Update module github.com/caddyserver/certmagic to v0.21.7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/caddyserver/certmagic	v0.20.0 -> v0.21.7

---

Release Notes

caddyserver/certmagic (github.com/caddyserver/certmagic)

v0.21.7

Compare Source

v0.21.6

Compare Source

Minor patch for ARI handshake maintenance.

What's Changed

• Fix typos by @​deining in https://github.com/caddyserver/certmagic/pull/324
• Replace interface{} with any by @​deining in https://github.com/caddyserver/certmagic/pull/325
• ari: Only check if cert is not expired, and use proper context by @​mholt in https://github.com/caddyserver/certmagic/pull/328

New Contributors

• @​deining made their first contribution in https://github.com/caddyserver/certmagic/pull/324

Full Changelog: caddyserver/certmagic@v0.21.5...v0.21.6

v0.21.5

Compare Source

Primarily bug fixes and minor enhancements.

What's Changed

• Repair broken link for dotGo presentation. by @​icpd in https://github.com/caddyserver/certmagic/pull/312
• ZeroSSLIssuer: Make PollInterval configurable by @​aplr in https://github.com/caddyserver/certmagic/pull/316
• Remove obsolete constants by @​ankon in https://github.com/caddyserver/certmagic/pull/317
• Add a fast path for the DefaultCertificateSelector by @​ankon in https://github.com/caddyserver/certmagic/pull/318
• Quiet OCSP warnings if the cert has a short lifetime by @​francislavoie in https://github.com/caddyserver/certmagic/pull/320
• Bump golang.org/x/crypto from 0.27.0 to 0.31.0 by @​dependabot in https://github.com/caddyserver/certmagic/pull/322

New Contributors

• @​icpd made their first contribution in https://github.com/caddyserver/certmagic/pull/312
• @​aplr made their first contribution in https://github.com/caddyserver/certmagic/pull/316

Full Changelog: caddyserver/certmagic@v0.21.4...v0.21.5

v0.21.4

Compare Source

We've made several improvements across the board, notably:

• Storage is temporarily a required field, until we implement a zerossl issuer that doesn't require storage. I'm hoping this will be optional again before v1.0.
• New exported function GetRenewalInfo(), useful for issuers that support ARI.
• Better logging related to account loading and creation, and CSR generation; useful for troubleshooting.
• ACME account registration is now synced across a cluster.
• ARI fetching is now synced across a cluster.
• Normalization fix for IDNs.
• Writes to the filesystem (default) storage now use temporary files, which provides greater concurrency safety. This should improve the very rare and sporadic corrupted certificate or metadata (JSON) files that have been observed and reported.

Thank you to everyone who contributed!

What's Changed

• Move looking up info for HTTP validation to warn level by @​mbardelmeijer in https://github.com/caddyserver/certmagic/pull/290
• Sync ACME account registration by @​mholt in https://github.com/caddyserver/certmagic/pull/293
• fix: use a tempfile to write files in filestorage. by @​elee1766 in https://github.com/caddyserver/certmagic/pull/300
• Add .internal to internal-only hostnames by @​nickubels in https://github.com/caddyserver/certmagic/pull/305

New Contributors

• @​mbardelmeijer made their first contribution in https://github.com/caddyserver/certmagic/pull/290
• @​elee1766 made their first contribution in https://github.com/caddyserver/certmagic/pull/300
• @​nickubels made their first contribution in https://github.com/caddyserver/certmagic/pull/305

Full Changelog: caddyserver/certmagic@v0.21.2...v0.21.4

v0.21.3

Compare Source

v0.21.2

Compare Source

This is apparently the same as v0.21.1, for some reason I thought there were new commits. Oh well, enjoy!

What's Changed

• Apply DefaultServerName more broadly during handshake by @​mholt in https://github.com/caddyserver/certmagic/pull/287
• downgrade minimum Go version by @​mohammed90 in https://github.com/caddyserver/certmagic/pull/289

Full Changelog: caddyserver/certmagic@v0.21.0...v0.21.2

v0.21.1

Compare Source

v0.21.0

Compare Source

CertMagic v0.21 introduces some big changes:

• Draft support for draft-03 of ACME Renewal Information (ARI) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
• New ZeroSSLIssuer uses the ZeroSSL API to get certificates. ZeroSSL also has an ACME endpoint, which can still be accesed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
• DNS challenges should be smoother in some cases as we've improved propagation checking.
• In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
• ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).

Please try it out and report any issues!

Thanks to @​Framer for their contributions to this release!

What's Changed

• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @​dependabot in https://github.com/caddyserver/certmagic/pull/264
• Demote "storage cleaning happened too recently" from WARN to INFO by @​francislavoie in https://github.com/caddyserver/certmagic/pull/270
• Check DNS propagation at authoritative nameservers only with default resolvers by @​pgeh in https://github.com/caddyserver/certmagic/pull/274
• Retry with new account if account disappeared remotely by @​mholt in https://github.com/caddyserver/certmagic/pull/269
• Update readme examples to use TLS-ALPN const from ACMEz by @​goksan in https://github.com/caddyserver/certmagic/pull/277
• Initial implementation of ZeroSSL API issuer by @​mholt in https://github.com/caddyserver/certmagic/pull/279
• Allow deleting directories via FileStorage by @​goksan in https://github.com/caddyserver/certmagic/pull/282
• Use the email configuration in the ACME issuer to "pin" an account to a key by @​ankon in https://github.com/caddyserver/certmagic/pull/283
• Initial implementation of ARI by @​mholt in https://github.com/caddyserver/certmagic/pull/286

New Contributors

• @​pgeh made their first contribution in https://github.com/caddyserver/certmagic/pull/274
• @​goksan made their first contribution in https://github.com/caddyserver/certmagic/pull/277

Full Changelog: caddyserver/certmagic@v0.20.0...v0.21.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 10 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.21 -> 1.23.5
github.com/klauspost/cpuid/v2	v2.2.7 -> v2.2.9
github.com/miekg/dns	v1.1.58 -> v1.1.62
github.com/zeebo/blake3	v0.2.3 -> v0.2.4
golang.org/x/crypto	v0.24.0 -> v0.31.0
golang.org/x/mod	v0.17.0 -> v0.18.0
golang.org/x/net	v0.26.0 -> v0.33.0
golang.org/x/sync	v0.7.0 -> v0.10.0
golang.org/x/sys	v0.22.0 -> v0.28.0
golang.org/x/text	v0.16.0 -> v0.21.0
golang.org/x/tools	v0.21.1-0.20240508182429-e35e4ccd0d2d -> v0.22.0

[davidnewhall]

It has a breaking change.

#25 28.89 ./mulery.go:127:4: unknown field DNSProvider in struct literal of type certmagic.DNS01Solver