*) mod_md: Adding the several new features. The module offers an implementation of OCSP Stapling that can replace fully or for a limited set of domains the existing one from mod_ssl. OCSP handling is part of mod_md's monitoring and message notifications. If can be used for sites that do not have ACME certificates. The url for a CTLog Monitor can be configured. It is used in the server-status to link to the external status page of a certicate. The MDMessageCmd is called with argument "installed" when a new certificate has been activated on server restart/reload. This allows for processing of the new certificate, for example to applications that require it in different locations or formats.
*) mod_md: bringing over v2.0.6 from github. - supports the ACMEv2 protocol - supports the new challenge method 'tls-alpn-01' - supports command configuration to setup/teardown 'dns-01' challenges - supports wildcard certificates when dns challenges are configured - ACMEv2 is the new default and will be used on the next certificate renewal, unless another MDCertificateAuthority is configured - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer - a domain exposes its status at https://<domain>/.httpd/certificate-status - Managed Domains are now in Apache's 'server-status' page - A new handler 'md-status' exposes verbose status information in JSON format - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a Managed Domain that uses static files. Auto-renewal is turned off for those. - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and 'errored'. New 'MDWarnWindow' directive to configure when expiration warnings shall be issued. - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see announcement by Let's Encrypt: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
On the trunk: mod_md: v0.9.7 - Use of the new module flag - Removed obsolete function from interface to mod_ssl. - Fallback certificates has version set and no longer claims to be a CA. (re issue #32) - MDRequireHttps now happens before any Redirect.