New features
- #1269 - Inspired by an initial idea and PR by @olivermue, this release introduces a new IIS target plugin that superseeds the three different ones that have existed since the dawn of this programs existance (i.e.
Single binding of an IIS website,All bindings of an IIS websiteandAll bindings of multiple IIS websites). There were three important goals that have been achieved with this new plugin:- Fully backwards compatible. Existing renewals and command line parameters work exactly like before.
- More user-friendly. Simple mode got easier because users are not immediately confronted with the concept of a "target plugin", and generally the interface got a lot of touches that should help setting up certificates, for example the idea proposed by @MarcoMiltenburg in #1297.
- More powerful. Instead of "hard-coding" a set of bindings to build a certificate for, it's now possible to use pattern matching and even regular expressions to create dynamic renewals.
- #1074 - It's now possible to use the
acl-fullcontrolspecify a list of users or groups that should get full permissions on the private key in the Windows Certificate Store. This is of particular interest to Microsoft Exchange admins, because the installation of cumulative updates might fail without these permissions properly configured. The documentation about Exchange has been updated to reflect this. First reported by @janwerner. - #1309 - It's now possible to connect to an acme-dns endpoint using basic authentication. Requested by @LumKitty.
Enhancements
- #1296 - Handling of the certificate chain has been much improved. It should now work reliably for an arbitrary number of intermediate certificates and no longer depends on Windows to build chains, so there is no more confusion when an older intermediate certificate is still present on the system. Brought to our attention by @hb220.
- #1283 - The program has become slighty more pro-active about creating and updating bindings during initial setup of a new certificate, specifically to accomodate the scenario where IPv4- and IPv6-specific bindings are present on the same website. Reported by @MarcoMiltenburg.
- #1294/#1317 - The handling of the Public Suffix List had some problems discoverd by @lukefoley and @hanschou. It has been improved in three ways. First, there is now a static version redistributed with the application, so that in highly secured environments it's not neccesary to open up another connection. Secondly, the proxy settings are now applied during the download. Lastly, the program creates a cached version in its own configuration folder that remains valid for 30 days to improve startup times.
- Terms of service are now logged and saved to disk even when they have been "pre-accepted" from the command line, just for future reference.
- Runtime upgraded from .NET Core 3.0 to 3.1
Bug fixes
- #1321 - The program could crash for a first-time user when not running as Administrator, due to being unable to create a category in the Windows Event Viewer. Reported bY @439bananas and others.
- #1277 - The program could crash in some cases when redirecting console output.
- #1298 - When changing (properties of) the CSR, for example when switching from RSA to EC keys, the internal certificate cache would not be invalidated, leading to an unexpected and unwanted delay in the application of the change. Reported by @MarcoMiltenburg.
- #1305 - @mindstormsking discovered that
settings.configincorrectly contained a"ConfigPath"setting which is supposed to be"ConfigurationPath". - #1319/#1320 - Fixed a pair of bugs reported by @oregano87 that didn't get triggered by Let's Encrypt but were in violation of the ACME standard.
- Import from 1.9.x still had some issues even after the previous fix in version 2.1.1, should be 100% again now.
- Various possible null reference problems fixed using C# 8.0 Nullable Reference Types
2.1.2.636
Fixes two bugs discovered in the initial 2.1.2 release: #1326 and #1327. Thanks @TylerMitton and @randomevents!
2.1.2.641
Fixes another bug discovered in the initial 2.1.2 release: #1330. Thanks @Virinium.