Breaking (but not really)

• #1799 - If the script started by the script installation plugin returns an error, the renewal will now be considered to have failed and logged/notified as such. The program will however still attempt to run any additional installation steps, so there are no functional changes, except that previously this kind of error was invisible/ignored and now it won't be. So after upgrading, existing users may be notified about errors that have been happening for a long time already and may not require immediate attention or changes. In these cases it's probably easiest to silence the error from the script by using a try { } catch { } block. Thanks @rob-vangelder for noticing this.

New features

• #1792 - The secret manager is a new component in the program that can be used to store and update secrets (e.g. passwords and API keys) in a central location. This is an alternative to the current system that stores them individually for each renewal, which works fine but makes rotating them painful. For now the secret manager uses a .json file in the configuration folder as its storage mechanism. As was already the case, the secrets for renewals are encrypted using the Windows Data Protection API. So while there is no immediately improvement in security, it does improve managability. In the future the plan is to make it possible to support external storage providers such as Azure KeyVault as well using the same mechanism. In this release all built-in features have been updated to support the secret manager. The plan is to add support to the plugins as well in the next release.
• #1813 - A new validation plugin for Google Cloud DNS was contributed by @derhally, the second one they've built!

Enhancements

• #1800/#1807 - It is no longer possible to run two instances of win-acme simultaneously (even for different configuration folders, which was previously allowed) to avoid two copies fighting over the use of shared system resources (e.g. network ports and IIS). To avoid this becoming a breaking change, the second copy will wait until the first copy is finished, and then run as usual. @emilstojanov submitted the bug report which led to this idea.
• Command line arguments like *key*, *password*, *secret* and *token* are not logged anymore to avoid leaking sensitive information.
• #1795 - A debug build of the program will now log full http requests and responses in --verbose mode. This is not enabled in release builds for security reasons to avoid leaking sensitive information, so you will need to build the progam yourself using Visual Studio if you want to use this feature. Thanks for the idea @DavidLaClair.
• #1808 - When setting up a new certificate for the Windows Certificate Store with the "full options" menu, users are now asked which specific store they want to use. Previously this could only be specified through the command line or as a global default in settings.json. Thanks for the suggestion @BrianCanFixIT!

Bug fixes

• #1794/#1797 - The GoDaddy plugin release in the previous version turned out to have some issues, which prompted us to remove the download from the releases page even after the first hotfix. Those issues have been fully resolved now and the current implementation has been confirmed to work now by several users. Thanks @DavidLaClair in particular for working with us to test.
• In very specific cases win-acme would decide not create a new IIS binding, even though it was in fact possible.
• #1791 - The health check for the scheduled task could cause a crash in specific cases, making the program unusable until the task was deleted or modified. Thanks @thesushil for the report!
• #1810 - @Virinium improved logging in the DNS lookup system, thanks for the contribution!