v0.9.0
----------------------------------------------------------------------------------------------------
 * Improved interface to mod_ssl for fallback handling. Backward compatible to previous mod_ssl
   patch, but fallbacks will not work.
 * Provide a temporary, self-signed certificate with a speaking command and domain name if we
   have no other cert for a Managed Domain, yet. Refs github issue #32
 * Continue to provide expired or not-completely matching, existing certificate for a Managed
   Domain until the renewal was successful. This is helpful when one adds a DNS name to
   a MD, so the previous domains can be served while a new cert is requested.

v0.8.2
----------------------------------------------------------------------------------------------------
 * All files necessary to run tests are not in the release package.
 * Making "http-01" the preferred challenge type again, as people "tls-sni-01" requires at least
   one working certificate vhost right now - which not everyone has.
 * moved part of the MD sanity checks from post_config to check_config phase, allowing for error
   detection in check-only runs.

v0.8.1
----------------------------------------------------------------------------------------------------
 * New directive ```MDPrivateKeys``` to specify the type and parameter to private key generation.
   Currently only 'RSA' is supported as type with an option number of bits >= 2048 as parameter.
   Simple test cases for config handling added.
 * Private RSA keys are now generated with 2048 bits by default. Use ```MDPrivateKeys``` for
   higher security. 
 
v0.8.0
----------------------------------------------------------------------------------------------------
 * IMPORTANT: store format change. The following changes will be made to an existing md store on 
   first start with a new version (be it by mod_md in the server or a run by a new 'a2md'):
      * pkey.pem will be renamed to privkey.pem
      * cert.pem and chain.pem will be concatenated to pubcert.pem. The former files will remain,
        but no longer be used. They will disappear on next renewal.
   ADVICE: If the current store data is vital to you, please make a backup first!

v0.7.1
----------------------------------------------------------------------------------------------------
 * Fixed test case clearing of store to keep key alive, enabling true random store key again.
 * Removed pun "Something, like certbot" from the User-Agent request header. Refs issue #34
 * Cleaned up reporting of missing/mismatched MDCertificateAgreement in the logs. This will
   no longer trigger early retries.
 * badNonce encounters are no longer reported as errors. Retries are attempted now silently.
   Refs issue #35
 * new default MDRenewWindow. Instead of 14 days, the default is now a third before the end of
   the certificates lifetime. For the usual 90 days of Let's Encrypt certificates, this makes
   an effective renewal window of 30 days - as recommended by LE. Refs issue #30
 * Enabled conversion warnings if supported by compiler, eliminated several signed/unsigned
   warnings.

v0.7.0
----------------------------------------------------------------------------------------------------
 * LIVE: the real Let's Encrypt CA is now live by default! If you need to experiment, configure
``` 
    MDCertificateAuthority https://acme-staging.api.letsencrypt.org/directory
```    
 * When existing, complete certificates are renewed, the activation of the new ones is
   delayed by 24 hours (or until the existing ones expire, whatever is earler) to accomodate
   for clients with weird clocks, refs #1. 
 * Fixed store sync when MDCAChallenges was removed again from an MD. 
 * Fixed crash when MD matched the base server, fixes #23
 * Fixed watchgod resetting staging when server processes disappeared (e.g. reached
   max requests or other limits).

v0.6.1
----------------------------------------------------------------------------------------------------
 * global or inside ManagedDomain, 'MDMembers auto|manual' defines if ServerName and ServerAlias
   names of a VirtualHost are automatically added to the members of a Managed Domain or not.
   Default is 'auto'.
 * staging informtation, e.g. temp files during ACME protocol runs, gets automatically reset
   when the managed domain changes.
 * when synching new configurations into the store, the list of domain names is now kept
   exactly the same. This allows removal of a member that fails challenges. Before, only
   additions have been stored. Test cases adjusted.
 * Fixed 'uninitialized var use' when logging too new store version, reported in #25

v0.6.0
----------------------------------------------------------------------------------------------------
 * Restructuring of the source tree to something very similar as it will appear in the 
   Apache subversion repository. Will make synching of changes easier.
 * Test of special handling of store archive handling for Windows system. See issue #24.

v0.5.0
----------------------------------------------------------------------------------------------------
 * Documenation on wiki for several use cases, explaining file store layout and security
 * User-Agent now sent to CA.
   Driving from httpd: Apache/rev mod_md/rev (Something, like certbot)
   Driving from a2md:  apachemd/rev mod_md/rev (Something, like certbot)
 * Logging adjusted for more readable INFO level on relevant changes
 * NOTICE level log when new certificate have been obtained and restart is recommended
 * removed code for service restart, should now compile under Win32
 
v0.4.0
----------------------------------------------------------------------------------------------------
 * Various test runs on live server with ACME staging and real service. First green lock
   obtained by mod_md!
 * Various fixes to permission issues on ubuntu setup server (root/www-data users)
 * Fixed defaults for port mapping
 * New 'MDDriveMode always' to acquite certificates for Managed Domains not used in any
   VirtualHost on the server. Fixed test cases for auto drive mode. Refactored some copy+paste
   code in tests.
 * Test cases stop the httpd server less, making better timings and reliability 
 * adding test and fixes for new config directive 'MDCAChallenges' when no configured challenge
   type is supported by the ACME server.

v0.3.0
----------------------------------------------------------------------------------------------------
 * Adding test case coverage for own base64url coder.
 * ACME challenge type "tls-sni-01" supported. Needs new mod_ssl patch 
   (patches/mod_ssl_md-trunk-v2.diff).
 * Merged check based unit test infrastructure by the awesome 
   [Jacob Champion](https://github.com/jchampio) and linked them to standard 'make test'
 * Using ${prefix}/bin/curl if available. Fixed test cases that failed when curl has SNI
   support.
 * added test that resources are served with "503 Service Unavailable" while TLS credentials
   are still incomplete.
 * disabled a pkey encryption check since it did not work as is un *NIX, fixed gcc warning
 * refcount in md_json_seta adjusted, conversion function expected to always auto-give-away
   their references. 
 * fixed refcount bug in md_json_seta() (supposedly, be optimistic for once!)
 * tls-sni-01 challenge cert and key generated, needs to be activated in mod_ssl

v0.2.0
----------------------------------------------------------------------------------------------------
 * new directive 'MDPortMap nn:mm' to announce on which local port an ACME CA might reach
   the server. This is necessary if you have redirected port 80 and/or 443 on your firefall
   to another port on the server that runs mod_md. Example:
   MDPortMap 80:5002   443:5001
   is a mapping needed for testing with a local boulder instance. If your server uses 80+443
   your need not mess with this.
 * Fixed reporting error when os does not support *nix permission bits in file system
 * MDRenewWindow parsing fixed and setting/update in store added, testcases
 * Challenge data is being removed from store when staging is done
 * configure option '--with-boulder=<url>' to specify the URL of the boulder test host (defaults
   to localhost:4000)
 * Changed default ACME CA url to letsencrypt.org staging environment when in MD_EXPERIMENTAL
   mode, adapted test outcomes to this setting
 * a2md drive command now with same checks on renewal as mod_md. New option --force to
   force a renewal that look unnecessary.
 * renew window taken into account when scheduling md watchdog
 * new directive MDRenewWindow which specifies the number of days (per default) that certificates
   should be renewed before they expire. Can be set globally or directly on a MD.
 * when run as normal user, mod_md can restart httpd after successful staging of new credentials
 * protocol driving split into staging and loading phase. a2md does both, httpd watchdog runs
   staging and on restart the staged changes are loaded.
 * security: store generates on init a master pass phrase. All private keys outside of the "domains"
   storage group are only stored encrypted.
 * filesystem store now with relaxed permissions on challenges

v0.1.0
----------------------------------------------------------------------------------------------------
 * new directive "MDDriveMode auto|manual". In "auto" mode (more precisely, if auto mode is enabled
   for any managed domain), mod_md will require mod_watchdog to be present and regularly check
   those domains and attempt to retrieve credentials if some are missing
 * drive mode "auto" lacks still various features, function- and security-wise. tbd.

v0.0.2 - v0.0.9
----------------------------------------------------------------------------------------------------
 * various development steps not recorded here
 
v0.0.1
----------------------------------------------------------------------------------------------------
 * new command 'acme validate' to check that account is still known to server and key works
 * fixed all current test failures
 * DNS names are checked for valid characters and non-TLD
 * urls are checked to be absolute for the CA
 * 'make test' now has dependency on all sources being built
 * test cases now use the binary in ./src/a2md instead of the installed one
 
