A new version of the Hiawatha webserver has been released. This release contains the ACME v2 script for Let's Encrypt. Read the INSTALL file carefully before using. When switching to this new script from the ACME v1 version, you can use your current account key. You need to use the 'register' command to update this key for the ACME v2 API.
The format of the Hiawatha access logfile has been changed a bit. The Referer and User-Agent HTTP header now have a fixed place in the logfile. The user id of the HTTP authentication has been removed.
For all changes, see the ChangeLog.
Some time ago, Let's Encrypt announced that they will be supporting ACME v2 on February 27, 2018. I'm already busy implementing ACME v2 support in Hiawatha's Let's Encrypt client. It's almost finished. There are just some small issues to fix, but those might be a server-side bug as well.
Another new Let's Encrypt feature that's coming in February 2018, is support for wildcard certificates. The issue is that they can only be obtained via a DNS challenge instead of via the HTTP challenge I'm currently using. Using a DNS API is not an option, because not every DNS provider offers an API for DNS changes and there is also no single standard for such API. At the moment, I'm discussing my idea about how to obtain a wildcard certificate via an HTTP challenge with Let's Encrypt and the ACME Working Group at IETF. Hopefully they accept my idea.
Anyone who wants the try the new version of Hiawatha's new Let's Encrypt client, you can download it here.
The Let's Encrypt terms have been updated. If you use Hiawatha's letsencrypt script to obtain certificates, change the LE_CA_TERMS setting in letsencrypt.conf to 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'.
It's been a while since the previous release, but today I released version 10.7 of the Hiawatha webserver. This release brings two new small features and includes the latest version of the mbed TLS library.
So, what's next? I think it's about time to finally start working on HTTP/2 support. Some time ago, I decided to use nghttp2 for that. I haven't found the time and the will yet to dig through all the documentation and sample codes yet. A first quick look at the documentation didn't gave me the idea that it's very clear. If anybody has experience with nghttp2 and is willing to help me with some questions, please let me know.