Skip to content

v2.2.6
Compare
Choose a tag to compare
@WouterTinus WouterTinus released this 26 Sep 09:04
v2.2.6.1571
26328dd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Features

  • The FTP validation plugin gained an option to use the GnuTLS library for FTPS connections, as the default TLS implementation provided in .NET/Windows suffers from compatibility issues with various Unix-based FTP servers. For more background on this subject check this page by the FluentFTP project. Using this requires:

    • A change in config: Validation.Ftp.UseGnuTls = true
    • The pluggable x64 release of win-acme (it is not available for x86 or ARM due to limitiations of the upstream package, and also doesn't work on the trimmed build)
    • Download and extract the additonal artifact gnutls.v{build}.x64.zip

    We recommend you only do this as a last resort when other validation methods fail, because there are some limitations of this connection method documented on the link above. This all initiated based on feedback by @cuper6.

Enhancements

  • A new toggle has been added to settings.json which allows you to disable certificate validation for the ACME endpoint, useful for people running their own ACME CA using a self-signed certificate (requested by @100110010111 in #2431).
  • The Azure DNS validation plugin no longer requires permissions to the Resource Group that hosts the DNS zone. Thanks to @sveng-r for testing in #2372).
  • @jcazier-umich improved the ImportJKS.ps1 example script by using $env:JAVA_HOME instead of a hardcoded path (#2408).
  • Improved documentation an validation for the Google Cloud DNS plugin, based on feedback from @timothydilbert
  • When customizing the notAfter settings, fractional seconds are no longer sent to the server, because that level of accuracy is overkill and some providers throw errors upon receiving them (thanks for testing @timothyd09 in #2394)
  • Update various third party dependencies (Autofac, FluentFTP, MailKit, Serilog, etc.)
  • More verbose logging for DNS pre-validation in case of query failures

Bug fixes

  • Filter illegal characters from the ClientName setting when creating the scheduled task, preventing failures (reported by @andrewsauder in #2410).
  • In rare circumstances sorting the renewals in the Renewal Manager could result in an error (reported by @nrcionline in #2401).
  • The Central Certificate Store plugin was broken for international domain names (noticed by @Nelo-cool in #2434).
  • The PFX file plugin didn't properly update pre-existing files, which may have caused corruption upon renewal (noticed by @efficiondave in #2397).
  • The --nocache switch (and interactive menu option) could still reuse previously generated private keys.

Contributors

Nelo-cool, andrewsauder, and 8 other contributors
Assets 32
0 Join discussion