* Catches and ignores errors during the directory fetch for ARI checking
so that these errors do not hinder the actual certificate issuance.
* Removed the dependency on pytz.
* Deprecated acme.crypto_util.probe_sni
* Support for Python 3.9 was deprecated and will be removed in our next
planned release.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=129
- Update to 4.1.1
* ACME Renewal Info (ARI) support. certbot renew will automatically
check ARI when using an ACME server that supports it, and may renew
early based on the ARI information.
* Switched to src-layout from flat-layout to accommodate PEP 517 pip
editable installs
* acme.client.ClientNetwork now makes the "key" parameter optional.
* Deprecated acme.challenges.TLSALPN01*, acme.crypto_util.SSLSocket,
acme.standalone.TLSServer, acme.standalone.TLSALPN01Server and
parameter alpn_protocols from acme.crypto_util.probe_sni
* Fixed an unintended change introduced in 4.0.0 where renew_before_expiry
could not be shorter than certbot's default renewal time.
OBS-URL: https://build.opensuse.org/request/show/1286019
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-acme?expand=0&rev=74
* ACME Renewal Info (ARI) support. certbot renew will automatically
check ARI when using an ACME server that supports it, and may renew
early based on the ARI information.
* Switched to src-layout from flat-layout to accommodate PEP 517 pip
editable installs
* acme.client.ClientNetwork now makes the "key" parameter optional.
* Deprecated acme.challenges.TLSALPN01*, acme.crypto_util.SSLSocket,
acme.standalone.TLSServer, acme.standalone.TLSALPN01Server and
parameter alpn_protocols from acme.crypto_util.probe_sni
* Fixed an unintended change introduced in 4.0.0 where renew_before_expiry
could not be shorter than certbot's default renewal time.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=126
- Update to 4.0.0:
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/request/show/1271239
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-acme?expand=0&rev=73
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=124
* Python 3.13 support
* certbot and its acme library now require cryptography>=43.0.0.
* certbot-nginx and our acme library now require pyOpenSSL>=25.0.0.
* Deprecated gen_ss_cert in acme.crypto_util as it uses deprecated
pyOpenSSL API.
* Support for Python 3.8 was deprecated and will be removed in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=120
- update to 2.9.0:
* Support for Python 3.12 was added.
* Updates `joinpath` syntax to only use one addition per call,
because the multiple inputs version was causing mypy errors
on Python 3.10.
* Makes the `reconfigure` verb actually use the staging server
for the dry run to check the new configuration.
- Add %{?sle15_python_module_pythons}
* acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument
which defaults to 30 that causes the verification request to timeout after
* The default key type for new certificates is now ECDSA secp256r1 (P-256).
* acme.messages.Directory now only supports lookups by the exact resource name
* Certbot will no longer respect very long challenge polling intervals, which
may be suggested by some ACME servers. Certbot will continue to wait up to
90 seconds by default, or up to a total of 30 minutes if requested by the server
* acme.client.ClientV2 now provides separate begin_finalization and poll_finalization
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
* The source_address argument for acme.client.ClientNetwork is deprecated and
* use order "status" to determine action during finalization
* The PGP key F2871B4152AE13C49519111F447BF683AA3B26C3 was added
* Added show_account subcommand, which will fetch the account information from
the ACME server and show the account details (account URL and, if applicable,
OBS-URL: https://build.opensuse.org/request/show/1145432
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-acme?expand=0&rev=66
* Support for Python 3.12 was added.
* Updates `joinpath` syntax to only use one addition per call,
because the multiple inputs version was causing mypy errors
on Python 3.10.
* Makes the `reconfigure` verb actually use the staging server
for the dry run to check the new configuration.
* acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument
which defaults to 30 that causes the verification request to timeout after
* The default key type for new certificates is now ECDSA secp256r1 (P-256).
* acme.messages.Directory now only supports lookups by the exact resource name
* Certbot will no longer respect very long challenge polling intervals, which
may be suggested by some ACME servers. Certbot will continue to wait up to
90 seconds by default, or up to a total of 30 minutes if requested by the server
* acme.client.ClientV2 now provides separate begin_finalization and poll_finalization
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
* The source_address argument for acme.client.ClientNetwork is deprecated and
* use order "status" to determine action during finalization
* The PGP key F2871B4152AE13C49519111F447BF683AA3B26C3 was added
* Added show_account subcommand, which will fetch the account information from
the ACME server and show the account details (account URL and, if applicable,
* Previously, when Certbot was in the process of registering a new ACME account
and the ACME server did not present any Terms of Service, the user was asked
to agree with a non-existent Terms of Service ("None"). This bug is now fixed,
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=108
- Update to 2.6.0
* Support for Python 3.11 was added to Certbot and all of its components
* acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument
which defaults to 30 that causes the verification request to timeout after
that many seconds.
* The default key type for new certificates is now ECDSA secp256r1 (P-256).
It was previously RSA 2048-bit. Existing certificates are not affected.
* acme and Certbot no longer support versions of ACME from before the RFC 8555 standard.
* acme and Certbot no longer support the old urn:acme:error: ACME error prefix.
* many acme classes have been removed
* acme.messages.Directory now only supports lookups by the exact resource name
string in the ACME directory
* Removed the deprecated source_address argument for acme.client.ClientNetwork.
* Certbot will no longer respect very long challenge polling intervals, which
may be suggested by some ACME servers. Certbot will continue to wait up to
90 seconds by default, or up to a total of 30 minutes if requested by the server
via Retry-After.
* certbot show_account now displays the ACME Account Thumbprint.
* acme.messages.OrderResource now supports being round-tripped through JSON
* acme.client.ClientV2 now provides separate begin_finalization and poll_finalization
methods, in addition to the existing finalize_order method.
* Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module.
- Drop the signature (last was acme-1.31.0.tar.gz.asc) and python-acme.keyring
* PyPI currently hides the signatures and plans to drop support
* https://github.com/certbot/certbot/issues/9707
OBS-URL: https://build.opensuse.org/request/show/1091295
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=94
- Update to 1.30.0
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
and acme.fields.Resource are deprecated and will be removed in a future release.
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
release of Certbot.
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
directory['newOrder']).
* The source_address argument for acme.client.ClientNetwork is deprecated and
support for it will be removed in the next major release.
OBS-URL: https://build.opensuse.org/request/show/1005262
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-acme?expand=0&rev=61
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
and acme.fields.Resource are deprecated and will be removed in a future release.
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
release of Certbot.
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
directory['newOrder']).
* The source_address argument for acme.client.ClientNetwork is deprecated and
support for it will be removed in the next major release.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=89
- update to 1.29.0:
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/request/show/988382
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-acme?expand=0&rev=60
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=87
