Tasks: Manually resolving a failed task now updates the overall status and reports to dashboard etc.
Tasks: Tasks should not execute if the previous request was a success, only the current primary request should be considered unless running tasks manually.
Core: Update ARI replace skip logic
Managed Challenges: prefer hub joined instance authentication before any other provided credentials
7.0.19 : 2026-05-22
Enhancements:
PowerShell BREAKING CHANGE: PowerShell support has been significantly revised and compatibility may be affected. You are encouraged to test your workloads before deploying.
Previously 7.x versions used in-process PowerShell 7.x, which is not compatible with some existing PowerShell scripts/add-ins including our built-in example Exchange/RDP tasks. Versions before 7.x used an older version of .NET and In-Process PowerShell 5.1.
PowerShell scripts will now run in the default Automatic execution mode:
Windows: launches as a new process using the system PowerShell (5.1 by default where available).
Linux: runs PowerShell 7.x in-process
The Launch New Process option is retired in favour of the execution mode options.
Added experimental new Full Impersonation mode (Windows)
Common Name is now re-enabled by default in generated CSRs despite being deprecated, so there is now a global setting for this behaviour.
There is a new option to ensure CA intermediates are added to the machine intermediates store (Windows). Most machines do this automatically except where outgoing http is blocked.
Primary request status is now tracked independently of Task status for fine-grained error status tracking.
Fixes:
Tasks: fix to allow a task to be manually run when the main request has failed, and also ensure tasks still run if they are set to run on primary request failure.
Various dependency updates, minor fixes and refinements
7.0.18 : 2026-04-10
Enhancements:
Core: Implement support for Hub managed Certificate Subscriptions. This allows an authorized instance to subscribe to a hub managed certificate so that the hub can look after renewal and the managed instance just performs deployment.
Core: Draft support for the upcoming dns-persist-01 ACME Challenge type, which enabled persisent DNS validation with a single record per domain/subdomain.
Managed Challenges: Simplified config allowing default instance identify to be used instead of adding distinct API credentials. A new managed challenge polling mechanism also allows for long running managed challenge tasks.
DNS: Add Technitium provider via Posh-ACME
7.0.17 : 2026-02-12
Enhancements:
Initial 7.x Production Release. No significant changes from 7.0.16.
7.0.16 : 2026-01-12
Enhancements:
Core: Deprecate support for Days After/Days Before renewal internal modes. Shorter certificate lifetimes now require percentage lifetime elapsed based renewal.
7.0.15 : 2026-01-09
Enhancements:
Core: New Maintenance Window feature allows you to optionally set a named day/time window in the week for renewals to be attempted, this can be applied globally per instance or per managed certificate.
Core & Export: New optional strict export chain building options and best-efforts chain building.
Fixes:
Core: log when preferred chain not matched
CA: Some CAs require CN in the generated CSR
7.0.14 : 2025-11-21
Fixes:
Core: IMPORTANT Fix issue with SQLite database filtering for auto renewed items. All 7.0.13 users must upgrade or renewals will not occur.
Hub: Fix issue with instance reconnection after hub restarts/updates failing due to expired authentication. This requires updating both the hub and any associated instances.
7.0.13 : 2025-11-17
Enhancements:
Core: initial support for proxies via HTTPS_PROXY/HTTP_PROXY/CERTIFY_PROXY environment variables
Import/Export: updates for PFX destination path mapping.
DNS: New Hetzner Cloud provider via Posh-ACME
Fixes:
Tasks: Apache/nginx files copy tasks updated for linux
Hub: Improved reconnection handling
7.0.12 : 2025-10-28
Fixes:
DNS: Fix AWS Route 53 provider error due to SDK changes.
7.0.11 : 2025-10-24
Enhancements:
General: Move from beta to release candidate status for production use.
Minor dependency updates
Fixes:
CA: Google Trust Services currently require CN in the generated CSR
Core: Clean-up X509Certificate2 after use to avoid temp RSA keys remaining on disk.
7.0.10 : 2025-10-06
Enhancements:
Minor dependency updates
7.0.9 : 2025-10-03
Enhancements:
Minor dependency updates
Fixes:
DNS: Fix incorrect parameter for NameSilo provider
7.0.8 : 2025-09-18
Enhancements:
Minor dependency updates
7.0.7 : 2025-09-15
Enhancements:
Minor dependency updates
7.0.6 : 2025-09-05
Enhancements:
Core: Allow hub to manage instance licensing across multiple licenses
Core: Add PKIaaS.io as built-in CA option, deprecate BuyPass as a supported CA as they have discontinued their ACME service.
Fixes:
Data Stores: Arm64 SQLite database fixes
7.0.5 : 2025-07-29
Enhancements:
Stored Credentials: Implement optional unlockable stored credentials (allowing specific secrets to be read via API for custom scripts etc).
Core: Add Actalis as a built-in CA configuration
Core: Cert CN (deprecated by CAs) is no longer set in CSR unless the configuration specifically requires it.
Fixes:
Renewals: address possible hang during long running renewal batches which then prevents subsequent renewal batches from running.
7.0.4 : 2025-07-03
Enhancements:
Updated support for monitoring certs managed by external cert managers on same instance:
Certbot
acme.sh
win-acme & simple-acme
Posh-ACME
7.0.3 : 2025-06-12
Enhancements:
DNS: Add NameSilo DNS provider
Dashboard: Remove status reports if item deleted
Updated dependencies
7.0.2 : 2025-05-21
Minor Updates
7.0.1 : 2025-05-05
Enhancements:
Hub service now includes default hubservice.json config for configuration of https and preferred host:port