mod_md v2.1.8 (just a touch of beta)

• Some notifications cleanups:
  • notifications about errors no longer change the status of the ongoing renewal.
  • notifications about a successful renewal are re-attempted on failure, just like
    other failures cause a retry with a backing-off delay.
  • warnings about expiring certificates are only sent, if there is no renewal
    already done (but maybe not activated yet) for a domain
  • failure to notify about expiring certficates also cause retry and are cleared
    when/if finally successful.

mod_md v2.1.7 (beta almost over)

• Changed server-status section headings to make more clear what is listed there.
• no longer listing the logs in the top-level md-status handler (where all managed
  domains are listed). Getting the status of a particular domain has the log).
• fixing some signedness warnings in clang 11.
• Fixes bug in time period calculation for removing old OCSP response files.

mod_md v2.1.6 (beta)

• Fixed issue #145 where a server restart was not done when recommended and checking
  becamed called in a tight loop, eventually calling message commands again and again.
  Test case added for this.
• 'make test' will now trigger the build if not done before. removed some obsolete
  test special targets.
• starting to integrate with travis for build and test coverage
• documented how MDCAChallenges now overrides any port sanity checks.

mod_md v2.1.5 (beta)

• fixed a crash when the server-status page was retrieved in text form (e.g. server-status?auto
  url) and a MDomain had been renewed. Test case added. Fixes #141.
• Test suite: rework on how httpd config is set up to allow for MDomain tests that use
  the base server and listen only on one port.

mod_md v2.1.4 (beta)

• added test case for #142 and fixed a bug in JSON array handling introduced in 2.1.3

mod_md v2.1.3 (beta)

• added more trace2 level logging in server-status collection to help issue #141
• fixed the status handling to return job information from staging also when the certificate
  is not there yet.
• fixed a bug in JSON handling that decremented refcounters wrongly when setting another
  JSON object at a key where none was allowed. Added test case.
• OCSP Stapling information in "server-status" is now sorted alphabetically.
• add a CA column to Managed Domains table
• urls are now displayed as links with the hostname or known name as text.
• similary to ocsp status, certificate status 'ok' is now 'good'. Will turn to 'expired'
  should the certificate validity pass the current clock.

mod_md v2.1.2 (beta)

• Refactoring the initialization to distinguish between VirtualHost definitions that have
  SSLEngine on and those who do not. The advantages are:
  • No MDPortMap definition is necessary to detect where SSL certificates are needed.
  • mod_md will only collect ServerName/ServerAlias from VirtualHosts that use SSL.
  • One can have a 'catch-all' VirtualHost on port 80 using all domains without them
    bleeding back into the MD definitions.
• Initialization no longer traverses the complete md store, reads configured MD JSON
  files only once and writes them only when changed. When a new MD is added or
  an existing one renamed (the first domain member changes), will the store be searched
  for old definitions and certificates. This search only looks at MDs outside the current
  set and should remain efficient with many MDs configured.
  Example: if you have 100 MDs and rename 1, mod_md will see the 99 directories that stayed
  and load the one unmatched to check for a rename.

mod_md v2.1.1 (beta)

• Fixed a bug where the "acme-tls/1" protocol setting was not recognized on the base server
  (with "MDBaseServer on").
• ACME errors returned during account creation are now added to the job log.
• A missing ServerAdmin is now properly logged at the renewal job.

mod_md v2.1.0 (beta)

This is a beta release. For a more mature version, use the v2.0.x release line. This release is for Apache httpd 2.4.41 or later.

The main new feature in 2.1 vs. 2.0 is the introduction of the new OCSP Stapling implementation. You can use this for all your certificates, only your Let's Encrpyt certificates or just enable it on a specific MDomain. See the sections in the README.md for a description.

• New directives "MDStapling on|off"
• New directive "MDStaplingRenewWindow" to configure when OCSP response should be renewed.
• New directive "MDStaplingKeepResponse" for controlling how long OCSP responses are
  kept in the store and older ones get removed at start up.
• "server-status" page now carries a new table of all OCSP stapling certificates managed
  by mod_md stapling. Shifted ocsp related information in JSON "md-status" around a bit.
• "md-status" handler now also adds OCSP stapling logs to the JSON output.
• MDMessageCmd is now also invoked for stapling with reasons 'ocsp-renewed' and 'ocsp-errored'.
• backoff timing for failed ocsp retrieval attempts. specific ocsp update will be
  delayed accordingly.
• new directive 'MDCertificateMonitor' to allow configuration of the check HTML links rendered
  in the server-status page.
• toning down some INFO level logging to DEBUG or lower.
• server-status timestamps now in a better readable format. Some columns have been merged.
• Much more verbose data logging when OCSP responses could not be parsed.
• Fixed a bug with suppressing "Expect" header sending.
• Fixed a bug where notifications about an expiring certificate were sent out too often.
• Converted pytest suite from python2 to python3. "make test" now calls "python3 -m pytest".
• Errors reports by an ACME CA may include "subproblems", where several causes may be reported.
  These are now part of the md-status reporting and also logged. Test cases added.

mod_md v2.0.10

The wrong branch was labelled in v2.0.9 and the sources.zip contained the files from master. The release tar file was correct, however.

This release tags the correct maintenance-2.0.x branch, but is otherwise equivalent.