Skip to content

docs: 26.05_1 release — per-SNI ACME and multi-tenant TLS#3

Merged
raffaelschneider merged 2 commits into
mainfrom
docs/26.05_1-per-sni-acme
May 1, 2026
Merged

docs: 26.05_1 release — per-SNI ACME and multi-tenant TLS#3
raffaelschneider merged 2 commits into
mainfrom
docs/26.05_1-per-sni-acme

Conversation

@raffaelschneider

@raffaelschneider raffaelschneider commented May 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Documents the per-SNI ACME feature shipped in zentinel 26.05_1 and bumps the version picker so 26.05 is now Latest.

Changes

  1. content/configuration/listeners.md — extends the SNI section with a "Per-SNI ACME (Multi-tenant TLS)" subsection covering:

    • Independent RenewalScheduler per sni-cert block (Option B isolation).
    • The cert-vs-acme mutual-exclusion rule (rejected at parse time).
    • Implicit hostname derivation from acme.domains and the precedence order vs explicit hostnames and priority-hostnames.
    • Global case-insensitive domain-uniqueness rule across all ACME blocks.
    • Cold-start behavior, the zentinel_tls_sni_cert_skip_total counter, and the operator's "stuck issuance" signal.
  2. content/examples/multi-tenant-tls.md — new worked example: SaaS listener with root ACME + tenant A (HTTP-01) + tenant B (Cloudflare DNS-01 wildcard) + a manual partner certificate. Includes operational checklist.

  3. content/v/26.05/ — snapshot of the finalized top-level docs as the frozen 26.05 archive.

  4. content/v/26.04/ — backfill the three files that had drifted out of the 26.04 archive (agents/waf-engines.md, concepts/agent-pipeline.md, print.md). All three predate the 26.04 release per their updated dates and belong in that archive.

  5. config.toml — version picker updated:

    • current = "26.05".
    • 26.05 added with label = "latest" pointing to /.
    • 26.04 added pointing to /v/26.04/.
    • Stale 26.03 entry dropped (it pointed to /, which now serves 26.05).

Notes

Marketing site (zentinelproxy.io) intentionally not touched. The blog has been silent since 26.02; that's an editorial gap, not a docs gap.

- Extend `configuration/listeners.md` SNI section with a new
  "Per-SNI ACME (Multi-tenant TLS)" subsection covering the 26.05_1
  feature: independent ACME schedulers per SNI block, the cert-vs-acme
  mutual-exclusion rule, implicit hostname derivation from
  `acme.domains`, the global case-insensitive domain-uniqueness rule,
  and cold-start observability (the `zentinel_tls_sni_cert_skip_total`
  counter).
- Add `examples/multi-tenant-tls.md` with a complete worked config
  for a SaaS use case (root ACME + tenant A HTTP-01 + tenant B
  Cloudflare DNS-01 wildcard + a manual cert), including operational
  notes on storage isolation, first-start behavior, and the metric
  to watch.
- Snapshot the finalized top-level docs into `content/v/26.05/` so
  the version picker can serve a frozen 26.05 archive.
- Update `config.toml` version picker: `current = "26.05"`, add
  26.05 (latest) and 26.04 entries to the list. Drop the stale
  26.03 entry that pointed at `/` — that URL now serves 26.05.
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 1, 2026

Copy link
Copy Markdown

Deploying zentinelproxy-io-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: a8e7d8d
Status: ✅  Deploy successful!
Preview URL: https://db245541.zentinelproxy-io-docs.pages.dev
Branch Preview URL: https://docs-26-05-1-per-sni-acme.zentinelproxy-io-docs.pages.dev

View logs

Three files were added to top-level docs after the v/26.04 snapshot
was created and never backported:

- agents/waf-engines.md (updated 2026-03-04)
- concepts/agent-pipeline.md (updated 2026-03-02)
- print.md

All three predate the 26.04 release, so they belong in the 26.04
archive. Copy them in so /v/26.04/ matches top-level (modulo
content that genuinely arrived later, like the new 26.05
multi-tenant-tls example).
@raffaelschneider raffaelschneider merged commit 7024c19 into main May 1, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant