Certify SSL Manager News

January 2018

The tls-sni-01 challenge type is no longer available

Let's Encrypt have disabled support for the tls-sni-01 challenge type. You can read more on their forum.

If you are currently using the tls-sni-01 challenge type in Certify SSL Manager you will receive the following error on your next renewal attempt: Request failed - no challenge found matching requested type. You will need to switch to using the http-01 challenge type (via port 80). We are starting work on support for DNS validation (see below) as an alternative.

Wildcard Domain Support and Let's Encrypt V2 API

Let's Encrypt have announced they will make wildcard domain support available from the end of February 2018 onwards. Work to enable this feature in Certify SSL Manager has begun (targeting March 2018) and requires the following new features and changes:

Let's Encrypt API V2 support

We will need to make changes to support the V2 Let's Encrypt API. We currently used the ACMESharp library to talk to Let's Encrypt (v1) and we are looking at options including the Certes library and extending ACMESharp.

DNS Challenges

Wildcard domain validation is only supported by Let's Encrypt via DNS validation. For that to work we need to offer a manual or automated DNS validation step, so that the required DNS TXT records can be created on your domain(s) as required. Currently each DNS provider either has their own API or no API at all. This is likely to improve over the next few years (because of pressure from customers using Let's Encrypt etc) but currently we're looking at the most efficient way to enable this.

UI changes

We are looking at how best to support wildcard certificates. In general there will be a central renewal of the wildcard certificate and then the option to apply that to one or more other sites. We're currently evaluating how much of that should be automated and how much should be left to the user to specify.

November 2017

Certify SSL Manager v3.x is out now including:

New background service

A new background service has been implemented for certificate request & renewal management, with realtime UI updates. This replaces the old scheduled task method.

Reporting dashboard

A new central reporting web dashboard is available to all users. Just register each instance with the dashboard and your installation will start sending in status reports. We will be expanding/refining this feature based on feedback.

Bulk import from CSV

It is now possible to import your list of sites to manage using a CSV file. This is an experimental feature and feedback is appreciated. More information can be found here: Bulk Import of Managed Sites