Release Notes

v0.9.5 - April 13, 2017

  • FIX: AutoSSL: Fixed preflight bug which mistakenly identified account as having pre-existing certificates
  • FIX: Service Certificates: Fix bug where service cert was being installed to apple mail push in cPanel 64 and failing

v0.9.4 - April 01, 2017

  • FIX: 0.9.2 introduced a nil panic for deployments where plugin AutoSSL was enabled.
  • FIX: 0.9.3 did not properly address the above bug and has been pulled

v0.9.2 - March 30, 2017

  • FIX: Compatibility fixes for cPanel bugs that currently exist in the CURRENT/Release Candidate tier.
    • Please note, if you are on a buggy 64 release, then the Let’s Encrypt feature will be available for all users regardless of their status in feature manager. This is unavoidable due to the nature of the bug.
  • FIX: Plugin will not try to install certs for Apple APN service in cPanel 64
  • FEATURE: Mail can now be relayed via an external server rather than the system MTA

v0.9.0 - March 01, 2017

  • FEATURE: Reporting
  • FEATURE: There is now a ‘Configuration’ section in the WHM Let’s Encrypt SSL.
    • This is only a subset of the total configuration options available, but it should be most of the useful ones
    • CLI: Added config list, config set --key k --value v. Refer to CLI docs
  • FEATURE: Add config option autossl_skip_patterns, which is an array of regex patterns that the plugin should test against when processing AutoSSL.
  • FEATURE: Add config options disable_success_mail, disable_mail which globally disable renewal success emails, and all renewal emails globally
    • These are also available in the WHM interface
  • UI: Automatically select already-selected domains when issuing a certificate for a virtual host with an existing plugin certificate (i.e. to prevent RSI when there are many alias or subdomains)
  • FIX: le-cp ssl issue will now always include the main domain of the virtual host, regardless of arguments.
    • This fixes the ‘/.well-known’ nil virtualhost permissions error
  • FIX: le-cp will now print useful info when run rather than assuming it is running as CGI
  • FIX: le-cp self-test should now be more useful for licensing issues
  • FIX: More changes to try improve installer reliability in some environments
  • UI: WHM interface is now ‘tabbed’
  • MISC: Now built with Go 1.8 (previously 1.6.4)

v0.8.1 - February 07, 2017

  • FIX: Renewal error relating to ‘mkdir permissions’ fixed (only affecting certificates from old versions that did not include the main virtualhost domain)
  • FIX: Stop BoltDB writing to disk every 5 seconds
  • FIX: Emails now come from ‘Let’s Encrypt SSL’ again instead of ‘FleetSSL’

v0.8.0 - February 02, 2017

  • FIX: Renewal was significantly reworked to handle cases where the type of a virtualhost (addon, alias, etc) for a domain changed between renewals(thanks Joseph).
  • FEATURE: HTML Email support
  • FEATURE: Added config flags to set day of week & time of day to begin processing renewals.
  • FEATURE: Post renewal hook
    • Run a command/script when certificates are renewed
    • Please see Configuration for more details.
  • FIX: Fixed a race condition in the installer which sometimes caused the background service to not install properly.
  • FIX: Restart Apache every hour during renewals.
  • FIX: AutoSSL now properly uses deferred restarts.
  • UI: Only auto-select www. and mail. subdomains of primary domain, instead of all domains, when issuing a new certificate.
  • UI: Misc UI changes, including links to rate limits on issue page and service status widget on main page.
  • MISC: Rebranding to FleetSSL where applicable.

v0.7.9 - January 09, 2017

  • FIX: Implemented fix for “unknown error” during installation or renewals

v0.7.8 - December 08, 2016

  • FEATURE: Deferred apache restarts for certificate renewals (beta)
    • Currently behind a feature flag
    • See Configuration to enable it.
  • FEATURE: Now compatible with redirected alias domains.
  • FEATURE: le-cp ssl renew now has an optional --force flag
  • FIX: Sometimes installer would fail on cPanel 60+
  • UI: Added descriptions to user settings page
  • MISC: Updating all logging to use consistent structured logging
  • FEATURE: Plugin checks writability and availability of /.well-known/acme-challenge/ prior to issuing attempts
    • Pushed back to 0.8.x.

v0.7.7 - October 29, 2016

This is a minor bugfix release. The next major upcoming release will introduce deferred webserver restarts when doing renewals/AutoSSL to reduce the overall server load on servers with a lot of accounts.

  • FIX: Ensure that AutoSSL always enables SNI (redundant after cPanel v60)
  • UI: Plugin will now show up in cPanel when user searches for ‘SSL’
  • MISC: Add hasSuffix, contains functions to template functions
  • MISC: Add rpc ‘ping’ to self-test

v0.7.6 - October 03, 2016

  • FIX: Compatible with cPanel v59/v60 api changes

v0.7.4 - August 20, 2016

  • FIX: Simplified certificate issuing process for end users
  • FIX: autossl [enable/disable] would only take effect after the second invocation
  • FIX: Remove extended sleeps between accounts during AutoSSL/Renewal
  • FIX: Make it harder to accidentally have two certificates for the same virtualhost
  • FIX: Fixed regression where plugin wasn’t removed properly from chkservd on uninstallation
  • MISC: Add config flag to control renewal/AutoSSL delay between accounts (for managing server load)

v0.7.2 - August 09, 2016

  • FIX: Version 0.7.0 introduced checking for user quotas, which caused a regression where issuing and renewal would fail if the server did not have the quotas package available and quotas were disabled. This addresses that regression.

v0.7.1 - August 09, 2016

This is a bugfix patch to 0.7.0.

  • FIX: New hostcerts were incorrectly using ECDSA
  • FIX: WHMCS Hook didn’t handle the case where domain registration was delayed
  • MISC: Add le-cp hostcert reset CLI command

v0.7.0 - August 07, 2016

  • FEATURE: ‘AutoSSL’ - automatic certificates for all domains
  • FEATURE: CLI API interface
  • FEATURE: Ability for admin to configure parameters for private keys:
    • RSA 2048, RSA 4096, ECDSA P-256, ECDSA P-384
    • Uses ECDSA by default for Let’s Encrypt account key (significantly faster)
    • Reduces default RSA private key size for certificates to 2048 from 4096
  • FEATURE: self-test command to make sure environment is OK
  • FIX: Fix $LANG{} cosmetic error that occurs on some minority of servers
  • FIX: httpoxy vulnerability (not viable to exploit in this instance)
  • FIX: Detect when hostname has changed for service certificates
  • FIX: Plugin does not try to alter accounts with no disk quota remaining
  • FIX: Fix annoying cosmetic WHM Service Manager bug
  • MISC: Add some styling to WHM interface

v0.0.5 (December 06, 2015) through v0.6.5 (July 15, 2016)

v0.6.5 - July 15, 2016

v0.6.4 - July 03, 2016

  • FIX: 2FA support was not working when JSON-API was protected in WHM Security Policies

v0.6.3 - June 30, 2016

  • FIX: Accounts with a large number of LE certificates configured were failing to renew properly

v0.6.2 - June 18, 2016

  • FIX: Rewrite x3 installer to future proof for cPanel 56+ and prevent issues with older themes

v0.6.1 - June 18, 2016

  • FIX: Change access method for WHM plugin to use access hash and restrict to root

v0.6.0 - June 16, 2016

  • FEATURE: Provisional support for WHM servers with 2FA enabled (no config required)
  • FEATURE: Theming support for custom (non X3/Paper Lantern) themes
  • FEATURE: Basic read-only WHM interface so you can see what certs have been issued (work-in-progress)
  • FEATURE: ‘Settings’ page for users so they can disable renewal emails via the UI
  • FEATURE: ‘Select All’ button on UI for issuing certs
  • FIX: Renewals for suspended accounts and accounts that no longer have the letsencrypt feature will no longer be processed
  • FIX: Less confusing Feature Manager descriptions
  • MISC: ListenAddr is no longer a config option

v0.5.8 - May 07, 2016

  • FIX: Trap/Abort error on some kernels/architectures
  • FIX: Process/PID handling on reboots on sysv systems

v0.5.7 - April 25, 2016

  • FEATURE: allow extra names on service certificate (see service certificate docs)
  • FIX: X1->X3 intermediate transition could fail in rare circumstances
  • FIX: validation filename may have broken validation in rare circumstances
  • FIX: mail SNI status being lost between renewals

v0.5.0 - April 3, 2016

  • FEATURE: New issuing interface with better support for alias domains
  • FEATURE: Multiple language localisation files
  • FEATURE: Localised renewal emails
  • FEATURE: Global renewal mail disable
  • FEATURE: Service certificate renewal sends email to root@hostname
  • FIX: Improved detection for whether the feature is enabled in WHM
  • FIX: Improved status detection of installed certificates
  • FIX: Improved removal of certificates
  • MISC: Check install mail sni by default

v0.4.7 - March 10, 2016

  • FIX: edge case with new forks not handling let’s encrypt response properly

v0.4.5 - March 09, 2016

This is a bugfix build in anticipation of a major release, with better alias/parked domain UX.

  • FEATURE: 32-bit releases now available
  • FEATURE: service certificates out of beta
  • FIX: daemon renewal now forks as user rather than using privileged API
  • FIX: template string unparsed when using x3
  • FIX: more reliable service restarts

v0.4.1 - February 15, 2016

Featuring, the most-often requested feature ever: Service Certificates.

  • FEATURE: Added support for Let’s Encrypt certificates for the WHM host domain
    • This is the first release of this feature, consider it in beta.
  • FEATURE: Added cron mode for users who don’t have root but want Let’s Encrypt
    • This is a technical preview
  • FEATURE: Multi-locale translation support
  • FIX: Renewal process now supports document roots containing symlinks (thanks Mike H).
  • FIX: Improved installation scripts and error handling
  • FIX: for status not showing installed when primary domain isn’t first in certificate
  • MISC: Automatic fetching of trial licence during install, when possible.

v0.3.2-3 - January 31, 2016

!!! Emergency Update !!! For more information, click here.

  • Packaging fix for upgrades

v0.3.2-2 - January 31, 2016

  • Fix for previous FQDN fix

v0.3.2-1 - January 30, 2016

This is a bugfix release in anticipation of a major release in the next two weeks.

  • Installer more reliable now
  • Fix: when WHM hostname is not a FQDN but has a valid certificate

For Developers,

  • Makefile now forces a static binary for compilation
  • Added reproducible builds via docker

v0.3.0 - December 23, 2015

(Install only available via yum repository now)

  • Now works on x3 theme. We strongly recommend the switch to Paper Lantern.
  • Customisable template and translation files
  • Parked domains support
  • Improved subdomain support (www. etc)
  • View and reinstall actions for existing certificates
  • Mail SNI!
  • Yum repository (automated installation possible now)

v0.1.2 - December 17, 2015

Permanent link to download

  • Renewal processing is now rate limited in order to prevent cpsrvd from getting overwhelmed.
  • Installer will now proceed if an existing licence is already installed

v0.1.1 - December 15, 2015

Permanent link to download

Fix bug in cgi on user accounts with large numbers of domains

v0.1.0 - December 07, 2015

Permanent link to download

Now supports issuing certificates with www. prefixes with subjectAltName.

Parked domains are disabled temporarily due to awkward API behavior

v0.0.5 - December 06, 2015

This is the initial release of the Let’s Encrypt for cPanel plugin.

Permanent link to download

Known issues:

  • Not issuing www. certificate at same time as root prefix.