• Fixed TLS-ALPN-01 challenges when multipleMDPrivateKeys are specified
  with EC keys before RSA ones. Fixes#377.
• Fixed missing newlines in the status page output. [andreasgroth]

• When installing a custom CA file viaMDCACertificateFile, also set the
  libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel
  (when curl is linked with it) about missing CRL/OCSP in certificates.
  Fixes#361.
• Fixed handling of corrupted httpd.json and added test 300_30 for it.
  File is removed on error and written again. Fixes#369.
• Added explanation in log for how to proceed when md_store.json could not be
  parsed and prevented the server start.

• Added support for ACME profiles. See README on how to use them.
• restored fixed to#336 and#337 which got lost in a sync with Apache svn
• Add Issue Name/Uris to certificate information in md-status handler
• MDomains with static certificate files have MDRenewMode "manual", unless
  "always" is configured.

• Improved error reporting when waiting for ACME server to verify domains
  or finalizing the order fails, e.g. times out.
• Increasing the timeouts to wait for ACME server to verify domain names
  and issue the certificate from 30 seconds to 5 minutes.

• Changed a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL.

• Fixed HTTP-01 challenges to not carry a final newline, as some ACME server fail to ignore it. [Michael Kaufmann (mkauf)]
• Fixed missing label+newline in server-status plain text output when MDStapling is enabled.

• When the server starts, it looks for new, staged certificates to activate. If
  the staged set of files in 'md/staging/' is messed up, this could
  prevent further renewals to happen. Now, when the staging set is present, but
  could not be activated due to an error, purge the whole directory.

• Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. Refs#265.
• Restore compatibility with OpenSSL < 1.1. [ylavic]

• Using OCSP stapling information to trigger certificate renewals. Proposed
  by Fraser Tweedale.
• Added directiveMDCheckInterval to control how often the server checks
  for detected revocations. Added proposals for configurations in the
  README.md chapter "Revocations".
• OCSP stapling: accept OCSP responses without anextUpdate entry which is
  allowed in RFC 6960. Treat those as having an update interval of 12 hours.
  Added by@frasertweedale.
• Adapt OpenSSL usage to changes in their API. By Yann Ylavic.

Contributors

• Fix the reported "until" validity of a certificate in the status handler.
  [Rainer Jung]
• Fix possible NULL deref when logging the error that an authentication
  resource could not be retrieved from the ACME server. Refs#324