All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Now with more SHA for the buck.
- Update certificate request (CSR) signing algorithm to SHA-256 from SHA-1 as SHA-1 will be rejected by Let’s Encrypt after September 15, 2022 (see https://community.letsencrypt.org/t/rejecting-sha-1-csrs-and-validation-using-tls-1-0-1-1-urls/175144).
Fixes regression on Windows introduced in 3.x branch.
- Make
__dirnamedeclaration cross-platform (was previously failing on Windows). See nodejs/node#37845 - Introduce small delay in request fail check test while certificate is being provisioned to ensure tests pass with Let’s Encrypt staging server.
- Breaking change: Is now an ECMAScript Modules (ESM) project.
- Now includes the latest Let’s Encrypt certificate authority root certificate for the staging environment. (This is automatically injected into your Node.js environment when running the server in staging mode and is used during testing.)
- Dev: now using @small-tech/esm-tape-runner.
- Dev: replaced tap-spec and tap-nyc with @small-tech/tap-monkey.
- No longer crashes when checking for certificate renewal. (#34)
- Tests now run properly in staging mode.
- npm package size is now 193.1kb (down from 345kb previously).
These accidentally included the breaking change from 3.0.0 in a semver minor update.
The CommonJS version of Auto Encrypt now lives in the 2.x branch and the first release from it is version 2.2.0 which has the bug fix and the root certificate update from version 3.0.0 backported. For future 2.x release info, please see the changelog in the 2.x branch.
- Assignment to constant. This would have caused a crash when a
Retry-Afterheader was received from Let’s Encrypt.
- Developer documentation. Now lists value to be added to hosts files to run local tests.
- Update dependencies to remove npm vulnerability warnings.
- HTTP to HTTPS redirects now start up and work as they should (they weren’t previously).
- Update source code repository in npm package to point to GitHub mirror. (The GitHub mirror is the public repository where we can accept issues and pull requests. The canonical repository is on our own server where we do not accept sign ups as we don’t want it to become yet another centralised host.)
- Links to developer documentation now work everywhere, not just on source code repository web interfaces.
- Replaced outdated coverage message in readme and linked to developer documentation for information on tests and coverage.
- HTTP to HTTPS redirects are now logged.
- Breaking change: you no longer have to call AutoEncrypt.shutdown() manually. Closing your server will do it automatically (#33).
- Automatic HTTP to HTTPS redirection. An HTTP server is now kept running for the lifetime of your HTTPS server and, when it is not responding to Let’s Encrypt challenges, it redirects HTTP calls on port 80 to your HTTPS server (#32).
- Carriage returns are now stripped from Certificate Signing Requests (CSRs) (#31).
- No longer crashes if OCSP request received before certificate created.
- Cosmetic: format certificate details nicely in log message.
- Minor: fix capitalisation in log message.
- Update log format to match Site.js output.
- Remove debug output.
Initial release.