When processing renewals (for both domain certificates and service certificates), the plugin will now check whether certificates managed by the plugin have been revoked by querying the Let’s Encrypt OCSP service.
If any certificate is found to be revoked, a renewal attempt will be made.
If the OCSP response cannot be retrieved within 10 seconds, the certificate is assumed to not be revoked.
FIX: Fix renewal logic bug relating to wildcards.
A wildcard certificate (expiring in the far future) could prevent a (expiring soon) non-wildcard certificate from renewing.
This bug should no longer occur, all certificates should renew completely independently of each other.
FIX: Fix le-cp hostcert remove <hostname> inadvertently adding the hostname if it wasn’t already in the list.
MISC: Add le-cp restart-insecure, in case the WHM service certificate went bad and the plugin cannot talk to the WHM API securely.
MISC: Revert the legacy cross-signed issuer logic introduced in 0.15.1, since Let’s Encrypt deferred the change until July 2020.
MISC: The installer will now rewrite /etc/yum.repos.d/*.repo to use our CDN endpoint (r.cpanel.fleetssl.com) if it is found to be connecting directly to our origin server.
MISC: If the plugin licence file (/etc/letsencrypt-cpanel.licence) is found to have unsafe permissions (anything other than 0600 or 0400), the permissions will be set to 0600. This is to protect against inadvertently exposing licence files to theft.