Skip to content

v0.4.0

Choose a tag to compare

@bavshin-f5 bavshin-f5 released this 20 Apr 20:28
Immutable release. Only release title and notes can be modified.
v0.4.0

Changes:

  • Subject Common Name is no longer included in CSRs, as it is optional,
    cannot accommodate long domain names and can be rejected by some ACME issuers.
    This may result in issuing certificates with empty Subject Common Name. Such
    certificates are valid and should be accepted by any user agents.
    The common_name_in_csr directive allows restoring the previous behavior.
  • Renewal time for short-lived (less than 10 days) certificates is adjusted
    to the half of the certificate lifetime.
  • Some user-facing log messages (info, notices, warnings and errors) were
    modified.

Features:

  • ACME Renewal Information checking is now supported and always enabled with
    compatible ACME CAs.

Bugfixes:

  • Default acme_shared_zone size was insufficient on systems with 64k page size.
  • Log messages were not emitted on an expected log level.
  • Server certificate names were not verified when connecting to an issuer
    specified with IP address.
  • Server connection could fail when either IPv6 or IPv4 network is unreachable.
  • tls-alpn-01 challenge could generate an invalid certificate for domain names
    longer than 64 characters.