Softpedia >Windows >Security >Security Related >Certify The Web >  Changelog

Certify The Web Changelog

What's new in Certify The Web 6.0.18

May 10, 2024
  • Fixes:
  • Renewals: Remove possible race condition where multiple orders of the same cert could occur at the same time and invalidate the private key.
  • ARI Support: automatically retry order if replacement certificate id no longer correct.
  • DNS: GoDaddy API access is now restricted by GoDaddy to accounts with 10+ domains. Add message in DNS provider error.

New in Certify The Web 6.0.17 (May 1, 2024)

  • Fixes:
  • Private Keys: fix optional re-use of private key when selected for a new managed certificate.
  • Tasks: For Apache, Nginx, Generic server etc on Windows, detect attempt to export a file to a directory name instead of a full path with filename.
  • Enhancements:
  • ARI: Update ACME Renewal Information implementation to current draft draft-ietf-acme-ari-03.

New in Certify The Web 6.0.16 (Apr 25, 2024)

  • Fixes:
  • PowerShell: When using Launch New Process mode, additional arguments are now passed to the target script.
  • PFX Build: improve handling of build for unknown roots when there is no intermediate in the CA chain.
  • Enhancements:
  • Updated Posh-ACME DNS scripts, SSH.Net version updated for additional SSH compatibility
  • New DefaultACMERetryInterval preference in appsettings.json to customize default ACME operation retry interval (in seconds). This can help when custom CAs etc have slower than normal order processing times.

New in Certify The Web 6.0.15 (Feb 22, 2024)

  • Enhancements:
  • CLI: Add option to remove a domain from any managed certificate without knowing the ID e.g. certify remove any <domain1;domain2>. Empty managed certs are cleaned up automatically.
  • UI: Add support for parsing custom openssl private keys with ec param blocks
  • DNS: Implement PowerDNS API support for DNS validation via Posh-ACME.
  • Fixes:
  • Tasks: Preserve failure count if a renewal succeeds but a deployment task fails. This allows repeated task failures to trigger standard API notification just as cert renewal failures would.
  • Installer: Ensure BouncyCastle.Cryptography.dll is properly updated during install/upgrade which otherwise results in order/renewal errors.

New in Certify The Web 6.0.14 (Feb 12, 2024)

  • Enhancements:
  • Tasks: Update SSH support to use newer SSH.NET library for improved compatibility and performance.
  • DNS: Add Hosting.de DNS provider via Posh-Acme, implemented by Fritz Otlinghaus
  • Fixes:
  • Renewal: Fix issue where failed renewals were retried too frequently which incurred CA rate limits instead of backing off attempts to every 48hrs as expected.
  • Tasks: Fix Apache, nginx, generic server export path validation when using Windows shares. Log error if stored credentials are required but not accessible.

New in Certify The Web 6.0.13 (Dec 12, 2023)

  • Enhancements:
  • Implement advanced option for forced DNS challenge cleanup
  • Fixes:
  • Increase order processing timeout to allow for slower CA order processing.
  • FTP: re-use previously set FTP binding port instead of defaulting to port 21 for updates.
  • Validation: Add validation to prevent primary subject name from exceeding 64-characters.
  • Http Challenge Server: Stop challenge server on unknown exceptions to avoid possible process hangs if blocked by other processes.
  • Powershell: Fix issue with PowerShell script path issues when running as a new process.
  • DNS: report full provider name in logs when using Posh-ACME based providers.
  • Core: batch and deduplicate status reporting (if enabled).

New in Certify The Web 6.0.12 (Oct 25, 2023)

  • Enhancements:
  • Core: Add Sectigo Enterprise as built-in CA
  • UI: New option to allow local hostnames when added a custom CA
  • Fixes:
  • DNS: GoDaddy provider updates to fix issues preventing cleanup of TXT records, improved update logic and added request rate limiting.
  • Core: Report error if data store fails to load
  • Core: Error if PFX fails to be read after download (unsupported key types)
  • Core: Avoid error if attempting a Deployment Task that hasn't been saved yet
  • UI: Only use valid saved window dimensions

New in Certify The Web 6.0.11 (Aug 21, 2023)

  • Enhancements:
  • UI: Add count of items with No Certificate to summary view
  • Core: Check for renewals tasks more frequently, perform maintenance tasks hourly.
  • Tasks: Add LogonType option for more powershell based tasks
  • Fixes:
  • UI: Fix for tasks retaining previously selected credentials when current service account is selected.
  • UI: Disable relevant UI elements when service is not yet connected
  • Tasks: Fix powershell script wrapper path escaping
  • Tasks: Deploy to ADFS should use interactive LogonType by default
  • Core: Use UTC datetime handling as standard

New in Certify The Web 6.0.10 (Aug 1, 2023)

  • Enhancements:
  • UI: Don't show progress reports for skipped items not due. Clear previous progress reports when starting new batch renewal.
  • UI: Improve UI for short lifetime certificates
  • Core: New renewal hold/retry algorithm based on certificate lifetime (if known)
  • Core: Add optional parallel renewal task processing and optional setting to leave challenge cleanup to the end of the renewal process.
  • DNS: Update Cloudflare provider to cleanup TXT entries in order of date modified
  • Tasks: Update Port Binding task error handling for netsh command output to be more robust. Generally use this task in place of custom netsh http add sslcert scripts.
  • Fixes:
  • Core: Improve CA fallback logic to prefer the default CA settings instead of last used.
  • Core: Fix intermittent error for optional untrusted TLS connections to ACME servers
  • Core: Various fixes and improvements for managing large numbers of certificates
  • UI: Deployment tasks using Windows Auth should not require a remote target host

New in Certify The Web 6.0.9 (Jun 26, 2023)

  • Fixes:
  • Installer: Fix issue where some files were not being updated on upgrade leaving installation in an inconsistent state.
  • Certificate Cleanup: Corrected an issue where cleanup would not be performed if the mode was set to After Renewal due to not matching on the PFX friendly name.

New in Certify The Web 6.0.8 (Jun 22, 2023)

  • Fixes:
  • DNS: Fix errors reported when using the acme-dns provider
  • UI: Fix problems with saving and changed state when editing challenge configurations.

New in Certify The Web 6.0.7 (Jun 21, 2023)

  • Fixes:
  • Core: Fix for Manual DNS etc orders becoming stuck at awaiting user action due to order being expired by CA.
  • Core: Reduce logging by default for periodic maintenance tasks.
  • UI: Fix issue with refresh of challenge configuration parameters when changing between http and DNS validation.

New in Certify The Web 6.0.6 (Jun 20, 2023)

  • Fixes:
  • Core [potential breaking change]: Revert default private key type to RSA256 with key size of 2048. Some popular apps like MS Exchange etc do not support ECDSA 256 keys. If you have previously used 6.x and have MS Exchange or other affected apps, please review your Default Key Type under Settings > General
  • UI: Challenge configuration should mark item as modified when parameters change. Fix recursive challenge provider UI selection bug.
  • UI: Import/Export should show as an option by default.
  • DNS: Avoid acme-dns provider exception is API url not set.

New in Certify The Web 6.0.5 (Jun 15, 2023)

  • Enhancements:
  • UI: Show the last used CA under managed certificate status. This is useful if you are using multiple CAs or CA failover.
  • UI: Additional settings to toggle External Certificate Managers, using Modern PFX Algorithms and default Private Key type.
  • DNS: Deprecate additional built-in providers and defer to Posh-ACME versions instead.
  • Core & UI: Add option in settings to renew certificates based on the percentage of overall certificate lifetime elapsed.
  • Core: Add option to limit requested certificate lifetime under Certificate > Advanced > Signing & Security, where supported by CA.
  • Core: Add renewal reason in logs explaining why an item is selected for renewal.
  • Fixes:
  • Core and UI: Fixed incorrect next planned renewal date shown in UI depending on renewal mode selected under Settings.
  • Core: Prevent exception if no matching CA account has been configured to match the certificate request.
  • Core: Fix error reading IIS site list if site does not have a path set in config.
  • Core: Additional validation checks for invalid Authority Tokens.
  • Core: Ensure periodic certificate store cleanup uses preferred store type.
  • Import/Export: Fix issue where PFX file remained encrypted after import. Added import overwrite option.
  • UI: Prevent exception if selected item is deselected during save.
  • Tasks: Fix intermediate chain export for Apache/nginx/hashicorp-vault to not include root.

New in Certify The Web 6.0.4 (May 24, 2023)

  • Fixes:
  • Installer: Fix versioning of various bundled Microsoft DLLs.
  • Azure DNS: Fix issue where existing record would have challenge value appended rather than a new record entry being created, fix cleanup of TXT records.
  • CA Failover: Improve selection of fallback CA choice where only 1 domain is included in cert.
  • Data Stores: Fix UI issue that prevented switching back to original default data store after switching to a different data store.

New in Certify The Web 6.0.3 (May 23, 2023)

  • Fixes:
  • Packaging update: Update digital signature on executables & libraries. Cleanup additional artifacts from previous installs.

New in Certify The Web 6.0.2 (May 22, 2023)

  • Fixes:
  • DNS: restore credential "Test" functionality where supported.
  • AutoUpdate: Fix issue where AutoUpdate script would download previous app version due to version string not being passed to API. Add Windows Event logging.
  • Help: Fix issue where invalid help links would cause an exception when link clicked.

New in Certify The Web 6.0.1 (May 19, 2023)

  • Enhancements:
  • Tasks: Add new Deploy to Doppler task for storing certificate artifacts in Doppler SecretOps.
  • Fixes:
  • SQLite: Improve error handling when a database file is locked.

New in Certify The Web 6.0.0 (May 17, 2023)

  • Enhancements:
  • Certify SSL Manager is now simply called Certify Certificate Manager
  • Add support for STIR/SHAKEN (Secure Telephone Identity) certificates and add Martini Security (martinisecurity.com) as a built in CA.
  • Automatic CA fallback/failover is now enabled for new installs by default and can be toggled under Settings > Certificate Authorities, just add multiple ACME accounts and the app will automatically switch to the next available CA if the current one is unavailable or failing.
  • CA: Add Sectigo (EV,DV,OV ACME endpoints) as a built in CA option.
  • Data Stores: optionally use MS SQL Server or PostgreSQL as the data store instead of SQLite, migrate data between stores.
  • CLI: implement backup import/export options
  • Core/UI: Improved support for managing many thousands of certs
  • Core: Internal ACME CAs can now optionally connect using self-signed TLS
  • Core: Implement continuous certificate health checks (OCSP and ARI).
  • Core: New certificate OCSP and ARI health checks twice per day, per certificate, to test for any required early renewal.
  • Core: Use Anvil library for ACME support
  • Accounts: add support for importing and exporting account details, account key rollover and optional account deactivation on delete.
  • UI: Added turkish language support (thanks to Riza Emet)
  • Tasks: New deployment task to Set Private Key permissions for specific account.
  • Tasks: New task Update Port Binding for general TLS port binding updates.
  • DNS: New Domeneshop and Infomaniak DNS providers via Posh-ACME
  • DNS: New version of Microsoft Azure DNS provider.
  • DNS: New Google Domains provider for DNS based ACME challenges.
  • Breaking Changes:
  • CA: Let's Encrypt will now default to the ISRG Root X1 chain instead of the default expired DST Root CA X3 chain.
  • Core: Private Keys now default to ECDSA 256 instead of RSA 2048
  • Core: Installed root certificate no longer required for a successful PFX build.
  • Tasks: Exclude root cert from default export for Apache, nginx and Generic Server fullchain option.
  • Fixes:
  • DNS: GoDaddy DNS provider fetch all result pages, fix default result page sizes
  • UI: Changes to preferred chain were not being saved in account editor
  • UI: Certificate Authority select resets if user changes to main settings tab
  • UI: Fix challenge credentials reset to default item on refresh of credentials list

New in Certify The Web 5.9.0 (Nov 29, 2022)

  • Enhancements:
  • General: Certify SSL Manager is now called Certify Certificate Manager
  • UI: Added turkish language support (thanks to Riza Emet)
  • DNS: Implemented Domeneshop and Infomaniak DNS providers via Posh-ACME
  • DNS: Add DDNSZone option for RFC2136 provider via Posh-ACME
  • Tasks: Breaking Change exclude root cert from default export for Apache, nginx and Generic Server fullchain option.
  • Core: PFX files now default to more modern key and certificate algorithm defaults. Legacy option is available as config.
  • Core: Refined logging details
  • Core: Internal ACME CAs can now optionally connect using self-signed TLS
  • CA: Add Sectigo (EV,DV,OV ACME endpoints) as built in CA option.
  • Fixes:
  • DNS: GoDaddy DNS provider fetch all result pages, fix default result page sizes
  • UI: Changes to preferred chain were not being saved in account editor
  • Planned Before Final Release:
  • CA: Add Fallback modes- Preferred with Automatic Fallback (default), Preferred Only, Any (Random)
  • UI: New optional cross-platform web interface in addition to the existing desktop UI.
  • UI: new database migration UI to move from one database backend to another
  • API: New APIs for custom client access
  • Core: Support for running under Linux (Docker etc)
  • Core/UI: Improved support for managing many thousands of certs
  • Core: Nginx target support for website selection and binding deployment
  • Core: Support for running on Linux, with certificates defaulting to pem format on that platform
  • Core: New optional database backends for configuration storage: SQLite (default), Microsoft SQL Server, PostgreSQL
  • Core: New preference for cert expiry days (e.g. optionally expiring in less than 90 days)

New in Certify The Web 5.6.8 (Apr 4, 2022)

  • Enhancements:
  • Add built-in support for the new Google Cloud public certificate authority (preview).

New in Certify The Web 5.6.7 (Mar 28, 2022)

  • Fix domain options not refreshing in UI when IIS site selected.

New in Certify The Web 5.6.6 (Mar 17, 2022)

  • Enhancements:
  • Update Posh-ACME DNS providers to v4.13.1, Add LeaseWeb plugin, update Loopia & Simply plugins
  • Fixes:
  • Fix slow refresh of domain options in UI when managing sites with many domains
  • Improve server connection handling if connection config is invalid
  • Cloudflare DNS provider improvements (multi-value TXT handling)

New in Certify The Web 5.6.5 (Feb 2, 2022)

  • Enhancements:
  • Add acmeaccounts list command to CLI to list details of currently registered acme accounts.
  • Fixes:
  • Fix performance of domain options UI when site has many bindings.

New in Certify The Web 5.6.4 (Jan 11, 2022)

  • Fix issue with non-escaped credentials when invoking Posh-ACME based DNS providers resulting in failed DNS challenge updates.

New in Certify The Web 5.6.3 (Jan 7, 2022)

  • Enhancements:
  • Edit option added for Certificate Authority accounts to update contact email address.
  • Fixes:
  • Update service connection retry logic, disable service port negotiation by default.

New in Certify The Web 5.6.2 (Dec 20, 2021)

  • Fixes:
  • Revert SQLite version due to upgrade causing compatibility issues for some users.

New in Certify The Web 5.6.1 (Dec 17, 2021)

  • Fixes:
  • Installer updated to remove old references to SQLite which prevented the service from starting. Improved background service update process.

New in Certify The Web 5.5.7 (Oct 27, 2021)

  • Enhancements:
  • Certificate Authorities: Update maintenance task for ZeroSSL
  • Migration (beta): Add option for certificate re-deployment, progress indicator
  • AutoUpdate (beta): Add method to update script if in use during update
  • DNS: Update Posh-ACME based PowerShell DNS providers
  • Fixes:
  • CLI: reduce default delay for diagnostic autofix binding deployment
  • Core: Improve performance when applying Auto deployment binding updates where many individual sites exist

New in Certify The Web 5.5.6 (Oct 21, 2021)

  • Enhancements:
  • Certificate Authorities: Extend maintenance task to add root cert required for ZeroSSL
  • Tasks: Export Certificate, Apache, nginx and Generic server deployment tasks updates with "full chain" export options.
  • Auto Update (beta): An example Auto Update powershell script has been included under %Program Files%CertifyTheWebScriptsAutoUpdate. Users who wish to auto update can create a Windows scheduled task (as administrator) to perform unattended updates automatically to the latest stable app version.
  • CLI: new activate command to activate instance license for unattended installs.
  • UI: Spanish translation updated (by community contributor xtarting)
  • Fixes:
  • Diagnostics: When running diagnostics from UI there is no need to check ability to create temp files
  • DNS: GoDaddy provider updated to fix cleanup task.
  • DNS: OVH provider updated to fix cleanup task (by community contributor Nuklon).
  • Migration (beta): Create destination cert storage path if it doesn't exist.

New in Certify The Web 5.5.5 (Sep 24, 2021)

  • Certificate Authorities: extend maintenance task to add required Let's Encrypt and BuyPass Go roots, update old/problematic intermediate certificates. See https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/ for information and help regarding the Let's Encrypt root changeover (30th September 2021).
  • UI: allow local hostnames in cert when using custom CAs

New in Certify The Web 5.5.4 (Sep 9, 2021)

  • Fix issue saving settings changes

New in Certify The Web 5.5.2 (Aug 9, 2021)

  • Enhancements:
  • UI: Add Duplicate right click context menu option for managed certificates list. This is useful for copying managed certificates which have tasks or other settings you want to replicate.
  • Fixes:
  • UI: Fix crash on discarded changes after attempting a Save.