Architecture

This release expands the conceptual framework of the program with a new class of plugins. Until now, if you manage lots of bindings in IIS, you only have roughly two options to make sure they are all accessible through https.

1. Set up a renewal for all bindings. This works but is not a great solution, because you may run into limitations of the ACME server (i.e. the 100 domain limit for Let Encrypt) and it's not adhering to best practices of operational security, because you are disclosing the existance of all other hosts on the server through the certificate shared by each of them.
2. Diligently manage the renewals, adding, updating and cancelling them whenever something changes in IIS.

While we have strived to make this (micro)management easier over the years, I felt that there should be a fundamentally better way. So this release introduces the concept of an "order plugin", which allows multiple certificates to be created and installed from a single renewal.

For now there are two of the plugins, the default and backwards compatible single plugin is there to make sure that nothing changes for those upgrading. The host plugin creates a seperate certificate for each host. This should be considered beta and is accessible from the command line only by adding --order host at startup when you create a certificate. Future releases will add additional options (e.g. a site plugin to create a certificate for each site) and finetuning based on user feedback.

New features

• #1479 - It's now possible to customized the default plugin for each of the six stages through settings.json. The old "simple mode" has been renamed to "default settings" mode to reflect this. Requested by @michaelsmoody.
• #1514 - @albertofustinoni contributed a validation plugin for LuaDNS

Enhancements

• #1481 - The http-01 selfhosting plugin may now be configured to listen to https requests using the --validationprotocol switch. Note that Let's Encrypt will always use plain http and port 80, so this is only useful when those requests are being redirected. Requested by @michaelsmoody.
• #1490 - You may now customize the computer name reported in email notifications. The computer name is also added to the subject so that it's easier for those managing multiple servers with win-acme. Requested by @jon-f-novastor.

Bug fixes

• #1448 - ACME protocol technicalities. Thought to be fixed in 2.1.6 already but not built correctly
• #1487 - The --force switch was broken in 2.1.6, reported by @jon-f-novastore.
• #1492 - Azure and Route53 plugins ignored proxy configuration. Reported by @wesochuck.
• #1503 - When configuration was decrypted, private keys stored for the --reuse-privatekey parameter became inaccessible and new keys were generated. Discovered by @Virinum!
• #1509 - Fix crash on corrupted IIS binding (missing certificate). Reported by @djgamerr.