VaulTLS

v1.2.0 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 1d Network Security

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

mtls oidc rust vue

Affected surfaces

deps

Summary

AI summary

Updates How to get started, Minor Changes, and @jordanruthe across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Adds Spanish translation for the VaulTLS web UI. Adds Spanish translation for the VaulTLS web UI. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Adds ACME CA support with EAB, domain restrictions, and challenge options. Adds ACME CA support with EAB, domain restrictions, and challenge options. Source: llm_adapter@2026-06-02 Confidence: low	—
Feature	Low	Adds copy button and style adjustments to password field in web UI. Adds copy button and style adjustments to password field in web UI. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds ACME CA support with EAB, domain restrictions, HTTP-01 and DNS-01 challenges, rate limiting, email notifications, and custom DNS resolver options. Adds ACME CA support with EAB, domain restrictions, HTTP-01 and DNS-01 challenges, rate limiting, email notifications, and custom DNS resolver options. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Dependency	Low	Updates many dependencies; recommend upgrading to latest version promptly. Updates many dependencies; recommend upgrading to latest version promptly. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Low	Restores ability to delete SSH certificates in the web UI. Restores ability to delete SSH certificates in the web UI. Source: llm_adapter@2026-06-02 Confidence: high	—

Full changelog

v1.2.0

Welcome to the next VaulTLS release. This release includes two community requested features, ACME and translation. Without the hard work of @jordanruthe these features would not have been possible. Thank you a lot!

ACME (@jordanruthe)

VaulTLS now can act as an Automatic Certificate Management Environment (ACME) CA, enabling the automatic issuance and revocation of TLS certificates using tools such as acme.sh. Features include:

External Account Binding (EAB): Securely tie ACME registrations to your VaulTLS accounts.
Domain Restrictions: Define "Allowed Domains" for each ACME account, supporting exact matches (example.com), single-level subdomains (*.example.com), and multi-level depth (**.example.com).
Challenge Support: Supports both HTTP-01 and DNS-01 challenges, including support for wildcard certificates.
Security & Control: Built-in rate limiting (default 20 orders/24h) and optional email notifications for every issued certificate.
Flexible DNS Validation: Custom DNS resolver support (UDP, DoT, and DoH) for DNS-01 challenge verification.

How to get started:

Enable ACME by setting the environment variable VAULTLS_ACME_ENABLED=true (or via the Admin UI).
Create an ACME account in the new ACME tab to receive your EAB credentials.
Point your ACME client to https://<your-vaultls-instance>/api/acme/directory.

For detailed configuration examples for Traefik, acme.sh, and more, check out the ACME Documentation.

Web UI Translations (@jordanruthe)

VaulTLS is now available in Spanish! You can configure both the current as well as default language used by VaulTLS. If you think you can contribute, I would appreciate your PRs, every language is appreciated! While the French language is currently already selectable in the web UI there are no translations available yet.

Minor Changes

It is now possible again to delete SSH certificates. Thanks for bringing this up @madkoin.
The password field in the web UI now has a copy button and adjusted style. Thanks for your contribution @raspberrydev.

Dependency Updates

A lot of dependencies were again updated, so it is advisable to update to the latest version as soon as possible.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track VaulTLS

Get notified when new releases ship.

About VaulTLS

Selfhostable web app to make managing mTLS certificates a breeze

All releases →