diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8acc132..c00d1af 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
 # Changelog
 
+## 0.3.0 (November 18, 2025)
+
+Features:
+
+* The `preferred_chain` directive allows selecting alternative certificate
+  chains.
+* The `profile` directive allows specifying preferred certificate profile.
+* Requesting certificates for IP addresses is now documented and officially
+  supported.
+
+Bugfixes:
+
+* Directory metadata could not be parsed with certain fields set to `null`.
+  Thanks to Marian Degel.
+* Directory requests failed to handle HTTP redirects.
+  Thanks to Marian Degel.
+* Relative `state_path` was not using `NGX_ACME_STATE_PREFIX`.
+* Build error with BoringSSL (via rust-openssl update).
+* Build error on NetBSD 10 (via rust-openssl update).
+
 ## 0.2.0 (October 8, 2025)
 
 Breaking changes:
diff --git a/Cargo.lock b/Cargo.lock
index 0af82c3..a9a8130 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -340,7 +340,7 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "nginx-acme"
-version = "0.2.0"
+version = "0.3.0"
 dependencies = [
  "base64",
  "bytes",
diff --git a/Cargo.toml b/Cargo.toml
index 12672b3..6d06058 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "nginx-acme"
-version = "0.2.0"
+version = "0.3.0"
 edition = "2021"
 license = "Apache-2.0"
 publish = false
diff --git a/README.md b/README.md
index 6ad7afc..70b49fb 100644
--- a/README.md
+++ b/README.md
@@ -292,7 +292,7 @@ In both cases, the key is expected to be encoded in
 
 ### preferred_chain
 
-**Syntax:** **`preferred_chain`** _`issuer name`_
+**Syntax:** **`preferred_chain`** _`name`_
 
 **Default:** -
 
@@ -302,11 +302,10 @@ _This directive appeared in version 0.3.0._
 
 Specifies the preferred certificate chain.
 
-If the ACME issuer offers multiple certificate chains,
+If the ACME server offers multiple certificate chains,
 prefer the chain with the topmost certificate issued from the
-Subject Common Name _`issuer name`_.
-
-If no matches, the default chain will be used.
+Subject Common Name _`name`_.
+If there are no matches, the default chain will be used.
 
 ### profile
 
@@ -318,12 +317,11 @@ If no matches, the default chain will be used.
 
 _This directive appeared in version 0.3.0._
 
-Requests the supported [certificate profile][draft-ietf-acme-profiles]
+Requests the [certificate profile][draft-ietf-acme-profiles]
 _`name`_ from the ACME server.
 
-The `require` parameter will cause the account registration and certificate
-renewals to fail if the ACME server does not advertise support for the
-specified profile.
+The `require` parameter will cause certificate renewals
+to fail if the server does not support the specified profile.
 
 ### ssl_trusted_certificate