Releases: glatzert/ACME-Server-ADCS
V3.1.0-beta8
Improves logging for dns-persist-01, do problems should be discoverable now.
V3.1.0-beta7
What's Changed
- DNS-persist specs have been updated. This release reflects those updates.
- The server now has a "canonical name", that will be used to create links and accountUris - make sure to set it, to a valid fqdn of the acme server:
{
// ...
// [Recommended] Generic settings for the ACME-Server.
"AcmeServer": {
// [Recommended] The canonical hostname of your ACME server, e.g. "acme.example.com".
// If set this will always be used when generating links.
// If not set, link generation will fall back to the first CAA identity, if configured, or the hostname of the incoming request.
"CanonicalHostname": null,
// ...
}If you do not set the value, the server will default to the first CAAIdentity, if that also does not exist, the incomming host header will be used.
Full Changelog: V3.1.0-beta5...V3.1.0-beta7
V3.1.0-beta6
This fixes a regression with clients that created accounts without contacts.
V3.1.0-beta5
The configuration schema has been changed, so that profiles will now support multiple CAs and templates, depending on certificate key type and key size:
Refer to the appsettings-sample.json to see how to use it.
"CertificateServices": [
{
// [Required] The CA-Server to use for certificate issuance.
"CAServer": "CA.FQDN.com\\CA Name",
// [Required] The template to use for certificate issuance, when no other template can be selected based on the CSR public key.
"TemplateName": "ACME-RSA-Template",
// [Optional] If set, this template will be used for CSRs with given keys only.
// Possible values are: RSA, ECDsa, ECDH
"PublicKeyAlgorithms": [ "RSA" ],
// [Optional] The key sizes to match for this template. If empty, any key size will match.
"KeySizes": [ 2048, 4096 ]
},
{
"CAServer": "CA.FQDN.com\\CA Name",
"TemplateName": "ACME-ECDH-Template",
"PublicKeyAlgorithms": [ "ECDH" ]
}
// You can add more services here, if you want to use different CAs or templates for different CSRs.
], V3.0.7
Http01 challenges can now be configured to ignore certificate errors, when the challenge response is delivered via https.
See appsettings-sample.json for details
// ...
"ChallengeValidation": {
// [Optional] Configure http-01 challenge validation
"Http01": {
// [Optional] Allows http-01 challenges to be read via self-signed https connections, default is false.
"IgnoreServerCertificate": false
},V3.1.0-beta4
Profiles now allow you to configure http-01 challenge validation, so it might skip ssl-certificate checks, when the challenge response is redirected to https.
// ...
// [Optional] The following settings are used configure challenge validation
"ChallengeValidation": {
// [Optional] Configure http-01 challenge validation
"Http01": {
// [Optional] Allows http-01 challenges to be read via self-signed https connections, default is false.
"IgnoreServerCertificate": false
},
// ...V3.1.0-beta3
The server now supports certificate template selection based on key size and key type of the CSR:
{ ...
"Profiles": {
// The profile name is used to identify the profile in the ACME-Server.
// You may choose any arbitrary name, that contains only alphanumeric characters, dashes and underscores.
"Default-Profile": {
// [Required] List of supported identifiers for this profile.
// Possible values are: dns, ip, permanent-identifier, hardware-module
"SupportedIdentifiers": [ "dns", "ip", "permanent-identifier", "hardware-module" ],
// [Required] The following settings are used to issue the certificate.
"ADCSOptions": {
// [Required] The CA-Server to use for certificate issuance.
"CAServer": "CA.FQDN.com\\CA Name",
// [Required] The template to use for certificate issuance, when no other template can be selected based on the CSR public key.
"TemplateName": "DNS-ACME-Template",
// [Optional]
"Templates": [
{
// [Required] The template to use for certificate issuance, if the CSR public key matches the following criteria.
"TemplateName": "RSA-ACME-Template",
// [Required] If set, this template will be used for CSRs with RSA keys, otherwise the default template will be used.
// Possible values are: RSA, ECDsa, ECDH
"PublicKeyAlgorithms": [ "RSA" ],
// [Optional] The key sizes to match for this template. If empty, all key sizes will match.
"KeySizes": [ 2048, 4096 ]
},
{
// Any number of Templates can be defined here ...
}
]
}
}
}{
"Profiles": {
"Default-DNS-With-RSA-Specifics": {
"SupportedIdentifiers": [ "dns" ],
"ADCSOptions": {
"CAServer": "CA.FQDN.com\\CA Name",
"TemplateName": "DNS-ACME-Template",
"Templates": [
{
"TemplateName": "RSA-Template",
"PublicKeyAlgorithms": [ "RSA" ],
"KeySizes": [ 2048 ]
}
]
}
}
}
}V3.0.6
Bugfix in Config-Tool
This release fixes a bug in the config-tool (ACMEServer.ADCS.exe --config-tool), that would lead to invalid config files.
Full Changelog: V3.0.5...V3.0.6
V3.0.5
This release changes, when the TOS url will be included in the directory metadat.
Until now, it was only included, when TOS agreement was required. Now it will be included, if it's been set.
Full Changelog: V3.0.4...V3.0.5
V3.1.0-beta2
dns-persist-01 now needs to be enabled via the profile configuration.
"Profiles": {
"Dns-Persist-Profile": {
"SupportedIdentifiers": [ "dns" ],
"...": "..."
"AllowedChallengeTypes": {
"dns": [ "http-01", "dns-persist-01", "tls-alpn-01" ],
},
}