github win-acme/win-acme v2.1.0
on GitHub

latest releases: v2.2.8.1635, v2.2.7.1621, v2.2.7.1612...
4 years ago

Context

In this release the main code and its dependencies have been converted to .NET Standard, which is an API definition that bridges the classic .NET Framework and the modern, open source, cross platform .NET Core. This work has enabled us to distribute the program as a self-contained application that doesn't depend on any installed framework. Due to being self-contained, there is a penalty to be paid in terms of download size, but we feel it's worth the trade-off of being able to develop with more modern libaries and to run on more versions of Windows.

Release distribution changes

You may notice that the downloads are different previous releases. We renamed the downloads for plugins to make it more obvious that these are not the main program. Aslo we now distribute four versions of win-acme. There are x86 (32 bit) and x64 (64 bit) executables, and for each of those there is a trimmed release optimized for size and a pluggable version that contains the full .NET Core 3 runtime, which most plugins are expected to need. So if you are downloading/developing extra plugins, this is the version you will want.

Breaking application changes

  • Microsoft only supports .NET Core 3.0 on Windows 2012 R2 SP1 or higher. Though initial testing indicates that this self-contained application seems to work fine on older versions of Windows Server as well, extra care should be taken in those cases.
  • Custom plugins will have to be modified to conform to the new async interfaces of this version of win-acme. Also they will have to be targeted to build for .NET Core 3.0. Note that this does not affect installation or DNS scripts, only additional .dlls.
  • The WebDav plugin was replaced/rewritten, which might break compatibility with some servers.
  • settings.config has been replaced with settings.json. The format is more readable and nicely structured, but if you have some custom settings, you will have to re-apply them.
  • If you are using custom settings for Serilog, you will have to migrate them to a new file called serilog.json according to the specifications listed here.

New features

  • #990 - Add support for TLS-ALPN-01 validation, which happens on port 443. The use of this validation mode is limited so far, because it requires exclusive access to port 443 (i.e. it cannot happen while the web server is also running), but it's nice to have another tool in the arsenal for those experiencing difficulties with both HTTP and DNS validation.

Enhancements

  • Add support for POST-as-GET requests, a new security feature in the ACME standard that will be required by Let's Encrypt from November 2020, but as soon as next month for the staging endpoint.
  • #992 - The program no longer requires administrator rights to run. Without administrator access its functions are limited, e.g. there is no access to IIS, the Task Scheduler, the Windows Certificate Store or self-hosting validation, but it's still possible to use it for example to request certificates for Apache. Requested by @daeks.
  • #1211 - Improved feedback around "Scheduled task not healthy" message, requested by @UweKeim
  • #1220 - Added a feature to specificy console output encoding, defaults to unicode but can be set to utf-8 as well. In --verbose mode a message with Russian, Chinese and Arab text is printed to test your scripts/console settings for international character compatibility. Idea by @pcrockett-pathway.
  • #1225 - Improved ACME standard compliance by waiting for order to get the valid state, which is instant for Let's Encrypt but may be delayed for other servers. Also make the number of retries and the retry interval for validation and certificate processing configurable (default: 4 times 2 seconds)
  • #1229 - Make DNS pre-validation configurable. It can now be disabled or fine tuned to set the number of retries and the interval between retries (default: 5 times 30 seconds).
  • #1233 - Timeout for DNS and installation scripts is now configurable in settings.json (default: 5 minutes / 600 seconds)
  • DNS pre-validation and acme-dns configuration verification now check all authoritative name servers instead of just an authoritative name server, to prevent synchronisation issues from causing false positives.

Bug fixes

  • #1194 - Fix exceptions generating private keys on certain older Windows servers, due to move to BouncyCastle, reported by @baffourt
  • #1212 - Fix a bug in the DNS resolver reported by @Dawsonmoondew
  • #1215 - Fix command line parsing bug inputting double quotes, reported by @Walkman78
  • #1217 - Fix a bug in DNS pre-validation for certain dynamic DNS providers, reported by @palinkas-jo-reggelt
  • #1219 - Fix a UI hang that was introduced in beta 1
  • #1221 - Fix export to .pem files when private key is not available in beta 1, reported by @bitbehz
  • #1230 - Fix hang on e-mail notification test introduced in beta 1, reported by @sgwvirtuo
  • #1233 - Fix expired nonce not handled properly in beta1/2
  • #1234 - Task scheduler would point to the wrong folder, discovered by @SteffenAL
  • #1237 - "pluggable" releases were not actually pluggable in beta1/2 due to subtle build script differences in AppVeyor, discovered by @dmarlow
  • #1245 - Fix IIS FTP installation plugin for cases when the certificate store must change
  • #1249 - Fix CSR target plugin for cases when the private key .pem file also contains the public one
  • #1250 - Fix Azure and Amazon DNS validation plugins crashing or using improper DNS zones when the matching one cannot be identified.
Check out latest releases or
releases around win-acme/win-acme v2.1.0

Don't miss a new win-acme release

NewReleases is sending notifications on new releases.

Get notifications