v0.15.1 - May 16, 2019

  • This is a bugfix and quality of life release.
  • FEATURE: In preparation for Let’s Encrypt’s transition to its own root certificate, the plugin will now prioritize using the legacy (cross-signed by DST CA X3) Let’s Encrypt Authority X3 intermediate for as long as possible.
    • The decision to override the defualt intermediate (as of July 8, 2019) is driven by a desire for websites using these certificates to retain maximum device compatibility (for example, with very old Android devices).
    • Once the cross-signed intermediate is expired, the plugin will automatically fall back to using the default (signed by ISRG Root X1) intermediate.
  • FEATURE: The ssl renew CLI has two new flags:
    • --dry-run : Performs a dry-run of renewal. By default, for all domains in the cPanel user’s account.
    • --virtualhost : Limits the renewal or dry-run to a specific virtualhost.
  • FIX: Fix a case where issuing a wildcard certificate would result in two certificates being issued.
    • This would only happen when a cPanel account has a wildcard virtualhost in addition to the base virtualhost, e.g. example.com AND *.example.com.
    • When encountering this ambiguity, the plugin will now choose the intended virtualhost correctly and only issue one certificate.
  • FIX: Dry-runs now deactivate their ACME authorizations once they have completed.
    • This avoids successful authorizations being re-used during subsequent dry-runs.This previously cause dry-runs to succeed without actually testing anything.
  • FIX: DNS-01 validations now create TXT records with a TTL of 1 second (previously 360 seconds).
    • This fixes a case where if a specific domain name is involved in two certificate issuances less than 60 seconds apart (for example, this can happen with wildcards), the DNS-01 verification process could fail.