certbot formerly letsencrypt client for Lets Encrypt Certificates
ATTENTION: Version 1.23.0 is the last version which can be use in Leap.
Version >= 1.24 need python3 >= 3.7
Certbot (previously, the Let's Encrypt client) is an easy-to-use automatic client that fetches and deploys
SSL/TLS certificates for your webserver.
Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as
“the official Let’s Encrypt client” or “the Let’s Encrypt Python client.”
Certbot will also work with any other CAs that support the ACME protocol.
While there are many other clients that implement the ACME protocol to fetch certificates, Certbot is the
most extensive client and can automatically configure your webserver to start serving over HTTPS immediately.
For Apache, it can also optionally automate security tasks such as tuning ciphersuites and enabling important
security features such as HTTP → HTTPS redirects, OCSP stapling, HSTS, and upgrade-insecure-requests.
Certbot is part of EFF’s larger effort to encrypt the entire Internet. Websites need to use HTTPS to secure
the web. Along with HTTPS Everywhere, Certbot aims to build a network that is more structurally private,
safe, and protected against censorship.
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:ecsos:server/certbot && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| README.SUSE | 0000001749 1.71 KB | |
| certbot-cli.ini.patch | 0000001696 1.66 KB | |
| certbot-fix_constants.patch | 0000002694 2.63 KB | |
| certbot.changes | 0000036541 35.7 KB | |
| certbot.cron | 0000000949 949 Bytes | |
| certbot.rpmlintrc | 0000000153 153 Bytes | |
| certbot.spec | 0000016142 15.8 KB | |
| v0.32.0.tar.gz | 0001284873 1.23 MB |
Revision 151 (latest revision is 238)
Eric Schirra (ecsos)
committed
(revision 151)
- update to 0.32.0
* Added
- If possible, Certbot uses built-in support for OCSP from
recent cryptography versions instead of the OpenSSL binary:
as a consequence Certbot does not need the OpenSSL binary to
be installed anymore if cryptography>=2.5 is installed.
* Changed
- Certbot and its acme module now depend on josepy>=1.1.0 to
avoid printing the warnings described at
https://github.com/certbot/josepy/issues/13.
- Apache plugin now respects CERTBOT_DOCS environment variable
when adding command line defaults.
- The running of manual plugin hooks is now always included in
Certbot's log output.
- Tests execution for certbot, certbot-apache and certbot-nginx
packages now relies on pytest.
- An ACME CA server may return a Retry-After HTTP header on
authorization polling, as specified in the ACME protocol,
to indicate when the next polling should occur. Certbot now
reads this header if set and respect its value.
- The acme module avoids sending the keyAuthorization field in
the JWS payload when responding to a challenge as the field
is not included in the current ACME protocol. To ease the
migration path for ACME CA servers, Certbot and its acme
module will first try the request without the
keyAuthorization field but will temporarily retry the request
with the field included if a malformed error is received.
This fallback will be removed in version 0.34.0.
* Despite us having broken lockstep, we are continuing to release
new versions of all Certbot components during releases for the
Comments 2
Does it make sense to use systemd instead of cron? It will be easier to enable/disable in YaST and monitor errors.
I am not a friend of systemd. And certainly not from systemd cron. Sorry.