certbot formerly letsencrypt client for Lets Encrypt Certificates
ATTENTION: Version 1.23.0 is the last version which can be use in Leap.
Version >= 1.24 need python3 >= 3.7
Certbot (previously, the Let's Encrypt client) is an easy-to-use automatic client that fetches and deploys
SSL/TLS certificates for your webserver.
Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as
“the official Let’s Encrypt client” or “the Let’s Encrypt Python client.”
Certbot will also work with any other CAs that support the ACME protocol.
While there are many other clients that implement the ACME protocol to fetch certificates, Certbot is the
most extensive client and can automatically configure your webserver to start serving over HTTPS immediately.
For Apache, it can also optionally automate security tasks such as tuning ciphersuites and enabling important
security features such as HTTP → HTTPS redirects, OCSP stapling, HSTS, and upgrade-insecure-requests.
Certbot is part of EFF’s larger effort to encrypt the entire Internet. Websites need to use HTTPS to secure
the web. Along with HTTPS Everywhere, Certbot aims to build a network that is more structurally private,
safe, and protected against censorship.
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:ecsos:server/certbot && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| README.SUSE | 0000001749 1.71 KB | |
| certbot-cli.ini.patch | 0000001726 1.69 KB | |
| certbot-fix_constants.patch | 0000026515 25.9 KB | |
| certbot.changes | 0000058795 57.4 KB | |
| certbot.cron | 0000000949 949 Bytes | |
| certbot.rpmlintrc | 0000000153 153 Bytes | |
| certbot.spec | 0000017490 17.1 KB | |
| v1.6.0.tar.gz | 0003797817 3.62 MB |
Revision 181 (latest revision is 238)
Eric Schirra (ecsos)
committed
(revision 181)
- Update to 1.6.0
* Added
- Certbot snaps are now available for the arm64 and armhf architectures.
- Add minimal code to run Nginx plugin on NetBSD.
- Make Certbot snap find externally snapped plugins
- Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask
implementing umask for both UNIX and Windows systems.
- Support for alternative certificate chains in the acme module.
- Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains,
it may be used to indicate to Certbot which chain should be preferred.
e.g. --preferred-chain "DST Root CA X3"
* Changed
- Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
- Generalize UI warning message on renewal rate limits
- Certbot behaves similarly on Windows to on UNIX systems regarding umask, and
the umask 022 is applied by default: all files/directories are not writable by anyone
other than the user running Certbot and the system/admin users.
- Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare
for impending acmev1 deprecation.
* Fixed
- Cloudflare API Tokens may now be restricted to individual zones.
- Don't use StrictVersion, but LooseVersion to check version requirements with setuptools,
to fix some packaging issues with libraries respecting PEP404 for version string,
with doesn't match StrictVersion requirements.
- Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.
- Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx
plugins on, e.g., CentOS 7.
More details about these changes can be found on our GitHub repo.
Comments 2
Does it make sense to use systemd instead of cron? It will be easier to enable/disable in YaST and monitor errors.
I am not a friend of systemd. And certainly not from systemd cron. Sorry.