Revisions of certbot
Eric Schirra (ecsos)
committed
(revision 198)
Eric Schirra (ecsos)
committed
(revision 197)
Eric Schirra (ecsos)
committed
(revision 196)
- Update tp 1.17.0
* Added
- Add Void Linux overrides for certbot-apache.
* Changed
- We changed how dependencies are specified between Certbot packages. For this
and future releases, higher level Certbot components will require that lower
level components are the same version or newer. More specifically, version X
of the Certbot package will now always require acme>=X and version Y of a
plugin package will always require acme>=Y and certbot=>Y. Specifying
dependencies in this way simplifies testing and development.
- The Apache authenticator now always configures virtual hosts which do not have
an explicit ServerName. This should make it work more reliably with the
default Apache configuration in Debian-based environments.
* Fixed
- When we increased the logging level on our nginx "Could not parse file" message,
it caused a previously-existing inability to parse empty files to become more
visible. We have now added the ability to correctly parse empty files, so that
message should only show for more significant errors.
- Add certbot-repoze.sphinx.autointerface.patch to fix docs and man build error for certbot itself.
Think there is an error with python-repoze.sphinx.autointerface package.
Eric Schirra (ecsos)
committed
(revision 195)
- Update to 1.16.0
* Changed
- DNS plugins based on lexicon now require dns-lexicon >= v3.1.0
- Use UTF-8 encoding for renewal configuration files
- Windows installer now cleans up old Certbot dependency packages
before installing the new ones to avoid version conflicts.
- This release contains a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. If you would like to see more verbose output, use
the -v or -vv flags. UX improvements are an iterative process and
the Certbot team welcomes constructive feedback.
- Functions certbot.crypto_util.init_save_key and certbot.crypto_util.init_save_csr,
whose behaviors rely on the global Certbot config singleton, are deprecated and will
be removed in a future release. Please use certbot.crypto_util.generate_key and
certbot.crypto_util.generate_csr instead.
* Fixed
- Fix TypeError due to incompatibility with lexicon >= v3.6.0
- Installers (e.g. nginx, Apache) were being restarted unnecessarily
after dry-run renewals.
- Colors and bold text should properly render in all supported
versions of Windows.
Eric Schirra (ecsos)
committed
(revision 193)
- Update to 1.14.0
* Changed
- certbot-auto no longer checks for updates on any operating
system.
- The module acme.magic_typing is deprecated and will be
removed in a future release.
Please use the built-in module typing instead.
- The DigitalOcean plugin now creates TXT records for the
DNS-01 challenge with a lower 30s TTL.
* Fixed
Don't output an empty line for a hidden certificate when
certbot certificates is being used in combination with
--cert-name or -d.
Eric Schirra (ecsos)
committed
(revision 192)
Eric Schirra (ecsos)
committed
(revision 191)
- Update to 1.13.0
* Changed
- CLI flags --os-packages-only, --no-self-upgrade, --no-bootstrap and --no-permissions-check,
which are related to certbot-auto, are deprecated and will be removed in a future release.
- Certbot no longer conditionally depends on an external mock module. Certbot's
test API will continue to use it if it is available for backwards
compatibility, however, this behavior has been deprecated and will be removed
in a future release.
- The acme library no longer depends on the security extras from requests
which was needed to support SNI in TLS requests when using old versions of
Python 2.
- Certbot and all of its components no longer depend on the library six.
- The update of certbot-auto itself is now disabled on all RHEL-like systems.
- When revoking a certificate by --cert-name, it is no longer necessary to specify the --server
if the certificate was obtained from a non-default ACME server.
- The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01
challenge. It is now compatible with external HTTPS redirection by a CDN or load balancer.
Eric Schirra (ecsos)
committed
(revision 190)
- Update to 1.12.0
* Changed
- The --preferred-chain flag now only checks the Issuer Common Name of the
topmost (closest to the root) certificate in the chain, instead of checking
every certificate in the chain.
See #8577.
- Support for Python 2 has been removed.
- In previous releases, we caused certbot-auto to stop updating its Certbot
installation. In this release, we are beginning to disable updates to the
certbot-auto script itself. This release includes Amazon Linux users, and all
other systems that are not based on Debian or RHEL. We plan to make this
change to the certbot-auto script for all users in the coming months.
* Fixed
- Fixed the apache component on openSUSE Tumbleweed which no longer provides
an apache2ctl symlink and uses apachectl instead.
- Fixed a typo in certbot/crypto_util.py causing an error upon
attempting secp521r1 key generation
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 189)
- Update to 1.11.0
* Changed
- We deprecated support for Python 2 in Certbot and its ACME library.
Support for Python 2 will be removed in the next planned release of Certbot.
- certbot-auto was deprecated on all systems. For more information
about this change, see
https://community.letsencrypt.org/t/certbot-auto-no-longer-works-on-debian-based-systems/139702/7.
- We deprecated support for Apache 2.2 in the certbot-apache plugin
and it will be removed in a future release of Certbot.
* Fixed
- The Certbot snap no longer loads packages installed via pip install --user.
This was unintended and DNS plugins should be installed via snap instead.
- certbot-dns-google would sometimes crash with HTTP 409/412 errors
when used with very large zones. See #6036.
- certbot-dns-google would sometimes crash with an HTTP 412 error if
preexisting records had an unexpected TTL, i.e.: different than
Certbot's default TTL for this plugin. See #8551.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 187)
- Update to 1.10.0
* Added
- Added timeout to DNS query function calls for dns-rfc2136 plugin.
- Confirmation when deleting certificates
- CLI flag --key-type has been added to specify 'rsa' or 'ecdsa' (default 'rsa').
- CLI flag --elliptic-curve has been added which takes an NIST/SECG elliptic curve.
Any of secp256r1, secp284r1 and secp521r1 are accepted values.
- The command certbot certficates lists the which type of the
private key that was used for the private key.
- Support for Python 3.9 was added to Certbot and all of its components.
* Changed
- certbot-auto was deprecated on Debian based systems.
- CLI flag --manual-public-ip-logging-ok is now a no-op, generates a
deprecation warning, and will be removed in a future release.
* Fixed
- Fixed a Unicode-related crash in the nginx plugin when running under Python 2.
- More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 186)
Eric Schirra (ecsos)
committed
(revision 185)
- Update to 1.9.0
* Added
- --preconfigured-renewal flag, for packager use only.
See the packaging guide.
* Changed
- certbot-auto was deprecated on all systems except for those based on Debian or RHEL.
- Update the packaging instructions to promote usage of python -m pytest to test Certbot
instead of the deprecated python setup.py test setuptools approach.
- Reduced CLI logging when reloading nginx, if it is not running.
- Reduced CLI logging when handling some kinds of errors.
* Fixed
- Fixed server_name case-sensitivity in the nginx plugin.
- The minimum version of the acme library required by Certbot was corrected.
In the previous release, Certbot said it required acme>=1.6.0 when it
actually required acme>=1.8.0 to properly support removing contact
information from an ACME account.
- Upgraded the version of httplib2 used in our snaps and Docker images to add
support for proxy environment variables and fix the plugin for Google Cloud
DNS.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 184)
Eric Schirra (ecsos)
committed
(revision 183)
- Update to 1.8.0
* Added
- Added the ability to remove email and phone contact information from an account
using update_account --register-unsafely-without-email
* Changed
- Support for Python 3.5 has been removed.
* Fixed
- The problem causing the Apache plugin in the Certbot snap on ARM systems to
fail to load the Augeas library it depends on has been fixed.
- The acme library can now tell the ACME server to clear contact information by passing an empty
tuple to the contact field of a Registration message.
- Fixed the *** stack smashing detected *** error in the Certbot snap on some systems.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 182)
- Update to 1.7.0
* Added
- Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name):
this concerns the plugin name, CLI flags, and keys in credential files.
The prefixed form is still supported but is deprecated, and will be removed in a future release.
- Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload.
* Changed
- The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200,
due to https://www.linode.com/blog/linode/linode-turns-17/
- We deprecated support for Python 3.5 in Certbot and its ACME library.
Support for Python 3.5 will be removed in the next major release of Certbot.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 181)
- Update to 1.6.0
* Added
- Certbot snaps are now available for the arm64 and armhf architectures.
- Add minimal code to run Nginx plugin on NetBSD.
- Make Certbot snap find externally snapped plugins
- Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask
implementing umask for both UNIX and Windows systems.
- Support for alternative certificate chains in the acme module.
- Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains,
it may be used to indicate to Certbot which chain should be preferred.
e.g. --preferred-chain "DST Root CA X3"
* Changed
- Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
- Generalize UI warning message on renewal rate limits
- Certbot behaves similarly on Windows to on UNIX systems regarding umask, and
the umask 022 is applied by default: all files/directories are not writable by anyone
other than the user running Certbot and the system/admin users.
- Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare
for impending acmev1 deprecation.
* Fixed
- Cloudflare API Tokens may now be restricted to individual zones.
- Don't use StrictVersion, but LooseVersion to check version requirements with setuptools,
to fix some packaging issues with libraries respecting PEP404 for version string,
with doesn't match StrictVersion requirements.
- Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.
- Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx
plugins on, e.g., CentOS 7.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 179)
- Update to 1.5.0
* Added
- Require explicit confirmation of snap plugin permissions
before connecting.
* Changed
- Improved error message in apache installer when mod_ssl is
not available.
* Fixed
- Add support for OCSP responses which use a public key hash
ResponderID, fixing interoperability with Sectigo CAs.
- Fix TLS-ALPN test that fails when run with newer versions of
OpenSSL.
- More details about these changes can be found on our GitHub
repo.
Displaying revisions 41 - 60 of 238
