PowerShell BREAKING CHANGE: PowerShell support has been significantly revised and compatibility may be affected. You are encouraged to test your workloads before deploying.
Previously 7.x versions used in-process PowerShell 7.x, which is not compatible with some existing PowerShell scripts/add-ins including our built-in example Exchange/RDP tasks. Versions before 7.x used an older version of .NET and In-Process PowerShell 5.1.
PowerShell scripts will now run in the default Automatic execution mode:
Windows: launches as a new process using the system PowerShell (5.1 by default where available).
Linux: runs PowerShell 7.x in-process
The Launch New Process option is retired in favour of the execution mode options.
Added experimental new Full Impersonation mode (Windows)
Common Name is now re-enabled by default in generated CSRs despite being deprecated, so there is now a global setting for this behaviour.
There is a new option to ensure CA intermediates are added to the machine intermediates store (Windows). Most machines do this automatically except where outgoing http is blocked.
General settings have now been split into renewal-related settings and advanced settings.
Primary request status is now tracked independently of Task status for fine-grained error status tracking.
Various UI refinements including Certificate Subcriptions, Managed Challenges etc.
Fixes:
Tasks: fix to allow a task to be manually run when the main request has failed, and also ensure tasks still run if they are set to run on primary request failure.
Various dependency updates, minor fixes and refinements
7.0.18 : 2026-04-10
Enhancements:
Core & UI: Implement support for Hub managed Certificate Subscriptions. This allows an authorized instance to subscribe to a hub managed certificate so that the hub can look after renewal and the managed instance just performs deployment.
Core: Draft support for the upcoming dns-persist-01 ACME Challenge type, which enabled persisent DNS validation with a single record per domain/subdomain.
Core: Create archive of settings databases before schema upgrades
Managed Challenges: Simplified config allowing default instance identify to be used instead of adding distinct API credentials. A new managed challenge polling mechanism also allows for long running managed challenge tasks.
UI: Custom CAs now allow overlapping DNS labels previously prevented by validation.
DNS: Add Technitium provider via Posh-ACME
Tasks: Azure Key Vault task can now provide a custom Friendly Name within the uploaded PFX.
Setup: You can now use an alternative service account of your choice when first installing and it will be preserved between upgrades.
7.0.17 : 2026-02-12
Enhancements:
Initial 7.x Production Release.
Data Stores: New schema and data migration for users using external data stored. Test before use in production. Important DB schema updates are required when updating.
Misc:
CA editor now allows you to flag CAs which require CN in the generated CSR.
7.0.16 : 2026-01-12
Enhancements:
Core & UI: Deprecate support for Days After/Days Before renewal internal modes. Shorter certificate lifetimes now require percentage lifetime elapsed based renewal.
7.0.15 : 2026-01-09
Enhancements:
Core: New Maintenance Window feature allows you to optionally set a named day/time window in the week for renewals to be attempted, this can be applied globally per instance or per managed certificate.
Core & Export: New optional strict export chain building options and best-efforts chain building.
Fixes:
Core: log when preferred chain not matched
CA: Some CAs require CN in the generated CSR
7.0.14 : 2025-11-21
Fixes:
Core: IMPORTANT Fix issue with SQLite database filtering for auto renewed items. All 7.0.13 users must upgrade or renewals will not occur.
Hub: Fix issue with instance reconnection after hub restarts/updates failing due to expired authentication. This requires updating both the hub and any associated instances.
7.0.13 : 2025-11-17
Enhancements:
Core: initial support for proxies via HTTPS_PROXY/HTTP_PROXY/CERTIFY_PROXY environment variables
Import/Export: updates for PFX destination path mapping.
DNS: New Hetzner Cloud provider via Posh-ACME
Fixes:
Tasks: Apache/nginx files copy tasks updated for linux
Hub: Improved reconnection handling
7.0.12 : 2025-10-28
Fixes:
DNS: Fix AWS Route 53 provider error due to SDK changes.
7.0.11 : 2025-10-24
Enhancements:
General: Move from beta to release candidate status for production use.
UI: Managed certificates list now uses infinite scroll instead of paging
Minor dependency updates
Fixes:
CA: Google Trust Services currently require CN in the generated CSR
Core: Clean-up X509Certificate2 after use to avoid temp RSA keys remaining on disk.
7.0.10 : 2025-10-06
Enhancements:
Minor dependency updates
7.0.9 : 2025-10-03
Enhancements:
UI: View Certificate option now allows unlock of password protected PFX
Minor dependency updates
Fixes:
DNS: Fix incorrect parameter for NameSilo provider
7.0.8 : 2025-09-18
Enhancements:
Tasks: Start/Stop/Restart A Service task renamed to just Restart a Service. Minimized service dropdown layout changes by limiting display name length.
Fixes:
UI: Fixed issue dragging/moving windows caused by UI toolkit dependency.
UI: Task editor will no longer reset the name of the task on edit
UI: View certificate will now show an error if it can't open the source PFX
7.0.7 : 2025-09-15
Enhancements:
Minor dependency updates
Fixes:
Misc UI threading fixes
7.0.6 : 2025-09-05
Enhancements:
Core: Allow hub to manage instance licensing across multiple licenses
Core: Add PKIaaS.io as built-in CA option, deprecate BuyPass as a supported CA as they have discontinued their ACME service.
CLI: add version command and fixes for json output, add license check output
Auto Update: fix app name in auto update PowerShell script
Fixes:
Data Stores: Arm64 SQLite database fixes
7.0.5 : 2025-07-29
Enhancements:
Stored Credentials: Implement optional unlockable stored credentials (allowing specific secrets to be read via API for custom scripts etc), add optional expiry date not so that expiring credentials are more visible.
Core: Add Actalis as a built-in CA configuration
Core: Cert CN (deprecated by CAs) is no longer set in CSR unless the configuration specifically requires it.
Fixes:
Renewals: address possible hang during long running renewal batches which then prevents subsequent renewal batches from running.
7.0.4 : 2025-07-03
Enhancements:
Updated support for monitoring certs managed by external cert managers on same instance:
Certbot
acme.sh
win-acme & simple-acme
Posh-ACME
UI: Updated translations for Chinese (Traditional and Simplified), updated Japanese translations.
7.0.3 : 2025-06-12
Enhancements:
Core:
DNS: Add NameSilo DNS provider
Dashboard: Remove status reports if item deleted
Updated dependencies
UI:
Remove View Dashboard option if instance not registered on dashboard.
7.0.2 : 2025-05-21
Fixes :
HTTP Challenge Server not serving responses when backend service is not on default port
Minor updates and fixes
7.0.1 : 2025-05-05
Minor updates and fixes
7.0.0 : 2025-04-29
Certify Certificate Manager - v7.0-alpha
Alpha-version (not yet for general production use)
v7.x is a major new release, targeting the latest version of dotnet (self-contained, no runtime install required), with support for our new Certify Management Hub for centralized administration.
App uses latest .net 9.0 (self-contained, no shared runtimes required).
Thousands of minor changes, fixes, refactoring and improvements over the last 24 months, aligning Certify Management Hub and Certify Certificate Manager.