Skip to main content

Changelog

v0.9.0 - 2026-05-31

Initial public release.

Features

  • ACME server (RFC 8555) covering account registration with key rollover, orders, authorizations, challenge validation, finalization, certificate retrieval, and revocation
  • HTTP-01, DNS-01 and TLS-ALPN-01 challenge validation
  • Wildcard certificates, including mixed [apex, *.apex] orders (RFC 8555 §7.1.4)
  • ACME Renewal Information endpoint (RFC 9773, read-only) for client-driven renewal scheduling
  • ADCS authority via certreq.exe
  • Built-in fake PKI authority for local testing
  • Issuance policies with DNS scope rules and signature constraints
  • Policy bindings with first_available and round_robin strategies
  • Server-side rate limiting per ACME account (duplicate-certificate)
  • SQLite (default), PostgreSQL and SQL Server backends
  • Async job engine with persistent retry and exponential backoff
  • TLS certificate manager for the server's own certificate (files and pki modes)
  • Structured logging with per-service level overrides and log rotation
  • Tamper-evident ACME audit log (JSONL + HMAC chain, validated by the audit verify command)
  • SQLite backup CLI (backup create / backup verify)
  • License enforcement with strict boot and acknowledgement of degraded states
  • Graceful HTTP shutdown
  • Built-in mitigations against ESC-class attacks: DNS-only identity, Server Authentication EKU only by default

Interoperability covered by automated tests

  • ACME clients: certbot, lego, acme.sh, and a built-in protocol client
  • Backends: ADCS, fake PKI
  • Databases: SQLite, PostgreSQL, SQL Server
  • Full clients × challenges × databases × backends matrix
note

Certeasy is in public beta. Known limitations in this release:

  • Revocation is server-side only. A revoked certificate is marked revoked in Certeasy's database and an audit event is emitted, but the ADCS CRL / OCSP responder is not updated. Clients validating chain status against ADCS will still see the certificate as valid until the CRL is republished. Full propagation lands in v1.0.
  • No health or metrics HTTP endpoints yet. Operational monitoring is limited to log scraping and database introspection in this release; dedicated /health and metrics endpoints are planned.
  • No automatic data retention or cleanup. ACME tables (orders, authorizations, challenges, …) grow without bound. Operators running long-lived deployments should plan for manual maintenance until automated retention ships.
  • RFC 9773 replaces field is accepted but not yet honored. Clients can supply replaces on new orders without error, but the linkage to the previous certificate is not applied. The renewalInfo endpoint itself is fully functional.
  • External Account Binding (EAB) is not supported and is not planned for v1.0. Single-tenant enterprise deployments do not need it; see the roadmap for v2.0 timing.
  • Caddy interoperability has not been formally validated in this release.