mod_md v2.4.18

• New directive MDStoreLocks that can be used on cluster setups with
  a shared file system for MDStoreDir to order activation of renewed
  certificates when several cluster nodes are restarted at the same time.
  Store locks are not enabled by default.

mod_md v2.4.17

• A bug was fixed that caused very large MDomains with the combined DNS
  names exceeding ~7k to fail, as request bodies would contain partially
  wrong data from uninitialized memory. This would have appeared as
  failure in signing-up/renewing such configurations.
  This was reported by Ronald Crane (Zippenhop LLC).

mod_md v2.4.16

• The MDCertificateAuthority directive can take more than one URL/name of
  an ACME CA. This gives a failover for renewals when several consecutive attempts
  to get a certificate failed. See REAME for details.
• New directive MDRetryDelay to set the delay of retries. See README
  for details.
• New directive MDRetryFailover to set the number of errored attempts
  before an alternate CA is selected for certificate renewals. See README
  for details.

mod_md v2.4.15

• Fixed a bug leading to failed transfers for OCSP stapling information
  when more than 6 certificates needed updates in the same run.

mod_md v2.4.14

• Added support for tailscale (https://tailscale.com) certificates to have
  trusted access to your internal domain names. See README.md for more
  information on how to set this up.
• Fix for a memory leak in handling of JSON arrays. This leak was mainly
  triggered by the additions to the server-status handler and lead to
  increased process sizes with each request of a status page.

mod_md v2.4.13

• A possible NULL pointer deref was fixed in the JSON code for
  persisting time periods (start+end). Fixes #282.
  Thanks to @marcstern for finding this.

mod_md v2.4.12

• Implement full auto status ("key: value" type status output).
  Especially not only status summary counts for certificates and
  OCSP stapling but also lists. Auto status format is similar to
  what was used for mod_proxy_balancer.
  [Rainer Jung]

mod_md v2.4.11

• Do not interfere with requests to /.well-known/acme-challenge/ resources
  if challenge type 'http-01' is not configured for a domain. Fixes #279.
• The status description in MDomain's JSON, exposed in the
  md-status handler (if configured) did sometimes not carry the correct
  message when certificates needed renew.

v2.4.10

• Fix memory leak in case of failures to load the private key.
  Apache PR 65620 [ Filipe Casal filipe.casal@trailofbits.com ]

mod_md v2.4.9

• MDExternalAccountBinding can be configured with a file that contains the
  'kid' and 'hmac' values in JSON format. Since httpd config files are often
  readable to non-admins, this allows to keep those values in a more protected
  file.
• OpenSSL 3.0 compatibility: fixed generation of Elliptic Curve private
  keys to work with openssl 3.0.0.
• Docker testing arrived. Run make docker-test in your mod_md directory
  to build and test the current sources in a Debian sid image.
• The directive 'MDCertificateAuthority' now checks if its parameter is a http/https
  url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test',
  'Buypass' and 'Buypass-Test' for now and they are not case-sensitive.
  The default of LetsEncrypt is unchanged.
• Fixed a bug that reset the error counter of a certificate renewal and
  prevented the increasing delays in further attempts. Test case 741 added
  to verify the correct behaviour.