Releases: sjkp/letsencrypt-siteextension
Bug fixes
Support for challenge file from Blob storage
Bug fixes and pull request merge
Internationalized Domain Name support
TLS 1.2 + 1.3
DNS Challenge, API, Version without Web Job
This latest release include a few nice things as well as some bug fixes.
The major new features are:
- Support for DNS Challenge using Azure DNS for now
- A version that doesn't include the web job
- An API hosted inside the site extension (for now) that allow you to operate the extension
DNS challenge
Until now the extension have relied on the http challenge, which requires the challenge file to be written to the web server and accessible over http to the Lets Encrypt servers in order for them to validate that you own the domain that you are requesting a SSL certificate for.
However Lets Encrypt also supports, a DNS challenge where you make a TXT record with a random value provided by Lets Encrypt, and that way prove ownership of the domain.
Using the DNS challenge method, have some benefits in that the extension can be used to request certificates that doesn't have to be used for SSL and doesn't have to be installed in an Azure Web App. For now however it only supports manual installation or automatic installation of the DNS challenge requested certificate in Azure Web App, so if you want to install them else where you have to do that manually.
Another obvious limitation of the DNS challenge is for it to work, the extension needs to know how to make a TXT record on your DNS server. For now I have only implemented support for Azure DNS (which few people probably use) but let me know which DNS services that people would like supported and I can see if they have an API that allow me to integrate with them. Currently I'm looking at supporting godaddy.
To use the DNS challenge you have to use the API for now, there is no UI to support it.
No Web Job Version
The web job have and still do cause some people problems. For that reason I have decided to make a package of the extension that doesn't come bundled with the web job. It is named Azure Let's Encrypt (No Web Jobs) pick that if you don't want the web job. Besides not including the web job, the two versions of the extension are identical, and will continue to be.
API Support
In order allow people using the version without the web job to have a way to operate the extension automatically, I have included an API that basically exposes the core functionality found in the LetsEncrypt.Azure.Core library.
You can browse the Swagger UI for the API using
https://<your-web-app>.scm.azurewebsites.net/letsencrypt/swagger/ui/index
If you decide to use the API for handling your Lets Encrypt certificates, you can have the site extension installed in a single site, and use that site to manage multiple other sites.
I will write some more documentation on how the API can be used in the coming weeks, until then please take a look at the unit tests in CertificateControllerTest to get an idea on which parameters to pass to the APIs.
Bugs
Bug fixes and improvements
This release mostly covers engine improvements e.g. the extension is no longer dependent on the OpenSSL assemblies it now uses BouncyCastle instead which mean there is not a need for separate x64 and x86 versions.
It also contains preparation for a version without the web job, that instead offers an API that can be used for automated certificate installation and renewal. #92
Finally it fixes bug #154
Small improvements
Problems with site slots
Bug fix for #120 and a few other problems when using site slots and the same storage account.