Release Notes

v0.9.0 - March 01, 2017

  • FEATURE: Reporting
  • FEATURE: There is now a ‘Configuration’ section in the WHM Let’s Encrypt SSL.
    • This is only a subset of the total configuration options available, but it should be most of the useful ones
    • CLI: Added config list, config set --key k --value v. Refer to CLI docs
  • FEATURE: Add config option autossl_skip_patterns, which is an array of regex patterns that the plugin should test against when processing AutoSSL.
  • FEATURE: Add config options disable_success_mail, disable_mail which globally disable renewal success emails, and all renewal emails globally
    • These are also available in the WHM interface
  • UI: Automatically select already-selected domains when issuing a certificate for a virtual host with an existing plugin certificate (i.e. to prevent RSI when there are many alias or subdomains)
  • FIX: le-cp ssl issue will now always include the main domain of the virtual host, regardless of arguments.
    • This fixes the ‘/.well-known’ nil virtualhost permissions error
  • FIX: le-cp will now print useful info when run rather than assuming it is running as CGI
  • FIX: le-cp self-test should now be more useful for licensing issues
  • FIX: More changes to try improve installer reliability in some environments
  • UI: WHM interface is now ‘tabbed’
  • MISC: Now built with Go 1.8 (previously 1.6.4)

v0.8.1 - February 07, 2017

  • FIX: Renewal error relating to ‘mkdir permissions’ fixed (only affecting certificates from old versions that did not include the main virtualhost domain)
  • FIX: Stop BoltDB writing to disk every 5 seconds
  • FIX: Emails now come from ‘Let’s Encrypt SSL’ again instead of ‘FleetSSL’

v0.8.0 - February 02, 2017

  • FIX: Renewal was significantly reworked to handle cases where the type of a virtualhost (addon, alias, etc) for a domain changed between renewals(thanks Joseph).
  • FEATURE: HTML Email support
  • FEATURE: Added config flags to set day of week & time of day to begin processing renewals.
  • FEATURE: Post renewal hook
    • Run a command/script when certificates are renewed
    • Please see Configuration for more details.
  • FIX: Fixed a race condition in the installer which sometimes caused the background service to not install properly.
  • FIX: Restart Apache every hour during renewals.
  • FIX: AutoSSL now properly uses deferred restarts.
  • UI: Only auto-select www. and mail. subdomains of primary domain, instead of all domains, when issuing a new certificate.
  • UI: Misc UI changes, including links to rate limits on issue page and service status widget on main page.
  • MISC: Rebranding to FleetSSL where applicable.

v0.7.9 - January 09, 2017

  • FIX: Implemented fix for “unknown error” during installation or renewals

v0.7.8 - December 08, 2016

  • FEATURE: Deferred apache restarts for certificate renewals (beta)
    • Currently behind a feature flag
    • See Configuration to enable it.
  • FEATURE: Now compatible with redirected alias domains.
  • FEATURE: le-cp ssl renew now has an optional --force flag
  • FIX: Sometimes installer would fail on cPanel 60+
  • UI: Added descriptions to user settings page
  • MISC: Updating all logging to use consistent structured logging
  • FEATURE: Plugin checks writability and availability of /.well-known/acme-challenge/ prior to issuing attempts
    • Pushed back to 0.8.x.

v0.7.7 - October 29, 2016

This is a minor bugfix release. The next major upcoming release will introduce deferred webserver restarts when doing renewals/AutoSSL to reduce the overall server load on servers with a lot of accounts.

  • FIX: Ensure that AutoSSL always enables SNI (redundant after cPanel v60)
  • UI: Plugin will now show up in cPanel when user searches for ‘SSL’
  • MISC: Add hasSuffix, contains functions to template functions
  • MISC: Add rpc ‘ping’ to self-test

v0.7.6 - October 03, 2016

  • FIX: Compatible with cPanel v59/v60 api changes

v0.7.4 - August 20, 2016

  • FIX: Simplified certificate issuing process for end users
  • FIX: autossl [enable/disable] would only take effect after the second invocation
  • FIX: Remove extended sleeps between accounts during AutoSSL/Renewal
  • FIX: Make it harder to accidentally have two certificates for the same virtualhost
  • FIX: Fixed regression where plugin wasn’t removed properly from chkservd on uninstallation
  • MISC: Add config flag to control renewal/AutoSSL delay between accounts (for managing server load)

v0.7.2 - August 09, 2016

  • FIX: Version 0.7.0 introduced checking for user quotas, which caused a regression where issuing and renewal would fail if the server did not have the quotas package available and quotas were disabled. This addresses that regression.

v0.7.1 - August 09, 2016

This is a bugfix patch to 0.7.0.

  • FIX: New hostcerts were incorrectly using ECDSA
  • FIX: WHMCS Hook didn’t handle the case where domain registration was delayed
  • MISC: Add le-cp hostcert reset CLI command

v0.7.0 - August 07, 2016

  • FEATURE: ‘AutoSSL’ - automatic certificates for all domains
  • FEATURE: CLI API interface
  • FEATURE: Ability for admin to configure parameters for private keys:
    • RSA 2048, RSA 4096, ECDSA P-256, ECDSA P-384
    • Uses ECDSA by default for Let’s Encrypt account key (significantly faster)
    • Reduces default RSA private key size for certificates to 2048 from 4096
  • FEATURE: self-test command to make sure environment is OK
  • FIX: Fix $LANG{} cosmetic error that occurs on some minority of servers
  • FIX: httpoxy vulnerability (not viable to exploit in this instance)
  • FIX: Detect when hostname has changed for service certificates
  • FIX: Plugin does not try to alter accounts with no disk quota remaining
  • FIX: Fix annoying cosmetic WHM Service Manager bug
  • MISC: Add some styling to WHM interface

v0.0.5 (December 06, 2015) through v0.6.5 (July 15, 2016)

v0.6.5 - July 15, 2016

v0.6.4 - July 03, 2016

  • FIX: 2FA support was not working when JSON-API was protected in WHM Security Policies

v0.6.3 - June 30, 2016

  • FIX: Accounts with a large number of LE certificates configured were failing to renew properly

v0.6.2 - June 18, 2016

  • FIX: Rewrite x3 installer to future proof for cPanel 56+ and prevent issues with older themes

v0.6.1 - June 18, 2016

  • FIX: Change access method for WHM plugin to use access hash and restrict to root

v0.6.0 - June 16, 2016

  • FEATURE: Provisional support for WHM servers with 2FA enabled (no config required)
  • FEATURE: Theming support for custom (non X3/Paper Lantern) themes
  • FEATURE: Basic read-only WHM interface so you can see what certs have been issued (work-in-progress)
  • FEATURE: ‘Settings’ page for users so they can disable renewal emails via the UI
  • FEATURE: ‘Select All’ button on UI for issuing certs
  • FIX: Renewals for suspended accounts and accounts that no longer have the letsencrypt feature will no longer be processed
  • FIX: Less confusing Feature Manager descriptions
  • MISC: ListenAddr is no longer a config option

v0.5.8 - May 07, 2016

  • FIX: Trap/Abort error on some kernels/architectures
  • FIX: Process/PID handling on reboots on sysv systems

v0.5.7 - April 25, 2016

  • FEATURE: allow extra names on service certificate (see service certificate docs)
  • FIX: X1->X3 intermediate transition could fail in rare circumstances
  • FIX: validation filename may have broken validation in rare circumstances
  • FIX: mail SNI status being lost between renewals

v0.5.0 - April 3, 2016

  • FEATURE: New issuing interface with better support for alias domains
  • FEATURE: Multiple language localisation files
  • FEATURE: Localised renewal emails
  • FEATURE: Global renewal mail disable
  • FEATURE: Service certificate renewal sends email to root@hostname
  • FIX: Improved detection for whether the feature is enabled in WHM
  • FIX: Improved status detection of installed certificates
  • FIX: Improved removal of certificates
  • MISC: Check install mail sni by default

v0.4.7 - March 10, 2016

  • FIX: edge case with new forks not handling let’s encrypt response properly

v0.4.5 - March 09, 2016

This is a bugfix build in anticipation of a major release, with better alias/parked domain UX.

  • FEATURE: 32-bit releases now available
  • FEATURE: service certificates out of beta
  • FIX: daemon renewal now forks as user rather than using privileged API
  • FIX: template string unparsed when using x3
  • FIX: more reliable service restarts

v0.4.1 - February 15, 2016

Featuring, the most-often requested feature ever: Service Certificates.

  • FEATURE: Added support for Let’s Encrypt certificates for the WHM host domain
    • This is the first release of this feature, consider it in beta.
  • FEATURE: Added cron mode for users who don’t have root but want Let’s Encrypt
    • This is a technical preview
  • FEATURE: Multi-locale translation support
  • FIX: Renewal process now supports document roots containing symlinks (thanks Mike H).
  • FIX: Improved installation scripts and error handling
  • FIX: for status not showing installed when primary domain isn’t first in certificate
  • MISC: Automatic fetching of trial licence during install, when possible.

v0.3.2-3 - January 31, 2016

!!! Emergency Update !!! For more information, click here.

  • Packaging fix for upgrades

v0.3.2-2 - January 31, 2016

  • Fix for previous FQDN fix

v0.3.2-1 - January 30, 2016

This is a bugfix release in anticipation of a major release in the next two weeks.

  • Installer more reliable now
  • Fix: when WHM hostname is not a FQDN but has a valid certificate

For Developers,

  • Makefile now forces a static binary for compilation
  • Added reproducible builds via docker

v0.3.0 - December 23, 2015

(Install only available via yum repository now)

  • Now works on x3 theme. We strongly recommend the switch to Paper Lantern.
  • Customisable template and translation files
  • Parked domains support
  • Improved subdomain support (www. etc)
  • View and reinstall actions for existing certificates
  • Mail SNI!
  • Yum repository (automated installation possible now)

v0.1.2 - December 17, 2015

Permanent link to download

  • Renewal processing is now rate limited in order to prevent cpsrvd from getting overwhelmed.
  • Installer will now proceed if an existing licence is already installed

v0.1.1 - December 15, 2015

Permanent link to download

Fix bug in cgi on user accounts with large numbers of domains

v0.1.0 - December 07, 2015

Permanent link to download

Now supports issuing certificates with www. prefixes with subjectAltName.

Parked domains are disabled temporarily due to awkward API behavior

v0.0.5 - December 06, 2015

This is the initial release of the Let’s Encrypt for cPanel plugin.

Permanent link to download

Known issues:

  • Not issuing www. certificate at same time as root prefix.