v1.6.4

This is a bugfix release that users are advised to upgrade if running 1.6.1, 1.6.2, or 1.6.2.

See 8f8c98a for particulars; when the remote CA changes, certmgr doesn't internally maintain state correctly and will invoke the spec's 'action' on every wake.