Releases: gregtwallace/certwarden
LeGo CertHub v0.13.1
[v0.13.1] - 2023-10-12
This release adds the ability to add, edit, and delete providers via the
frontend GUI. It is now possible to setup LeGo without manually editing
the config file. You should still check the config example to see if you
need or want to set any of those options.
Added
- Add ability to add, edit, and delete providers via the GUI and without
having to restart LeGo. - Add example config to release packages and docker image. This should
have been added last version.
Changed
- If dns_checker can't properly configure dns servers, fallback to sleep
for 2 minutes. This is to avoid app start failure in this instance and
instead to use a reasonable alternative. An error is still logged. - Change deprecated substr func to substring func.
- Set 'Revoke' button on certificate orders to be red.
- Don't redact acme-dns provider info. It isn't sensitive enough to
justify the additional complexity. - Always log some basic info when orders are placed and completed.
Previously this was only showing at debug log level.
Fixed
- Fix sometimes non-unique key on GUI display of provider config.
- Fix handling of redacted info when it is POSTed.
Removed
N/A
LeGo CertHub v0.13.0
[v0.13.0] - 2023-10-10
Warning
Please read as there are breaking changes requiring manual intervention.
1: LeGo config MUST be updated using the new provider format which includes
specifying domains. See the example config file. A wildcard provider can also
be configured (single domain of *) and LeGo will use this provider if there
is no provider configured for a given domain. If you only use one provider,
you should add the wildcard domain and you're done.
I forgot to bundle the example in the release files and docker image. For now, here is the link:
https://github.com/gregtwallace/legocerthub-backend/blob/v0.13.0/config.example.yaml
2: Domain arg has been removed from dns manual scripts. Domain cannot be reliably
determined and as such it has been removed. This caused the position of the args
for these scripts to move and your scripts will need an update if you use this
method.
3: Removed redirects from old paths. When LeGo added the base path /legocerthub
old routes at base / were given redirects to prevent breakage. These redirects
are now removed and any clients using the old paths will need their scripts
updated.
This release does away with the need to select a challenge provider for each
certificate. It also has several tweaks and minor fixes.
The groundwork is also in place to add/edit/delete providers via the GUI. This
will be added in a future version.
Added
- Add environment output on sample dns scripts.
- Add backend functionality to modify providers while server is running via
routes. Frontend modification not yet added. - Add ability to view providers in the frontend.
Changed
- Update to logging of some debug info.
- Separate default config from example config to make it more apparent what the
default settings are. - Reduce API key length from 48 to 32. This is based on an entropy calculation
and still provides adequate security. - Move ACME Servers to side bar in frontend navigation.
- Update config version from 0 to 1 (see notes above).
- Code clean up in several spots.
- Clarified various log messages.
- Clean up and streamline logic for form handling on frontend, including
common input handler.
Fixed
- Do a better job of redacting certain sensitive information in debug logs.
- Fix api keys form unchanged calculation.
- Add openssl to dockerbuild (needed for acme.sh).
- Fix usage of access_token by frontend.
- Fix manifest paths.
Removed
- Remove need to select a challenge method. Instead, domains are configured
and LeGo automatically selects the correct provider based on the domains
in the certificate.
LeGo CertHub v0.12.6
[v0.12.6] - 2023-08-20
Releasing solely to fix importing of private keys via the frontend UI.
There are other minor changes but they are so minor they probably aren't
relevant to users.
Added
N/A
Changed
- Generic-ify SafeMap (minor code clean improvements).
- Minor update to handling of empty acme time in Order object NotBefore
and NotAfter fields. - Verify session is still valid before refreshing a session. This was
already being done, but made it more explicit.
Fixed
- Fix private key import via frontend UI.
Removed
N/A
LeGo CertHub v0.12.5
[v0.12.5] - 2023-08-11
This release adds shutdown and restart functions. Otherwise, it mainly
fixes some minor bugs and optimizes some code.
Config Note: 'private_key_name' is no longer a config field. The key
is now derived from 'certificate_name'.
Added
- Add shutdown and restart routes with buttons in frontend to trigger
those routes.
Changed
- Update some route names.
- Update LeGo https certificate reload logic to no longer require a go
routine. LeGo cert will update as soon as it renews. - Optimize view log handler for better memory footprint.
- Update output package to remove unneeded vars.
Fixed
- Fix broken log download handler and optimize related code.
- Modify logger so it is gracefully closed on exit, though it is not
perfect due to lumberjack bug:
natefinch/lumberjack#56 - Fix log view handler failing to close file.
Removed
- Remove LeGo config option for private key. Private key is now derived
from the certificate name.
LeGo CertHub v0.12.4
[v0.12.4] - 2023-08-08
This release resolves a significant issue with the challenge solver
failing in certain cases involving wild card certificates or multiple
ACME providers.
Added
- Add an error if user tries to enable acme.sh on a Windows server.
- Add better notes in default config regarding acme.sh options.
- Add shutdown handler for client to trigger LeGo shutdown.
- Make WorkTracker data type for reuse.
Changed
- Move pprof to its own http server and port.
- Significant overhaul of custom http client to make it more sane.
- Rework how challenge resource provisioning is tracked. Instead of in
each method, centralize in Challenges package. - Some minor code tidy up.
Fixed
- Fix when multiple workers are trying to solve Challenges that use
the same resource name. This could cause Orders to fail under certain
conditions. Instead, queue the resources and solve the Challenges
one at a time. - Make Cloudflare use the app's http Client with the proper settings.
Removed
N/A
LeGo CertHub v0.12.3
[v0.12.3] - 2023-08-06
This version is mostly minor fixes. Pprof support is also added.
Added
- Add pprof support. Default config option has it disabled though.
- On account object output, include EAB and TOS fields for the relevant
ACME server.
Changed
- Conditionally show EAB fields only when they're needed.
- Only show KID on frontend if debug and it is known.
- Use http.ServeContent to serve zip files.
- Deprecate 'domain' arg in dns01 manual method.
- Set directory refresh to occur at 1am + random minute rather than 24
hours from the last one.
Fixed
- Fix Cloudflare challenge method failing for domains where the zone has
more than two parts (e.g. some-name.in.ua).
See: #22 - Minor code cleanup (move an error, remove an export, and fix a typo).
Removed
- Cloudflare zone map does not require safety, so mutex was removed.
LeGo CertHub v0.12.0
[v0.12.0] - 2023-07-27
This version brings support for conditional headers. It also cleans up
some of the backend logic and fixes a couple of issues.
Added
- Add etag header to pem files when they're sent.
- Add last-modified time stamp to pem files when they're sent.
- Add support for request headers if-match and if-none-match.
- Add support for request headers if-modified-since and
if-unmodified-since. - Add support for request header if-range.
Changed
- Use http.ServeContent to send pem files to clients instead of previous
Write method. - Switch to a separate CORS package for ease of use and to ensure proper
specs are followed without having to maintain it myself. - Overhauled logic in storage and download packages so pem output is a
little more sane. - Updated output package logging to make it a little cleaner and clarify
some log messages.
Fixed
- Fixed issue where legacy request api keys would be saved to log.
- Fixed check that always said db needs an upgrade in new version even
when it didn't. - Added missing x-api-key and apikey headers to CORS list.
Removed
N/A
LeGo CertHub v0.11.1
[v0.11.1] - 2023-07-26
The only fix in this update is acme.sh being added to the Docker
container. If you're not using Docker, there is no difference between
0.11.0 and 0.11.1.
Added
N/A
Changed
N/A
Fixed
- Fixed acme.sh not installing into the Docker container.
Removed
N/A
LeGo CertHub v0.11.0
[v0.11.0] - 2023-07-25
This release streamlines new certificate creation by allowing simultaneous
key generation. In the new certificate 'private key' drop down, there is a
new option to generate a key. This eliminates the need to make a new key
separately first. The key name, description, and other fields are copied
from what is specified on the certificate.
Added
- Add ability to generate a key simultaneously with a new certificate.
Changed
- Set default new key to Generate and ECDSA P-256.
Fixed
N/A
Removed
N/A
LeGo CertHub v0.10.5
[v0.10.5] - 2023-07-22
This update fixes the acme.sh challenge method when running in Docker
container. It also bundles the acme.sh scripts with LeGo so no extra
modifications are needed to use this method.
Added
- Bundle acme.sh scripts (v3.0.6) with LeGo.
Changed
- N/A
Fixed
- Fix acme.sh challenge method when running in Docker.
- Fix linux scripts (primarily install and upgrade scripts).
Removed
N/A