addedDirectory URLs for Google ACME providerfixedInvalidate ACME provider directory cache after 24 hoursfixedRetry HTTP requests on server errors or when rate limited - #89
fixedAllowclient.auto()being called with an empty CSR common namefixedBug when callingupdateAccountKey()with external account binding
addedSupport and tests for satisfyingtls-alpn-01challengeschangedReplacejsrsasignwith@peculiar/x509for certificate and CSR handlingchangedMethodgetChallengeKeyAuthorization()now returns$token.$thumbprintwhen called with atls-alpn-01challenge- Previously returned base64url encoded SHA256 digest of
$token.$thumbprinterroneously - This change is not considered breaking since the previous behavior was incorrect
- Previously returned base64url encoded SHA256 digest of
fixedAllow self-signed or invalid certs when validatinghttp-01challenges that redirect to HTTPS - #65fixedWait for all challenge promises to settle before rejectingclient.auto()- #75
fixedUpgradejsrsasign@11.0.0- GHSA-rh63-9qcf-83gffixedUpgradeaxios@1.6.5- CVE-2023-45857
- Upgrade guide here
addedNew native crypto interface, ECC/ECDSA supportbreakingRemove support for Node v10, v12 and v14breakingPrioritize issuer closest to root during preferred chain selection - #46changedReplacebluebirddependency with native promise APIschangedReplacebacko2dependency with internal utility
fixedUpgradeaxios@0.26.1fixedUpgradenode-forge@1.3.0- CVE-2022-24771, CVE-2022-24772, CVE-2022-24773
fixedUse SHA-256 when signing CSRs
backportUse SHA-256 when signing CSRs
addedDirectory URLs for ACME providers Buypass and ZeroSSLfixedSkip already valid authorizations when usingclient.auto()
fixedUpgradenode-forge@1.2.0
fixedZeroSSLduplicate_domains_in_arrayerror when usingclient.auto()
addedSupport for external account binding - RFC 8555 Section 7.3.4addedAbility to pass through custom logger functionchangedIncrease defaultbackoffAttemptsto 10fixedDeactivate authorizations where challenges can not be completedfixedAttempt authoritative name servers when verifyingdns-01challengesfixedError verbosity when failing to read ACME directoryfixedCorrectly recognizereadyandprocessingstates - RFC 8555 Section 7.1.6
fixedUpgradeaxios@0.21.4- CVE-2021-3749
fixedUpgradeaxios@0.21.1- CVE-2020-28168
fixedBug when encoding PEM payloads, potentially causing malformed requests
fixedMissing TypeScript definitions
addedOptionpreferredChainadded toclient.getCertificate()andclient.auto()to indicate which certificate chain is preferred if a CA offers multipleaddedMethodclient.getOrder()to refresh order from CAfixedUpgradeaxios@0.21.0fixedError when attempting to revoke a certificate chainfixedMissing URL augmentation inclient.finalizeOrder()andclient.deactivateAuthorization()fixedAdd certificate issuer to response fromforge.readCertificateInfo()
fixedExplicitly set defaultaxiosHTTP adapter - axios/axios#1180
fixedUpgradenode-forge@0.10.0- CVE-2020-7720
breakingRemove support for Node v8breakingRemove deprecatedopensslcrypto modulefixedIncorrect TypeScriptCertificateInfodefinitionsfixedAllow trailing whitespace character inhttp-01challenge response
fixedImprovements to TypeScript definitions
addedTypeScript definitionsfixedAllow missing ACME directory meta field - RFC 8555 Section 7.1.1
addedNew optionskipChallengeVerificationadded toclient.auto()to bypass internal challenge verification
addedMore extensive testing using letsencrypt/pebblechangedWhen creating a CSR,commonNameno longer defaults to'localhost'- This change is not considered breaking since
commonName: 'localhost'will result in an error when ordering a certificate
- This change is not considered breaking since
fixedRetry signed API requests onurn:ietf:params:acme:error:badNonce- RFC 8555 Section 6.5fixedMinor bugs related toPOST-as-GETwhen callingupdateAccount()fixedEnsure subject common name is present in SAN when creating a CSR - CAB v1.2.3 Section 9.2.2fixedSend empty JSON body when responding to challenges - RFC 8555 Section 7.5.1
backportMinor bugs related toPOST-as-GETwhen callingclient.updateAccount()backportSend empty JSON body when responding to challenges
addedUTF-8 support when generating a CSR subject using forge - RFC 5280fixedImplementPOST-as-GETfor all ACME API requests - RFC 8555 Section 6.3
backportImplementPOST-as-GETfor all ACME API requests
addedExposeaxiosinstance to allow manipulating HTTP client defaultsbreakingRemove support for Node v4 and v6breakingRemove Babel transpilation
addedDNS CNAME detection when verifyingdns-01challenges
addedSupport fortls-alpn-01challenge key authorization
fixedHandle and throw errors from OpenSSL process
addedNew node-forge crypto interface, removes OpenSSL CLI dependencyaddedSupport nativecrypto.generateKeyPair()API when generating key pairs
addedAbility to set and get current account URLfixedReplace HTTP clientrequestwithaxiosfixedAuto-mode no longer tries to create account when account URL exists
fixedKey rollover in compliance with draft-ietf-acme-13
breakingACMEv2breakingAPI changesbreakingRewrite to ES6breakingPromises instead of callbacks
- API stable
fixedBug causing invalid anti-replay nonce
breakingOpenSSL methodreadCsrDomainsandreadCertificateInfonow return domains as an objectfixedAdded and fixed some tests
acme-clientreleased