Search K
Appearance
Appearance
Released: 2026-07-??
This release introduces a new mechanism to automatically issue and renew TLS certificates for user-owned domains.
Without any changes, all domains will continue using old TLS management mode. The old mode continues to renew ACME certificates automatically or provision new certificates if Admin SSL is enabled.
To use the new ACME system, it needs to be enabled in the TLS Certificates page for each domain.

Once enabled, the new ACME system will automatically issue TLS certificates for all DNS names used in this domain. The system status and the actions that will be performed will be visible in the domain TLS certificates index page.

It will also report any problems that prevent certificates from being issued automatically.

It is possible to combine the new ACME system with manual certificate management. When a TLS certificate is manually uploaded, the UI offers an option to add the DNS name of the new certificate into the ACME exclusions list. The ACME settings page allows managing the list of DNS names that should be excluded from automatic certificate provisioning.
When the new system fails to issue a certificate for acme_disable_after_failures times in a row, that DNS name will be added to the ACME exclusions list.
Automatic certificate provisioning is performed once every 24 hours for all domains. Initial certificate provisioning for a single domain is performed immediately after a new domain or subdomain is added.
If there are new certificates to be issued, an immediate certificate provisioning can be triggered.

The new ACME certificate provisioning system is available for all licenses (including the legacy licenses). Because the new system provisions certificates for a newly added domain or subdomain, it allows legacy systems to have automated TLS.
The Evolution skin in this release supports only using the new ACME system. The old TLS management interface can still be accessed using the Enhanced skin.
1.9.0.1 to 1.9.115.07 to 15.083.0.15 to 3.0.165.15.0 to 5.16.0The unbound cache flushing before issuing new certificates was not working correctly on systems with unbound versions older than 1.20.1.
The cache flush command is updated to be compatible with older unbound versions.
The following resource usage endpoints are removed in favor of revised api endpoints:
CMD_USER_LIMITS/CMD_API_USER_LIMITS -> /api/resource-usageCMD_RESELLER_LIMITS/CMD_API_RESELLER_LIMITS -> /api/global-resource-usageCMD_ADMIN_LIMITS/CMD_API_ADMIN_LIMITS -> /api/global-resource-usageData directory (data/admin/cgroup_cache) is no longer used and will be removed on next update.
show_all_users_cache_extra_vars configuration option from directadmin.conf removal It is no longer possible to display additional fields (configured using show_all_users_cache_extra_vars directadmin.conf option) within "Show All Users" and "List Users" pages. These pages were updated to always display what was previously the equivalent of show_all_users_cache_extra_vars=date_created:mysql.
The action to upload a new skin via API is removed. Installing new skin can be performed only by the system administrator. It is done by extracting the skin package in the ./data/skins directory using CLI tools.
Affects the rspamd_settings.conf template. The ordering of the 3 blocks written to /etc/rspamd/users.d/fred.conf files have changed. The new order is Whitelist, Blacklist, then User scoring settings.
Anyone who are using CUSTOMX tokens, eg: CUSTOM9 should test their settings with the new template.
CUSTOM12 & CUSTOM13 tokens are now first, after CUSTOM1.CUSTOM10 & CUSTOM11 tokens are after the Whitelist.CUSTOM9 token is now in between Whitelist & Blacklist.