get notifications