Skip to content

0.8.2
Compare
Choose a tag to compare
@mholt mholt released this 25 Feb 18:04
· 2186 commits to master since this release
v0.8.2
c827a71

With 0.8.2, Caddy gets On-Demand TLS, which means it can obtain certificates during TLS handshakes; it does not need to know all the names when you start the server. Caddy is now built on Go 1.6, meaning faster crypto and highly-optimized garbage collection. Caddy no longer restarts on its own; only if signaled with USR1 (all certificate maintenance is done in-process now). We've also added support for SHA384 cipher suites and the ability to load certificates in bulk from a folder.

On-Demand TLS is currently under tight rate limits to mitigate abuse. When you enable it, you have to set a hard limit of how many certificates it is allowed to issue using the max_certs property of the tls directive.

  • At most one certificate challenge happens at a time.
  • After 10 certificates are successfully obtained, new certificate challenges will not happen until 10 minutes after the last successful challenge.
  • A name that fails a challenge will not be allowed to be attempted again for 5 minutes.

This feature -- as well as all automatic HTTPS, even at startup -- is not guaranteed to be supported in the future if ACME CAs are not able to issue certificates in a reasonable timeframe (quicker than 10 minutes). Please speak with your CA if this is of interest to you.

See the relevant documentation and release announcement for more details.

All notable changes:

  • On-demand TLS can obtain certificates during handshakes
  • Built with Go 1.6
  • Process log (-log) is rotated when it gets large
  • Managed certificates get renewed 30 days early instead of just 14
  • fastcgi: Allow scheme prefix before address
  • markdown: Support for definition lists
  • proxy: Allow proxy to insecure HTTPS backends
  • proxy: Support proxy to unix socket
  • rewrite: Status code can be 2xx or 4xx
  • templates: New .Markdown action to interpret included file as Markdown
  • templates: .Truncate now truncates from end of string when length is negative
  • tls: Set hard limit for certificates obtained with on-demand TLS
  • tls: Load certificates from directory
  • tls: Add SHA384 cipher suites
  • Multiple bug fixes and internal changes
Assets 17
Loading