v0.4.0
Immutable
release. Only release title and notes can be modified.
Changes:
- Subject Common Name is no longer included in CSRs, as it is optional,
cannot accommodate long domain names and can be rejected by some ACME issuers.
This may result in issuing certificates with empty Subject Common Name. Such
certificates are valid and should be accepted by any user agents.
Thecommon_name_in_csrdirective allows restoring the previous behavior. - Renewal time for short-lived (less than 10 days) certificates is adjusted
to the half of the certificate lifetime. - Some user-facing log messages (info, notices, warnings and errors) were
modified.
Features:
- ACME Renewal Information checking is now supported and always enabled with
compatible ACME CAs.
Bugfixes:
- Default acme_shared_zone size was insufficient on systems with 64k page size.
- Log messages were not emitted on an expected log level.
- Server certificate names were not verified when connecting to an issuer
specified with IP address. - Server connection could fail when either IPv6 or IPv4 network is unreachable.
- tls-alpn-01 challenge could generate an invalid certificate for domain names
longer than 64 characters.