Beta Version Release Notes

Latest Version: 5.9 4

5.9.4 : 2023/02/24

• Enhancements:
  • DNS: Implement Google Domains provider for DNS based ACME challenges.
  • Tasks: New deployment task to Set Private Key permissions for specific account.
  • Tasks: New task Update Port Binding for general TLS port binding updates.
  • DB: range of improvements for query performance with large collections of managed items.
  • Certs: new certificate OCSP and ARI health checks twice per day to test for any required early renewal.
• Fixes:
  • Tasks: Azure Key Vault deployment task should use PFX password if set.
  • Tasks: Don't show remote host option if task doesn't support it.

5.9.3 : 2022/12/22

• Enhancements:
  • Remove blocking of UI for periodic status checks, use regular background checks instead.
• Fixes:
  • Make modern PFX algs no longer the default due to compatibility issues
  • Use a loopback IP for default API binding instead of localhost due to incompatibility with some hosts.
  • Fix preferred chain pref not being honoured is CA has a default chain set in config

5.9.2 : 2022/12/15

• Enhancements:
  • Core: Implement continuous certificate health checks (OCSP and ARI).
  • Core: Relax PFX chain building so copy of the CA root is not always required.

5.9.1 : 2022/12/01

• Fixes
  • Use standard defaults for PFX build algorithms
  • Fix some exception logging when CA communication fails

5.9.0 : 2022/11/29

Alpha release for upcoming V6.0

• Enhancements:
  • General: Certify SSL Manager is now called Certify Certificate Manager
  • UI: Added turkish language support (thanks to Riza Emet)
  • DNS: Implemented Domeneshop and Infomaniak DNS providers via Posh-ACME
  • DNS: Add DDNSZone option for RFC2136 provider via Posh-ACME
  • Tasks: Breaking Change exclude root cert from default export for Apache, nginx and Generic Server fullchain option.
  • Core: PFX files now default to more modern key and certificate algorithm defaults. Legacy option is available as config.
  • Core: Refined logging details
  • Core: Internal ACME CAs can now optionally connect using self-signed TLS
  • CA: Add Sectigo (EV,DV,OV ACME endpoints) as built in CA option.
  • CA: Breaking Change Let's Encrypt will now default to the ISRG Root X1 chain instead of the default expired DST Root CA X3 chain.
• Fixes:
  • DNS: GoDaddy DNS provider fetch all result pages, fix default result page sizes
  • UI: Changes to preferred chain were not being saved in account editor
  • UI: Certificate Authority select resets in advanced certificate setting user changes to main settings tab
  • UI: Fix challenge credentials reset to default item on refresh of credentials list
• Planned Before Final Release:
  • *CA: Add Fallback modes- Preferred with Automatic Fallback (default), Preferred Only, Any (Random)
  • *UI: New optional cross-platform web interface in addition to the existing desktop UI.
  • *UI: new database migration UI to move from one database backend to another
  • *API: New APIs for custom client access
  • *Core: Support for running under Linux (Docker etc)
  • *Core/UI: Improved support for managing many thousands of certs
  • *Core: Nginx target support for website selection and binding deployment
  • *Core: Support for running on Linux, with certificates defaulting to pem format on that platform
  • *Core: New optional database backends for configuration storage: SQLite (default), Microsoft SQL Server, PostgreSQL
  • *Core: New preference for cert expiry days (e.g. optionally expiring in less than 90 days)

---