Let's Encrypt™ Change Log
Last modified: January 13, 2022
- Initial support for Ubuntu package
- Drop CA bundle from installs in order to avoid installing an$ invalid-according-to-old-OpenSSLs chain. This is a temporary fix to allow$ us time to build a more robust solution to the problem created by the$ recent expiration of the DST root certificate
handle_new_certificate()if it exists, and thus add Dynamic DNS support.
- Use provider’s
generate_key()method, if it exists, rather than creating an RSA key internally.
- Omit subject from CSRs. This avoids the 64-byte limit on
commonNameand simplifies the logic besides. As of now LE still cannot issue certificates without at least one domain that can be in a
commonNamefield, but we don’t need to try to dictate that.
- Check for
authzsuccess after initial switch to DNS DCV to accommodate authz/DCV success that happens in the window between timeout and the new certificate order.
- Forgo sorting of domains via
SORT_VHOST_FQDNS(). LE applies its own sort order anyway, and that sorting breaks in v88 because the list of domains can now include wildcard domains, which are neither literal vhost members nor service subdomains and thus sometimes impossible to associate with a specific vhost.
- Defer loading of
Net::ACME2until runtime to reduce memory usage in contexts where we aren’t actually talking to Let’s Encrypt.
- Log only to file (not
warn()) on failure to retrieve Terms of Service.
/var/cpanelfor the registration key rather than
/root/.cpanel. This makes it so that normal configuration backups will include this registration information.
- Ensure that all
Net::ACME2::X::Genericinstances propagate as
Cpanel::Exceptionobjects. This will prevent stack traces in the logs in production.
- Add “Conflicts” to explicitly state the relationship w/ the v1 plugin.
- Removes “Obsoletes” to avoid breaking existing LE plugin installations.
- Always do DNS DCV for wildcard domains (HTTP is not supported)
- Collapse redundant domains w/ wildcards
- Fix wildcard support.
- Restore errantly-removed wildcard support from previous commit.
- Wildcard support
- Initial setup