mod_md v2.3.3 (beta)

• MDMessageCmd and MDNotifyCmd now get common, important environment variables passed
  as well, such as PATH, SystemRoot etc - if they existed in the first place.

mod_md v2.3.2 (beta)

• Add key usage extensions to fallback certificates; correct other extensions.
• Correct decoding of IP addresses in certificates.
• Add contrib directory (not yet shipped).
• Add SeLinux policy changes necessary for mod_md in contrib/selinux.
• MDNotifyCmd and MDMessageCmd now get the environment variable MD_STORE containing
  the path to the storage directory.
  Also MD_VERSION is added to the environment, containing the version plus an optional
  -variation, e.g. -git indicator.
• Added very preliminary (and rough) version of contrib/md_events script.
• test suite: test of Messages less timing dependant

mod_md v2.3.1 (Beta)

• The keyname in key and certificate files is now forced lower case.
• Formatting in 'server-status' page has been improved when showing >1 certificates
• Fallback certificates (when the domain has none yet) are now generated for all
  key types requested in MDPrivateKeys of that domain.
• Update /.httpd/certificate-status to correctly handle multiple keys.

Many thanks to @tlhackque for these.

mod_md v2.3.0 (beta)

• MDPrivateKeys allows the specification of several key types and the module will
  obtain a certificate for each key. This allows the parallel use of RSA and ECDSA
  certificates for the same domain (requires an Apache 2.4.41 or newer).
• Beside "RSA" plus optional key lengths, elliptic curves can be configured. Let's
  Encrypt seems to support P-256 and P-384 for now.
• Tests run with multiple certificates. Certificates are listed in status reports. The
  "server-status" html table gives individual links. Expiry durations are aggregated.
  OCSP stapling picks up the new certificates nicely.
• The JSON format for reporting certificates changed, not sure if it stays now as it
  is or if there should be come backward compat with 1 cert use.
• MDPrivateKeys checks for duplicate key specifications. There can only be one RSA key
  and a curve name can also only appear once.
• Test case for curve "x25519" is being skipped as this key does not work correctly - yet.

mod_md v2.2.7

• Prefer MDContactEmail directive to ServerAdmin for registration. New directive
  thanks for Timothe Litt (@tlhackque).
• Distribute a2md.xml and conditionally build it, if xmlto is available. Addition
  by Joe Orton (@notroj).

mod_md v2.2.6

• Michal Karm Babacek (@Karm) added cmake support, especially valuable under Windows.
• protocol check for pre-configured "tls-alpn-01" challenge has been improved. It will now
  check all matching virtual hosts for protocol support. Thanks to @mkauf.

mod_md v2.2.5

• Corrected a check when OCSP stapling was configured for hosts
  where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm).
• @uhliarik added documentation for the a2md command. Use xmlto man ./a2md.xml to generate it.
• Softening the restrictions where mod_md configuration directives may appear. This should
  allow for use in If and Macro sections. If all possible variations lead to the configuration
  you wanted in the first place, is another matter.

mod_md v2.2.4

• Fixed a compile time issue with OpenSSL 1.0.2 in the new OCSP code.
• Skip port checks for domain server_rec selection when "tls-alpn-01" is configured
  explicitly (related to #133). [@mkauf]
• Added a sample scripts/md_message.sh on how to use MDMessageCmd.

mod_md v2.2.3

• Configuring MDCAChallenges replaces any previous existing challenge configuration. It
  had been additive before which was not the intended behaviour. [@mkauf]
• Fixing order of ACME challenges used when nothing else configured. Code now behaves as
  documented for MDCAChallenges. Fixes #156. Thanks again to @mkauf for finding this.
• Added a script - inspired by curl https://github.com/curl - that collects contributors
  from the git commits and PRs. Adding a "Thanks" section with their names in the README.md.

mod_md v2.2.2

• Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].
• Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted
  "transfer-encoding" to POST requests. This failed in directy communication with
  Let's Encrypt boulder server (however it worked when accessed via the hosting CDN,
  as almost all live usages do). Thanks to @mkauf for finding and fixing.
• Fixes a compiler warning. False flag, but initialization to make it happy does not hurt.
  Thanks to @sundayoyeniyi for finding this. Refs #154.