maksit-certs-ui/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[3.3.6] - 2026-04-13

Added

• LetsEncrypt: Per-host ACME rate-limit cooldown on RegistrationCache (AcmeRenewalNotBeforeUtcByHostname), with HTTP Retry-After and problem-detail parsing (AcmeRetryAfterParser), structured logging, and Result.TooManyRequests when the CA returns rateLimited.
• LetsEncrypt: AcmeProblemKind as an Enumeration (RFC 8555 problem type URIs) instead of ad hoc strings; LetsEncrytException exposes ProblemKind, RetryAfterUtc, and optional rate-limit hostname.
• LetsEncrypt: AcmeSessionStore for per-session State in memory; LetsEncryptService split into partial files (LetsEncryptService.Helpers.cs) for HTTP/JWS/error helpers.
• LetsEncrypt: State.TryGetAccountKey for a single place to validate account key material after Init.
• LetsEncrypt.Tests: Unit tests for retry parsing, problem-kind resolution, and cooldown JSON round-trip.

Changed

• AutoRenewal: Skips hostnames that are still in an ACME cooldown window (with debug logs for skipped hosts).
• Certs flow: Persists registration cache after failed full certificate flows when a session exists so cooldown metadata is saved.
• LetsEncrypt: Broader nullable reference annotations on ACME DTOs (Problem, AcmeDirectory, AuthorizationChallengeError, etc.) and explicit null guards in LetsEncryptService.

Fixed

• LetsEncrypt: Certificate PEM loading uses X509Certificate2.CreateFromPem instead of the obsolete X509Certificate2(byte[]) constructor (SYSLIB0057).
• LetsEncrypt: RevokeCertificate now fails correctly on non-success responses (missing return), uses the same problem-document handling as other ACME calls, and disposes the HTTP response on successful revoke.
• LetsEncrypt: NewOrder authorization error log line now logs the authorization status, not the order status.

[3.3.5] - 2026-04-12

Changed

• CachedHostname now uses a C# 12 primary constructor (same public construction as before).

Fixed

• RegistrationCache loads cached PEM certificates via X509CertificateLoader.LoadCertificate and disposes them with using where certificates are parsed for expiry and host listing.
• RegistrationCache.TryGetCachedCertificate returns false when the cached entry has no private key blob, avoiding a null argument when importing key material.

[3.3.4] - 2026-04-01

Added

• MaksIT.Webapi.Tests: service-level unit tests (settings, cache, identity, agent, account, certs flow) and domain tests for Settings.
• Postman collections under src/Postman updated to match current MaksIT.Webapi routes, JWT flow, and cache endpoints.

Fixed

• WebUI Terms of Service (Let's Encrypt): PDF viewer loads pdfjs-dist worker from a Vite-bundled asset (pdf.worker.min.mjs?url) so rendering works in dev and production instead of failing on missing or wrong worker URLs.
• AccountService.PatchAccountAsync returns the account built from the cache after reload, not a stale in-memory instance.

[3.3.3] - 2025-12-20

Changed

• Relicensed project from GPL-3.0 to Apache-2.0.

[3.3.2] - 2025-12-20

Changed

• Minimal Helm chart and documentation improvements.

[3.3.1] - 2025-11-22

Changed

• Public release following the v3.3.0 pre-release.

[3.3.0] - 2025-11-15

Changed

• Pre-release of the v3.3.x line.

[3.2.0] - 2025-09-11

Added

• New WebUI with authentication.

[3.1.0] - 2024-08-11

Changed

• Stabilized release following v3.0.0.

[3.0.0] - 2024-05-31

Added

• WebAPI and containerization.

[2.0.0] - 2019-11-01

Changed

• Dependency injection pattern implementation.

[1.0.0] - 2019-06-29

Added

• Initial release.