1#@!#!123s

: / usr / local / psa / admin / share / modules / sslit /
Filename : CHANGES.md
back
# 1.17.1 (28 April 2025)

* [-] The "Attribute has disallowed protocol in its value" error no longer appears during the certificate validation step. (EXTSSLIT-2175)

# 1.17.0 (24 March 2025)

* [*] Added support for PHP 8.4 to ensure compatibility with future Plesk releases.

# 1.16.4 (19 March 2025)

* [-] The "Autorenew" feature no longer unsecures mail if the web hosting domain name starts with "mail.". (EXTSSLIT-2168)

# 1.16.3 (25 February 2025)

* [-] The "Autorenew" feature no longer secures mail if it was not secured by the certificate being renewed. (EXTSSLIT-2157)

# 1.16.2 (18 February 2025)

* [*] Internal improvements.

# 1.16.1 (10 February 2025)

* [-] The "Keep Secured" feature no longer fails trying to secure domains without web hosting when there are no components to secure. (EXTSSLIT-2150)

# 1.16.0 (14 January 2025)

* [+] Added the ability to secure the mail service with a separate SAN on domains with the "No Hosting" type.
* [-] DANE support is no longer getting removed from a domain when reissuing its SSL/TLS certificate if webmail was included before the reissue, but not after. (EXTSSLIT-2133)

# 1.15.5 (17 September 2024)

* [*] The "TLS versions and ciphers by Mozilla" feature is now hidden until we fix the known issues related to configuring outdated ciphers and causing troubles on a server. To bring it back at your own risk, add the following lines to the `panel.ini` file:

      [ext-sslit] 
      ciphersEnabled = true

# 1.15.4 (16 September 2024)

* [-] Now the correct domain page opens when clicking its link in the SSL It! extension. (EXTSSLIT-2113)

# 1.15.3 (26 June 2024)

* [*] Internal improvements.

# 1.15.2 (17 June 2024)

* [*] Internal improvements.

# 1.15.1 (17 June 2024)

* [-] Opening the SSL It! page of a domain no longer fails with the "Declaration of PleskSslIt\GuzzleHttp\Psr7\Uri::getScheme() must be compatible with Psr\Http\Message\UriInterface::getScheme(): string" error. (EXTSSLIT-2096)

# 1.15.0 (11 June 2024)

* [+] Added the extension's information block to the new Home screen in Plesk.
* [-] The "empty" pending order is now deleted as intended after renewal of a domain certificate. (EXTSSLIT-1879)

# 1.14.8 (26 April 2024)

* [*] Improved localization.

# 1.14.7 (26 March 2024)

* [-] The "PHP Deprecated Construction" error no longer appears in /var/log/plesk/panel.log in Plesk for Linux and %plesk_dir%\admin\logs\php_error.log in Plesk for Windows if Plesk is configured to generate deprecated warnings in PHP. (EXTSSLIT-2056)

# 1.14.6 (21 February 2024)

* [-] The **Let's Encrypt** button is now hidden from the "SSL/TLS Settings" page when the extension is not installed. (EXTSSLIT-2080)

# 1.14.5 (14 December 2023)

* [*] Improved localization.

# 1.14.4 (16 October 2023)

* [*] Internal improvements.

# 1.14.3 (10 October 2023)

* [*] Internal improvements.

# 1.14.2 (28 September 2023)

* [*] Internal improvements.

# 1.14.1 (27 September 2023)

* [-] Accessing the SSL It! page for a domain no longer fails with the "Cannot access offset of type string" error. (EXTSSLIT-2062)

# 1.14.0 (25 September 2023)

* [+] Added support for DNS-based Authentication of Named Entities (DANE) that ensures reliable encryption for email transport.

# 1.13.2 (9 August 2023)

* [*] Internal improvements.

# 1.13.1 (19 July 2023)

* [*] Internal improvements.

# 1.13.0 (22 June 2023)

* [-] Currency symbols no longer overlap prices on the screen when users make in-place purchases of certificates. (EXTSSLIT-2019)

# 1.12.11 (1 June 2023)

* [*] Internal improvements.

# 1.12.10 (31 May 2023)

* [*] Internal improvements.

# 1.12.9 (15 May 2023)

* [*] Internal improvements.

# 1.12.8 (5 April 2023)

* [+] Added support for the Plesk Premium Email (powered by Kolab) extension.

# 1.12.7 (23 March 2023)

* [-] Users can now again upload `.pem` certificate files. (EXTSSLIT-1993)

# 1.12.6 (8 March 2023)

* [+] Added support for the SOGo Webmail extension.
* [-] Backing up of subscriptions no longer fails if they have a lot of SSL It! orders to issue certificates. (EXTSSLIT-1936)

# 1.12.5 (23 February 2023)

* [*] Internal improvements.

# 1.12.4 (16 February 2023)

* [*] Internal improvements.

# 1.12.3 (8 February 2023)

* [*] Internal improvements.

# 1.12.2 (27 January 2023)

* [*] Internal improvements.
 
# 1.12.1 (23 January 2023)

* [*] Internal improvements.

# 1.12.0 (17 January 2023)

* [+] Introduced the new main screen, which offers a bird's view of all domains, installed certificates (if any), the certificates' expiration dates, and certificate authorities. It is now also possible to filer domains by status (valid, expired, self-signed, and so on) and certificate authority.
* [*] Recommended extensions and TLS versions are now shown in the "Settings" drawer.

# 1.11.3 (12 December 2022)

* [*] Internal improvements.

# 1.11.2 (9 December 2022)

* [*] Internal improvements.

# 1.11.1 (11 August 2022)

* [*] Internal improvements.

# 1.11.0 (4 July 2022)

* [+] SSL It! now makes sure that the domain name can be resolved before securing a new domain.
  
  To disable this feature, add lines of the following pattern to the `panel.ini` file:

      [ext-sslit] 
      wait-resolving-enabled = false

# 1.10.3 (22 April 2022)

* [-] An unwanted security warning no longer appears if the Sectigo and Digicert extensions are not installed. (EXTSSLIT-1851)
* [-] Now the option to choose the certificate's vendor does not appear if the Sectigo and Digicert extensions are not installed. (EXTSSLIT-1890)
* [-] It is no longer possible to issue a certificate that secures only domain's aliases, but not the main domain. Such certificates can not be installed in Plesk. (EXTSSLIT-1899)

# 1.10.2 (8 April 2022)

* [-] It is now again possible to issue Let's Encrypt certificates on Plesk versions 18.0.22-18.0.28. (EXTSSLIT-1911)
      
# 1.10.1 (18 March 2022)

* [+] It is now possible to hide the ability to issue SSL/TLS certificates for the specified top-level domains (TLDs). This prevents failed attempts to issue certificates and reduces support workload when a certificate authority does not issue certificates for one or more [country TLDs](https://en.wikipedia.org/wiki/Country_code_top-level_domain).

  To hide the ability to issue SSL/TLS certificates, add lines of the following pattern to the `panel.ini` file:
      
      [ext-sslit] 
      ;For paid Sectigo and DigiCert certificates 
      hiddenTLDsPaidProducts = 'example' ; country TLD
      ;For free Let's Encrypt certificates 
      hiddenTLDsFreeProducts = 'example' ; country TLD

# 1.10.0 (14 March 2022)

* [+] It is now possible to hide the ability to issue wildcard Let's Encrypt certificates for domains that do not use Plesk as the DNS server and cannot be automatically secured with these certificates. This prevents failed attempts to issue the certificates and reduce customer support tickets.

    You can turn on the feature in the Plesk interface (Extensions > the My Extensions tab > click "Open" next to SSL It! > "Settings") or via the CLI.

    To configure the feature via the CLI, run `plesk ext sslit --wildcard-configuration -enable -nameservers 'ns1.&lt;domain>,ns2.&lt;domain>'`. To see more details, use the `plesk ext sslit --help` command.

* [-] A domain secured with a wildcard Let's Encrypt certificate with all the options enabled ("Redirect from http to https", "HSTS", and so on) is no longer wrongly marked as "Security can be improved". (EXTSSLIT-1746)

# 1.9.10 (10 February 2022)

* [*] SSL It! now controls the feature of securing Plesk with SSL/TLS certificates (instead of the Let's Encrypt extension, which did it before).
* [-] If the Sectigo SSL extension is blacklisted, the "Extension with ID 'sectigo' is in blacklist" error no longer occurs. (EXTSSLIT-1842)
* [-] If internationalized domain names (IDN) are mixed case, the extension no longer shows a redundant warning. (EXTSSLIT-1868)
* [-] If Plesk is secured with a certificate issued for a custom domain name, renewal of the certificate now keeps the custom domain name. (EXTSSLIT-1869)
* [-] If nginx is disabled, it is no longer possible to start securing a domain with the "Forwarding" hosting type (because this scenario is not supported and is bound to fail). (EXTSSLIT-1871)

# 1.9.9 (29 December 2021)

* [*] Users in most countries will now see SSL certificate prices without the need to click the "Buy" button.
* [*] It is now possible to configure the list of certificates available for purchase only by enabling and disabling the Sectigo and DigiCert extensions in the Extension Catalog.
* [-] Aliases are no longer getting secured if the "Keep Websites Secured" option is enabled, but the "Secure domain aliases" checkbox is not checked.(EXTSSLIT-1808)

# 1.9.8 (29 November 2021)

* [*] Updated the process of renewing Let's Encrypt certificates for Plesk and Mail server. Now SSL It! renews such certificates on its own.
* [*] Now Plesk automatically removes information about OCSP stapling from the configuration file of the domain web server when unassigning a certificate from the domain.
* [-] Plesk no longer replaces the value of the "Keep websites secured with free SSL/TLS certificates" service plan setting of the SSL It! extension with the value of a similar setting from the Let's Encrypt extension. Previously it happened when updating SSL It! (EXTSSLIT-1741, EXTSSLIT-1788)

# 1.9.7 (28 October 2021)

* [+] In Plesk for Linux, it is now possible to disable HTTPS access to webmail subdomains by adding the following lines to the `panel.ini` file:
              
      [mail]         
      webmail.forceHttp = true
  
  To have these webmail changes take effect, reconfigure all the existing domains by running the `plesk repair web -domains-only` command`. 
  
# 1.9.6 (15 October 2021)

* [*] Internal improvements.

# 1.9.5 (14 October 2021)

* [-] The extension now correctly processes orders paid via PayPal. (EXTSSLIT-1771)

# 1.9.4 (15 September 2021)

* [*] Internal improvements.

# 1.9.3 (09 August 2021)

* [*] Revamped the look of the extension's screen with the list of certificates available for purchase. 
* [+] The extension now shows more details about pending orders of purchased certificates. 
* [+] It is now possible to turn OCSP stapling for domains on and off via the CLI.
* [-] It is now again possible to issue wildcard Let's Encrypt certificates via the CLI. (EXTSSLIT-1476)

# 1.9.2 (20 July 2021)

* [*] Internal improvements.

# 1.9.1 (13 July 2021)

* [-] Creating customers no longer fails without an error message if the Plesk administrator has added the following lines to the `panel.ini` file: (EXTSSLIT-1684)

      [ext-letsencrypt]     
      secure-new-domain = true 

# 1.9.0 (7 July 2021)

* [*] Customers of certain countries can now buy certificates in Plesk itself without going to Plesk Online Store.
* [*] The extension now shows more details about issuance of Sectigo certificates.
* [-] The extension's email notifications of secured domains can no longer contain domains that were not actually secured. (EXTSSLIT-1426)
* [-] If webmail was created as an individual domain, the automatic renewal of the certificates can no longer mistakenly reassign the certificate of the main domain to webmail. (EXTSSLIT-1666)

# 1.8.5 (12 June 2021)

* [-] The extension no longer reassigns an already issued Let's Encrypt certificate to a domain every hour if its mail component should not be secured. (EXTSSLIT-1645)

# 1.8.4 (11 June 2021)

* [-] The extension no longer reassigns an already issued Let's Encrypt certificate to a domain every hour if its mail component is secured. (EXTSSLIT-1630)   

# 1.8.3 (3 June 2021)

* [*] Internal improvements.

# 1.8.2 (28 May 2021)

* [*] By default, the ability to issue Let's Encrypt certificates while creating new subscriptions, domains, or subdomains is turned off. To turn it on, add the following lines to the `panel.ini` file:
        
        [ext-sslit]         
        enableSecuringNewDomain = true
        
    You can also specify the following settings:
      
        [ext-sslit] 
        
        ;Opens the "Secure with an SSL/TLS Certificate" panel 
        collapseSecuringNewDomain = false  
        
        ;Enables the "Secure the domain with Let's Encrypt" option (works only if enableSecuringNewDomain = true)
        secure-new-domain = true 
      
* [-] A user can now cancel a pending certificate order if they created it but then removed the extension of the corresponding certificate authority (for example, Sectigo SSL). (EXTSSLIT-1588)   
* [-] If the "Keep secured" feature is enabled and a domain is secured with a non-Let's Encrypt certificate, the extension now shows the correct security status of the domain. (EXTSSLIT-1535)   
* [-] If the Qmail component is installed, the extension now applies Mozilla ciphers to all available services except Qmail without any issues (Qmail does not support the installation of TLS protocols). (EXTSSLIT-1567)

# 1.8.1 (28 April 2021)

* [*] The extension can now secure a domain alias with a certificate issued for the alias alone (without the main domain name).
* [-] The extension now reissues a certificate that secures a cloned Plesk instance after the Plesk hostname was changed during cloning. (EXTSSLIT-1511)   
* [-] The "Keep secured" task now renews certificates on domains with the forwarding hosting type and disabled SSL support. (EXTSSLIT-1509)   
* [-] The extension can now renew certificates issued for domain aliases with mixed-case names. (EXTSSLIT-1545)

# 1.8.0 (05 April 2021)

* [*] Internal improvements

# 1.7.9 (17 March 2021)

* [-] The extension now correctly processes certificates with more than one domain name in CN. (EXTSSLIT-1396)
* [-] The extension no longer incorrectly automatically resets the wildcard certificate assigned to a subdomain to "None". (EXTSSLIT-1084)
* [-] Paid certificate orders will no longer disappear if users try to issue another certificate in a second browser tab opened before. (EXTSSLIT-1419)

# 1.7.8 (20 February 2021)

* [*] Security improvements
* [-] The extension can now secure the www subdomains of domain aliases with wildcard SSL/TLS certificates. (EXTSSLIT-1370)
* [-] The extension now saves issued valid SSL/TLS certificates in the extension storage even if the certificate installation failed for some reason. The extension can try installing the SSL/TLS certificates from the storage later. (EXTSSLIT-1378)
* [-] The "Keep secured" task now writes entries with correct domain names to `panel.log`. (EXTSSLIT-1373)

# 1.7.7 (29 January 2021)

* [+] Added the certificate products coming in the next Sectigo SSL release to the default list.
* [-] Resetting the list of certificate products to the default value via the CLI no longer fails. (EXTSSLIT-1369)

# 1.7.6 (18 January 2021)

* [-] Temporarily disabled the session resumption option. (EXTSSLIT-1351)
* [-] If a domain is without hosting and the mail service is disabled, the extension interface now shows the link to configure the mail settings to secure webmail with a certificate. (EXTSSLIT-1232)

# 1.7.5 (8 December 2020)

* [*] The extension can now automatically issue Let's Encrypt SSL/TLS certificates only for those domains that 
Plesk verified to be resolvable. Users will no longer see an error from Let's Encrypt that occurred when the extension failed to secure 
non-resolvable domains.

    This improvement will be gradually turned on by default for all Plesk Obsidian installations. 

# 1.7.4 (1 December 2020)

* [-] Accessing the SSL It! page for a domain no longer results in a 500 error if the product that was used to secure the domain has since been disabled in the SSL It! product list. (EXTSSLIT-1287)

# 1.7.3 (23 November 2020)

* [-] The extension no longer sends repetitive email notifications about usage of the deprecated API protocol. (EXTSSLIT-1263)
* [-] The extension can no longer incorrectly treat DigiCert Wildcard OV certificates as DV ones. (EXTSSLIT-1173)

# 1.7.2 (27 October 2020)

* [-] The "Keep secured" feature enabled for the www subdomain (`www.example.com`) now actually secures the subdomain and
the message shown next to it informs that a valid certificate will be later automatically issued and installed. (EXTSSLIT-1222)
* [-] Improved detection of the website security status shown in **Websites & Domains**. 
The status now reflects the fact that the www subdomain can be or can be not secured depending on the actual configuration
(enabled "Keep secured", "HSTS", and so on). (EXTSSLIT-1192)

# 1.7.1 (20 October 2020)

* [+] After a certificate purchase in Plesk Online Store, the certificate order is now automatically reloaded in SSL It!.
* [-] If the DigiCert SSL extension is installed, the SSL It! extension can now be installed without any errors. (EXTSSLIT-1211) 
* [-] SSL It! now generates the list of the recommended extensions dynamically based on the extensions actually available in the Extensions Catalog. 
If SSL It! cannot show any recommended extensions (for example, they are blocked), SSL It! will show the corresponding message. (EXTSSLIT-1205)
* [-] Improved an error message shown when the "Keep Plesk secured" feature ran earlier than Plesk was initialized. (EXTSSLIT-1209) 

# 1.7.0 (13 October 2020)

* [+] Added the "Keep Secured" feature for Plesk (**Tools & Settings** > **SSL/TLS Certificates** (under "Security")).
The feature is enabled by default and automatically secures Plesk with an SSL/TLS certificate from Let's Encrypt. 
* [+] Users that purchased SSL/TLS certificates are now automatically redirected from Plesk Online Store back to the SSL It! page. 
* [+] Added the ability to cherry pick the exact components (mail, webmail, and/or the "www" subdomain) for which users can enable "Keep Secured".
* [+] If a website is not secured with a valid SSL/TLS, Plesk UI notifications inform the website owner 
about it and suggest securing the website with a valid certificate on the SSL It! page. 

# 1.6.0 (9 September 2020)

* [+] In Plesk for Windows, domains with the “Forwarding” hosting type can now be secured via SSL It!.
* [+] The extension now supports the latest Mozilla preset in Plesk Obsidian. Also improved the UX and fixed a number of issues that 
the new preset can cause. (EXTSSLIT-541)

    Note: The "modern" preset is not supported on CentOS 8.

* [+] Added the new "Session resumption" settings: `session_timeout` and `session_cache` 
improve the security and also increase the load speed of a website by speeding up the TLS handshake.
* [*] Improved the SSL It! interface when the website status is "Security can be improved". Now it should be easier
for users to understand which settings to turn on to get the the "Safe and sound!" status.
* [-] The "Keep websites secured" feature no longer substitutes a custom email in an SSL/TLS certificate
with one that belongs to the website owner. (EXTSSLIT-531)
* [-] Checkboxes are now again shown in the extension's interface opened in Safari. (EXTSSLIT-1080)
* [-] If an issue occurred, the executed "Keep websites secured" task no longer substitutes the error message
that explains the cause of the issue with an unrelated error message. (EXTSSLIT-1052)
* [-] The extension's interface now works for a domain when the list of SSL/TLS certificates offered by SSL It! is empty
and the domain has an alias. (EXTSSLIT-1047)
* [-] A subdomain secured with a wildcard SSL/TLS certificate is no longer wrongly shown as "Not secured" if
the certificate was assigned to the main domain. (EXTSSLIT-669)

# 1.5.3 (11 August 2020)

* [-] Sped up the load time of Plesk pages if the extension is installed. (EXTSSLIT-1068)

# 1.5.2 (5 August 2020)

* [-] Email notifications about failed renewal of wildcard certificates on domains with the external DNS service are now sent according to the notification settings. (EXTSSLIT-1056)

# 1.5.1 (21 July 2020)

* [-] No error now occurs when the "keep-secured" scheduled task tries to renew a certificate uploaded manually to a domain. (EXTSSLIT-1036)

# 1.5.0 (17 July 2020)

* [+] Domains with the "Forwarding" hosting type can now be secured via SSL It! with certificates from Let's Encrypt.
The feature works in Plesk Obsidian for Linux with the Let's Encrypt extension version 2.11 and later.
* [+] If SmarterMail is selected as a webmail client, webmail can now be secured.
* [*] The list of secured components on a domain's SSL It! page was rearranged.
Absence of a non-wildcard certificate and a certificate that secures mail is no longer displayed as an error
at the top of "Secured Components".
* [-] If `panel.ini` contains invalid values of SSL It! settings, a domain's SSL It! page no longer fails to be opened with a 500 HTTP error. (EXTSSLIT-959)
* [-] When SmarterMail is selected as a webmail client, renewal of a Let's Encrypt certificate that secures webmail
no longer resets the webmail status to "Not secured". (EXTSSLIT-886)
* [-] A certificate can now be issued for a domain that is used to access Plesk (the "Customizing Plesk URL" feature). (EXTSSLIT-962)
* [-] IDN domain aliases can now be automatically renewed. (EXTSSLIT-978)

# 1.4.1 (5 June 2020)

* [-] If a domain has a subdomain with the SSL support disabled, the SSL It! domain page no longer fails to be opened with a 500 HTTP error. (EXTSSLIT-955)
* [-] If domains have the SSL support disabled, only SSL/TLS certificates from Let's Encrypt can now be selected to secure the domains' webmail. 
Previously it was possible to select SSL/TLS certificates from DigiCert but they cannot secure webmail of the domains without the SSL support. (EXTSSLIT-952)
* [-] Domains are now again can be secured when they are created (when the "Secure the domain with Let's Encrypt" option is selected). (EXTSSLIT-953)
* [-] When a domain was secured with an SSL/TLS certificate and then the SSL support for the domain was disabled,
the "Websites & Domains" page for the domain is now opened without any issues. (EXTSSLIT-954)

# 1.4.0 (4 June 2020)

* [+] In Plesk for Windows, significantly decreased a number of cases when the extension cannot issue a Let’s Encrypt certificate 
because the HTTP-01 challenge cannot be passed. To achieve this, we made the common challenge directory support turned on by default. 
This features has been already introduced in Plesk for Linux for quite some time. Now it works for Windows as well.
   
   Note: If necessary, you can turn off the common challenge directory support via the CLI. However, we recommend that you always keep the support on. 

* [+] The extension can now secure webmail on domains without web hosting. 
* [+] The CLI can now manage wildcard certificates issue and turning on and off HSTS. 
To see details, use the `plesk ext sslit --help` command. 
* [+] Added cache to store domains' security status. In certain cases, it speeds up the loading of the extension's domain screen.
* [*] Redesigned the extension's icons to make them more in tune with the Plesk Obsidian style.  
* [*] For non-Let's Encrypt certificates, added the "Suggest renewing" indicator on a domain card.
The indicator means that an SSL/TLS certificate is about to expire and the extension cannot renew it automatically.
We suggest that users renew the certificate manually in due time.
* [-] When a domain is secured with a custom SSL/TLS certificate, the domain's security status is now identified correctly. (EXTSSLIT-784)
* [-] When a domain has only its www alias secured (for example, only www.example.com is secured but not example.com),
the "Domain with the "www" prefix` option" is no longer marked as not secured. (EXTSSLIT-802)
* [-] Significantly sped up Plesk search on servers that have a large number of subscriptions (more than 100) and
the extension installed. (EXTSSLIT-806)
* [-] Cleaned up the code executed after a user clicks to issue or renew an SSL/TLS certificate.
The extenion no longer shows the "Get it free" button instead of "Renew" and the "No CA plugins available" message by mistake. (EXTSSLIT-832)

# 1.3.2 (23 April 2020)

* [-] Managing a domain's SSL/TLS certificates using Internet Explorer no longer results in a blank page. (EXTSSLIT-822)

# 1.3.1 (16 April 2020)

* [-] On CentOS 6 servers, automatic renewal of SSL/TLS certificates issued via the Let's Encrypt extension no longer fails. (EXTSSLIT-821)

# 1.3.0 (10 April 2020)

* [+] Changed the way how you [customize the list of SSL/TLS certificates offered by SSL It!](https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/advanced-website-security/securing-connections-with-ssltls-certificates/securing-connections-with-the-ssl-it!-extension.80001/#customizing-the-list-of-ssl-tls-certificates-offered-by-ssl-it):
    * You can now do so in the extension's interface and via the CLI. 
    * The previous way of customization (via `panel.ini`) is no longer available. The corresponding `panel.ini` setting
    `filteredProducts` is now deprecated. If you used customization via `panel.ini`, [use the CLI commands instead](https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/advanced-website-security/securing-connections-with-ssltls-certificates/securing-connections-with-the-ssl-it!-extension.80001/#customizing-the-list-of-ssl-tls-certificates-offered-by-ssl-it).
    * Already done customizations continue working after the extension's update. 
* [*] The extension now uses the same CA bundle that comes with Plesk.  
* [*] In Plesk Obsidian, the SSL It! security indicator on a domain card works significantly faster, which makes a difference for servers
with a large number of domains.
* [*] Removed the additional check of SSL/TLS certificates implemented because of the [Let’s Encrypt bug](https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864). 
The check is no longer relevant.
* [-] Issue of an SSL/TLS certificate no longer fails with the "Domain alias not found by id=..." error
if the corresponding certificate order had had an associated domain alias that was then deleted while the order was pending. (EXTSSLIT-677)
* [-] A 500 HTTP error no longer occasionally occurs when users try to access the "SSL/TLS Certificates" screen of certain subscriptions. (EXTSSLIT-678)
* [-] The extension now correctly displays the security status of domains secured with SSL/TLS certificates from DigiCert if the domains's names are mixed-case. (EXTSSLIT-745)
* [-] The extension now correctly displays the security status of a domain secured with a wildcard SSL/TLS certificate if the certificate
was previously assigned to another domain. (EXTSSLIT-769)
* [-] The extension now correctly detects the "Keep websites secured" option state for domains created under a service plan
that had both the SSL It! and WordPress Toolkit services selected. (EXTSSLIT-754)

# 1.2.2 (4 March 2020)

* [*] Let's Encrypt has found a [bug](https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591) and [revokes some of its SSL/TLS certificates on March 4](https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864).
This improvement solves the issue. The SSL IT! extension will check domains as a part of the "Autorenew" feature, then will renew and replace affected Let's Encrypt certificates. 
Future autorenew tasks will be done as usual when SSL/TLS certificates are about to expire. 
 
  To turn off the check and replacement of Let's Encrypt certificates affected by the bug, add the following lines to the `panel.ini` file:

       [ext-sslit]
       renewLetsEncryptRevokedCertificates = false 

# 1.2.1 (24 January 2020)

* [-] In Plesk Obsidian, it is now possible to enable solely HSTS: 
without turning on additional HSTS options "Include subdomains" and "Apply to webmail". (EXTSSLIT-676)
* [-] Fixed the extension's UI that was broken in Plesk Obsidian 18.0.23. (EXTSSLIT-681)

# 1.2.0 (26 December 2019)

* [+] The SSL It! extension can now be used to secure the mail service for the domain with the domain's SSL/TLS certificate.
* [*] Sped up the generation of web server configuration files for domains secured via SSL It!
* [*] Updated the list of trusted root certificates with those from Mozilla CA bundle.
* [-] Unnecessary messages about wildcard certificate renewal failure are no longer sent to users from Plesk servers with the DNS service disabled. (EXTSSLIT-610)
* [-] The title and description of SSL/TLS certificates other than those issued by Let's Encrypt can now again be changed by editing the `panel.ini` file. (EXTSSLIT-604) 
* [-] The extension no longer randomly crashes on servers where it was used to issue a large number of SSL/TLS certificates (1000 or more). (EXTSSLIT-609)
* [-] An unclear error message is no longer shown when SSL It! is unable to connect to the Let's Encrypt server for a long time. (EXTSSLIT-614)
* [-] Additional subscription users now have access to the SSL It! extension. (EXTSSLIT-619)
* [-] Clarified the text under the SSL It! button in the Plesk interface. (EXTSSLIT-621)
* [-] Resolved a number of compatibility issues with Plesk Obsidian.

# 1.1.4 (13 December 2019)

* [-] Resolved a number of compatibility issues with Plesk Obsidian.

# 1.1.3 (4 December 2019)

* [*] The Encryption Everywhere SSL/TLS certificates are no longer available for issue (even if they are specified in
`filteredProducts` in the `panel.ini` file) because the corresponding API is reaching EOL. 
Issue free certificates from Let's Encrypt instead. The already issued Encryption Everywhere certificates keep working until their expiration dates. 

# 1.1.2 (16 October 2019)

* [+] The SSL/TLS Certificates button now opens the SSL It! screen when the new Dynamic List view mode is selected. 
* [-] In Plesk for Linux, if Apache and nginx serve a website and HSTS is enabled for it,
HSTS headers are no longer duplicated and Qualys SSL Labs correctly process the headers. (EXTSSLIT-462)
* [-] When a user manually reissues an SSL/TLS certificate, the extension now suggests 
securing all the previously secured components (subdomains, domain aliases, webmail, and so on)
with the renewed SSL/TLS certificate. (EXTSSLIT-593)
* [-] When a subdomain is secured with a wildcard SSL/TLS certificate, the extension now correctly shows 
if subdomain's components (domain aliases, webmail, the www subdomain) are secured or not secured. (EXTSSLIT-595) 
* [-] The old SSL/TLS Certificates menu is now shown for wildcard subdomains. (EXTSSLIT-542)
* [-] Improved an error message shown when the SSL/TLS certificate issuing has failed. (EXTSSLIT-603)

# 1.1.1 (5 September 2019)

* [+] When SSL It! is installed or updated to version 1.1.1, the extension now detects
SSL/TLS certificates previously issued via the DigiCert extension but absent from the current
SSL It! configuration and then suggests editing the `panel.ini` file to 
see and manage the certificates in the SSL It! interface.
* [*] Updated the list of trusted root certificates with those from Mozilla CA bundle.
* [-] When a user tries to install the extension on Windows 2008,
SSL It! now informs that this OS is not supported because
Windows versions earlier than Windows 2012 do not support SNI. (EXTSSLIT-447)
* [-] No error now occurs when a customer is created without a subscription
and the `secure-new-domain` setting in `panel.ini` is enabled (the extension
no longer tries to secure the customer's non-existent domain with an SSL/TLS certificate). (EXTSSLIT-533)

# 1.1.0 (20 August 2019)

* [+] The extension now shows a warning message when a paid SSL/TLS certificate from DigiCert
is about to expire and suggests buying a new SSL/TLS certificate.
* [*] Updated the link to the documentation in the extension's description.  
* [*] Improved the layout of the extension's screen that shows details about an installed
SSL/TLS certificate in both Obsidian and Onyx color schemes.
* [-] Improved the UX and an error message when the DigiCert SSL extension was removed in the middle 
of ordering an SSL/TLS certificate. (EXTSSLIT-552)

# 1.0.1 (11 July 2019)

* [-] If SLL It! is available for a domain, the domain screen in Websites & Domains can no longer show the duplicate
"SSL/TLS Certificates" link that leads to the old interface for managing SSL/TLS certificates. (EXTSSLIT-535)
* [-] TLS protocols and ciphers can now be again synced with Mozilla: a more stable configuration of protocols and ciphers
is used at the moment. (EXTSSLIT-539) 


# 1.0.0 (28 May 2019)

* [+] Introduced a number of options, which are now available on Websites & Domains > your domain > SSL/TLS Certificates. 
It is now possible to:
    * Enhance the security of your website's visitors by setting up a permanent, SEO-safe 301 
redirect from the insecure HTTP to the secure HTTPS version of the website. To do so, turn on
"Redirect from http to https".
    * (Plesk Obsidian) Enhance the security of webmail connections by setting up a permanent, SEO-safe 301 
redirect from the insecure HTTP to the secure HTTPS webmail connections. To do so, turn on "Redirect from http to https".
The webmail protection will be then applied by default. On Plesk Obsidian for Windows, the redirect to HTTPS for webmail 
connections is enabled by default and no corresponding checkbox is shown in the interface.
    * (Plesk Onyx for Linux, Plesk Obsidian) Protect your website's visitors by prohibiting web browsers from accessing the website 
via insecure HTTP connections. To do so, make sure that your website runs on HTTPS and is secured with an SSL/TLS 
certificate valid during the selected time period, and then turn on HSTS.
    * Ensure that each domain, subdomain, domain alias, and webmail belonging to the subscription
is secured with a free valid certificate from Let's Encrypt. To achieve this, SSL It! can reissue an existing Let's Encrypt certificate
or replace an invalid certificate (expired of self-signed) with a valid one from Let's Encrypt. To get peace of mind by receiving
this all-round protection, turn on the "Keep websites secured" option.
    * Get evaluation of your SSL configuration from SSL Labs, one of the most popular testing services.
Go to the "Run SSL Labs Test" link to check how good the SSL protection of your website is, receive recommendations what can be improved, and follow them to
get the highest possible score, A+. By improving your website rank in SSL Labs Test, you improve your website rank in Google.
    * Easily upgrade your certificate if it is about to expire or a more advanced certificate is available (OV or EV) 
by clicking the "Upgrade certificate" button.
    * (Plesk for Linux) OCSP Stapling can now be turned on and off for websites served by nginx with Apache or solely nginx. 

    Note: OCSP Stapling may not work for certificates from certain vendors (for example, free certificates from DigiCert) 
    if the complete trust chain is not in place. To check if your certificate supports OCSP stapling, run the SSL Labs test 
    of your SSL configuration by going to Websites & Domains > your domain > SSL/TLS Certificates and clicking "Run SSL Labs Test" link.
      
* [-] (Plesk for Linux) It is now possible to enhance the security of connections encrypted with SSL/TLS certificates (website, mail, Plesk, and so on) 
by choosing the configuration of TLS protocols and ciphers (generated by Mozilla), which will be used by Plesk.
Not to lag behind, synchronize with the Mozilla service once every few months by clicking "Sync Now".
* [+] The domain screen in Websites & Domains now informs about the security status of a domain by showing a text message next to 
the SSL It! icon. The message can be "Domain not secured", "Webmail not secured", and others. 
Try to get the "Safe and sound!" message, which means all domain's components are secured and TLS-related options are configured.
* [+] It is now possible to customize the list of SSL/TLS certificates available for order in SSL It! via the `panel.ini` 
file. To know which `panel.ini` settings to edit, install the Panel.ini Editor extension and see the description column
of settings under the `[ext-sslit]` section. 
* [-] Added descriptions of new SSL It! settings to Panel.ini Editor. Plesk administrators can use these settings to customize the appearance
and configuration of SSL It!. (EXTSSLIT-295)
* [-] SSL It! can now automatically renew free certificates from Symantec. (EXTSSLIT-71)
* [-] If a certificate secures a domain plus a subdomain that is an alias for the domain (alias.example.com),
the certificate is now correctly automatically renewed without excluding the alias SAN. (EXTSSLIT-513) 
* [-] If the Plesk database contains a corrupted certificate, SSL It! no longer fails with the 500 Internal Server Error. (EXTSSLIT-445) 
* [-] The webmail client of an add-on domain is no longer changed to the client of the main domain (or even disabled if webmail was
disabled for the main domain) when any of the following actions are done to the SSL/TLS certificate of the main domain: 
issuing, manual or automatic renewal, enabling "Keep websites secured", or unassigning. (EXTSSLIT-173)


# 0.9.0 (29 November 2018)

* [+] Initial release.