Let's Encrypt will shortly be disabling v1 of their API as used by Certify The Web version 3.x and lower. If you are still using an older version of the app please plan your upgrade to the latest version now. Note that for 32-bit users there is no upgrade path and you will have to move to a 64-bit server to continue using the app.
We estimate this affects about 30% of users, so start upgrading now!
In the upcoming update we plan to add some great new features for people who need to use their certificates with non-IIS servers (such as Apache, nginx etc).
We will have built in support for exporting the correct formats and copy to either local or remote locations.
Users interested in beta testing early versions should check out the github issue tracking these features.
If you are still using an older version of the app please considering checking out the latest version and testing it with your configuration. If you are still on the 3.x version you may be missing out on important bug fixes or great new features, so check it out!
Please note that Let's Encrypt are not fully retiring the tls-sni-01 challenge and the latest versions of Certify will auto fallback to the http-01 challenge instead if you still have the old challenge type selected.
Users who are currently relying on Manual DNS updates in order to request Wildcard certificates are encouraged to check out the new ACME DNS support which is a one-time creation of a CNAME in your DNS zone (per domain) which you point to a server managed TXT record, removing the need to make updates to your DNS zone, so give it a try.
We started development of our new app version 6 months ago, including 4 months of user testing through Alpha and Beta stages. Now, we are proud to release v4 of Certify The Web.
New in version 4.0:
Manual downloads are available now from https://certifytheweb.com, if you have an older version of the app already installed it will start to offer to update itself in about 1 week.
If you are interested in testing the pre-release version of v4 you can check out this github issue for more info: v4 Testing
This new version will include:
If you're interested in helping other get the most out of using Certify The Web, or want to ask how other people use it, check out our new community discussion forum: https://community.certifytheweb.com note: this does not use your certifytheweb.com dashboard account details, instead it has it's own set of usernames etc.
Let's Encrypt have disabled support for the tls-sni-01 challenge type. You can read more on their forum.
If you are currently using the tls-sni-01 challenge type in Certify SSL Manager you will receive the following error on your next renewal attempt: Request failed - no challenge found matching requested type. You will need to switch to using the http-01 challenge type (via port 80). We are starting work on support for DNS validation (see below) as an alternative.
Let's Encrypt have announced they will make wildcard domain support available from the end of February 2018 onwards. Work to enable this feature in Certify SSL Manager has begun (targeting March 2018) and requires the following new features and changes:
We will need to make changes to support the V2 Let's Encrypt API. We currently used the ACMESharp library to talk to Let's Encrypt (v1) and we are looking at options including the Certes library and extending ACMESharp.
Wildcard domain validation is only supported by Let's Encrypt via DNS validation. For that to work we need to offer a manual or automated DNS validation step, so that the required DNS TXT records can be created on your domain(s) as required. Currently each DNS provider either has their own API or no API at all. This is likely to improve over the next few years (because of pressure from customers using Let's Encrypt etc) but currently we're looking at the most efficient way to enable this.
We are looking at how best to support wildcard certificates. In general there will be a central renewal of the wildcard certificate and then the option to apply that to one or more other sites. We're currently evaluating how much of that should be automated and how much should be left to the user to specify.
Certify SSL Manager v3.x is out now including:
A new background service has been implemented for certificate request & renewal management, with realtime UI updates. This replaces the old scheduled task method.
A new central reporting web dashboard is available to all users. Just register each instance with the dashboard and your installation will start sending in status reports. We will be expanding/refining this feature based on feedback.
It is now possible to import your list of sites to manage using a CSV file. This is an experimental feature and feedback is appreciated. More information can be found here: Bulk Import of Managed Sites