Revisions of certbot
Eric Schirra (ecsos)
committed
(revision 157)
Eric Schirra (ecsos)
committed
(revision 156)
- update to 0.35.0
* Added
- dns_rfc2136 plugin now supports explicitly specifing an
authorative base domain for cases when the automatic method
does not work (e.g. Split horizon DNS)
* Fixed
- Renewal parameter webroot_path is always saved, avoiding some
regressions when webroot authenticator plugin is invoked with
no challenge to perform.
- Certbot now accepts OCSP responses when an explicit
authorized responder, different from the issuer, is used to
sign OCSP responses.
- Scripts in Certbot hook directories are no longer executed
when their filenames end in a tilde.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only package with changes other than its
version number was:
certbot
certbot-dns-rfc2136
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 155)
- update to 0.34.2
* Fixed
- certbot-auto no longer writes a check_permissions.py script
at the root of the filesystem.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only changes in this release were to
certbot-auto.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 154)
- update to 0.34.1
* Fixed
- certbot-auto no longer prints a blank line when there are no
permissions problems.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only changes in this release were to
certbot-auto.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 153)
- update to 0.34.0
* Changed
- Apache plugin now tries to restart httpd on Fedora using
systemctl if a configuration test error is detected.
This has to be done due to the way Fedora now generates the
self signed certificate files upon first restart.
- Updated Certbot and its plugins to improve the handling of
file system permissions on Windows as a step towards adding
proper Windows support to Certbot.
- Updated urllib3 to 1.24.2 in certbot-auto.
- Removed the fallback introduced with 0.32.0 in acme to retry
a challenge response with a keyAuthorization if sending the
response without this field caused a malformed error to be
received from the ACME server.
- Linode DNS plugin now supports api keys created from their
new panel at cloud.linode.com
- Adding a warning noting that future versions of Certbot will
automatically configure the webserver so that all requests
redirect to secure HTTPS access. You can control this
behavior and disable this warning with the --redirect
and --no-redirect flags.
- certbot-auto now prints warnings when run as root with
insecure file system permissions. If you see these messages,
you should fix the problem by following the instructions at
https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/,
however, these warnings can be disabled as necessary with
the flag --no-permissions-check.
- acme module uses now a POST-as-GET request to retrieve the
registration from an ACME v2 server
- Convert the tsig algorithm specified in the
Eric Schirra (ecsos)
committed
(revision 152)
- update to 0.33.1
* Fixed
- A bug causing certbot-auto to print warnings or crash on some
RHEL based systems has been resolved.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only changes in this release were to
certbot-auto.
More details about these changes can be found on our GitHub repo.
- Changes from 0.33.0
* Added
- Fedora 29+ is now supported by certbot-auto. Since Python 2.x
is on a deprecation path in Fedora, certbot-auto will install
and use Python 3.x on Fedora 29+.
- CLI flag --https-port has been added for Nginx plugin
exclusively, and replaces --tls-sni-01-port. It defines the
HTTPS port the Nginx plugin will use while setting up a new
SSL vhost. By default the HTTPS port is 443.
* Changed
- Support for TLS-SNI-01 has been removed from all official
Certbot plugins.
- Attributes related to the TLS-SNI-01 challenge in
acme.challenges and acme.standalone modules are deprecated
and will be removed soon.
- CLI flags --tls-sni-01-port and --tls-sni-01-address are now
no-op, will generate a deprecation warning if used, and will
be removed soon.
- Options tls-sni and tls-sni-01 in --preferred-challenges flag
are now no-op, will generate a deprecation warning if used,
and will be removed soon.
Eric Schirra (ecsos)
committed
(revision 151)
- update to 0.32.0
* Added
- If possible, Certbot uses built-in support for OCSP from
recent cryptography versions instead of the OpenSSL binary:
as a consequence Certbot does not need the OpenSSL binary to
be installed anymore if cryptography>=2.5 is installed.
* Changed
- Certbot and its acme module now depend on josepy>=1.1.0 to
avoid printing the warnings described at
https://github.com/certbot/josepy/issues/13.
- Apache plugin now respects CERTBOT_DOCS environment variable
when adding command line defaults.
- The running of manual plugin hooks is now always included in
Certbot's log output.
- Tests execution for certbot, certbot-apache and certbot-nginx
packages now relies on pytest.
- An ACME CA server may return a Retry-After HTTP header on
authorization polling, as specified in the ACME protocol,
to indicate when the next polling should occur. Certbot now
reads this header if set and respect its value.
- The acme module avoids sending the keyAuthorization field in
the JWS payload when responding to a challenge as the field
is not included in the current ACME protocol. To ease the
migration path for ACME CA servers, Certbot and its acme
module will first try the request without the
keyAuthorization field but will temporarily retry the request
with the field included if a malformed error is received.
This fallback will be removed in version 0.34.0.
* Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
Eric Schirra (ecsos)
committed
(revision 150)
Eric Schirra (ecsos)
committed
(revision 149)
Eric Schirra (ecsos)
committed
(revision 147)
- Drop package letshelp-certbot because it should not be packaged.
Eric Schirra (ecsos)
committed
(revision 146)
- update to 0.31.0
* Added
- Avoid reprocessing challenges that are already validated when
a certificate is issued.
- Support for initiating (but not solving end-to-end)
TLS-ALPN-01 challenges with the acme module.
* Changed
- Certbot's official Docker images are now based on Alpine
Linux 3.9 rather than 3.7. The new version comes with
OpenSSL 1.1.1.
- Lexicon-based DNS plugins are now fully compatible with
Lexicon 3.x (support on 2.x branch is maintained).
- Apache plugin now attempts to configure all VirtualHosts
matching requested domain name instead of only a single one
when answering the HTTP-01 challenge.
* Fixed
- Fixed accessing josepy contents through acme.jose when the
full acme.jose path is used.
- Clarify behavior for deleting certs as part of revocation.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only package with changes other than its
version number was:
acme
certbot
certbot-apache
certbot-dns-cloudxns
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-gehirn
Eric Schirra (ecsos)
committed
(revision 145)
Eric Schirra (ecsos)
committed
(revision 144)
Eric Schirra (ecsos)
committed
(revision 143)
- update to 0.30.2
* Fixed
- Update the version of setuptools pinned in certbot-auto to
40.6.3 to solve installation problems on newer OSes.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, this release only affects certbot-auto.
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 142)
- update to 0.30.1
* Fixed
- Always download the pinned version of pip in pipstrap to
address breakages
- Rename old,default.conf to old-and-default.conf to address
commas in filenames breaking recent versions of pip.
- Add VIRTUALENV_NO_DOWNLOAD=1 to all calls to virtualenv to
address breakages from venv downloading the latest pip
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only package with changes other than
its version number was:
certbot-apache
More details about these changes can be found on our GitHub repo.
Eric Schirra (ecsos)
committed
(revision 141)
Eric Schirra (ecsos)
committed
(revision 140)
- Change server and challenge in cli.ini to up-to-date values.
Eric Schirra (ecsos)
committed
(revision 139)
- update to 0.30.0
* Added
- Added the `update_account` subcommand for account management
commands.
* Changed
- Copied account management functionality from the `register`
subcommand to the `update_account` subcommand.
- Marked usage `register --update-registration` for deprecation
and removal in a future release.
* Fixed
- Older modules in the josepy library can now be accessed
through acme.jose like it could in previous versions of acme.
This is only done to preserve backwards compatibility and
support for doing this with new modules in josepy will not be
added. Users of the acme library should switch to using
josepy directly if they haven't done so already.
Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
time being, however, the only package with changes other than its
version number was:
acme
More details about these changes can be found on our GitHub repo:
https://github.com/certbot/certbot/milestone/63?closed=1
Displaying revisions 81 - 100 of 238
