Pebble v2.2.1

The previous v2.2.0 release mistakenly tagged the same commit as v2.1.0. Apologies for the mistake. This v2.2.1 release fixes this issue and should be used in its place.

Features

• separate HTTP management interface/listener.
• cert-status-by-serial management endpoint for checking revocation status.
• probabilistic valid authorization reuse.

Bug-fixes

• fix missing returns in WFE error paths.
• fix WFE rendering of empty contact/authz challenge arrays.
• fix custom DNS resolver on Windows.

Misc

• update docker-compose.yml to use latest image tags.
• update docker base images to use Go 1.12.
• WFE "marshaling" typo fixes/consistency.

Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for their contributions to this release.

Pebble v2.2.0

Pebble v2.2.0 was mistakenly tagged at the same commit as Pebble v2.1.0.

Please disregard this release and use v2.2.1. We leave this tag in place for immutability sake. Apologies for the inconvenience.

Pebble v2.1.0

features:

• support for draft-ietf-acme-ip-06 (thanks @orangepizza for impl, @felixfontein for bug fixes!)
• issuer/intermediate key/cert are accessible over HTTP (thanks @adferrand!)
• support for specifying EE cert OCSP Responder URL (thanks @adferrand!)
• support for creating and offering alternative cert. chains (thanks @felixfontein!)
• -strict support for rejecting legacy JWS requests

misc:

• CI release asset publication pipeline (thanks @adferrand!)

bug-fixes:

• wfe: unlocking order in updateChallenge after read (thanks @dopey!)

v2.0.2

• Bug fixes for data races between WFE and VA. Thanks to @bluecmd for reporting!
• Removal of ID field from Account resource responses.
• Simple CNAME support for pebble-challtestsrv. Thanks to @ryansouza for implementing!

v2.0.1

• Always send Link: rel="index"
• Implement orderNotReady and badPublicKey errors
• Add linting, test coverage, code of conduct and make lint fixes
• Use pre-built release versions of pebble and pebble-challtestsrv in
  docker-compose.yml
• Add AppVeyor support to auto-publish Windows Docker images

v2.0.0

This release enables all of the behaviour previously gated behind -strict as defaults. If you were not running Pebble 1.0.x with -strict already you may find this is a breaking release that requires client bugfixes. If you were
previously running Pebble 1.0.x with -strict you should find 2.0.0 is a drop-in upgrade.

v1.0.1

This patch revision fixes the Docker image deployment from CI.

• fix: publish on Docker - #199

v1.0.0

Following the decision to switch Pebble to using Semantic Versioning we're happy to announce the v1.0.0 release.

Moving forward we will no longer be publishing date based git tags or docker image tags and will instead only publish semver git releases and docker image tags.

2018-12-14 Snapshot

pebble-challtestsrv: add request history API. (#185)

In testing contexts its useful to be able to ask the
`pebble-challtestsrv` about what DNS, HTTP(s), and TLS-ALPN-01 requests
it has received.

2018-12-12 Snapshot

WFE: Only send Replay-Nonce for POSTs/newNonce endpoint. (#184)

Modern ACME only sends a Replay-Nonce in responses to GET/HEAD
requests to the dedicated newNonce endpoint, or in replies to POST
requests that consumed a nonce.