New features
- #165 - It's now possible to specify your own CSR (and optional private key) to the program to create a Let's Encrypt certificate with specific settings that are unavailable otherwise. This is implemented as a new target plugin, that's usable both from the command line and interactively. See the documentation.
- #940 - It's now possible to specify the
--reuse-privatekey
parameter at creation time to re-use the same private key across renewals. A stable private key makes it easier to publish long-lived TLSA records. - The program will now create a daily log file of its operations in
{ConfigurationPath}\Log
going back one month. The path can be customized using the setting<LogPath>
. Further logging configuration is as always handled by Serilog and may be modified throughwacs.exe.config
with AppSettings, but this is not supported and for advanced users only.
Enhancements
- #1128 - DNS pre-validation should be much more reliable now. Like regular DNS resolvers, it now uses a top-down algorithm instead of a bottom-up one to find authoritative name servers. It also recognizes NS records provided as part of a SOA statements now, which it previously failed to do. Furthermore using the
DnsServer
override insettings.config
no longer stops us from looking for authoritative name servers; it merely overrides the starting point. - #1175 - It's now possible to execute multiple installation scripts by editing the
.json
file. This not supported by the command line or the interactive interface yet though. Based on an experiment by @Virinum. - #1144, #1171 and others - By popular request, the PemFiles plugin will now also output a
-crt.pem
file with just the certificate (before it was only available as part of the-chain.pem
file). - Only count successful history entries for the "n renewals" label in the certificate details.
- In Advanced Interactive Mode, if the only remaining installation option is "Do not add extra installation steps", simply skip the question.
- Error handling has been improved to stop Autofac's
DependencyResolutionException
to barf over the screen so often, making it easier to see where in the programs code it actually went wrong. - Installation script output is now shown on-screen in
--verbose
mode, previously it only was logged to the Event Viewer, which was confusing.