* Python 3.9 support was removed
* Migrated most functionality from setup.py to pyproject.toml
* Updated apache TLS configuration options:
* Added DHE-RSA-CHACHA20-POLY1305 to SSLCipherSuite list
* Configured curves using SSLOpenSSLConfCmd so FFDH won't be used
with OpenSSL 3.0
* certbot-apache no longer prints a warning claiming the version of
OpenSSL used by Apache is too old when we were unable determine
the OpenSSL version
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-apache?expand=0&rev=110
- Update to 4.0.0:
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/request/show/1271241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-apache?expand=0&rev=46
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-apache?expand=0&rev=103
- update to 2.9.0:
* Support for Python 3.12 was added.
* Updates `joinpath` syntax to only use one addition per call,
because the multiple inputs version was causing mypy errors
on Python 3.10.
* Makes the `reconfigure` verb actually use the staging server
for the dry run to check the new configuration.
- Add %{?sle15_python_module_pythons}
* Disable old SSL versions and ciphersuites and remove SSLCompression off
* Stop disabling TLS session tickets in Apache as it caused TLS
* The error message when Certbot's Apache plugin is unable to
* Tests execution for certbot, certbot-apache and certbot-nginx
* Apache plugin now attempts to configure all VirtualHosts matching
requested domain name instead of only a single one when answering
* The grammar used by Augeas parser in Apache plugin was updated
OBS-URL: https://build.opensuse.org/request/show/1145438
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-apache?expand=0&rev=41
* Support for Python 3.12 was added.
* Updates `joinpath` syntax to only use one addition per call,
because the multiple inputs version was causing mypy errors
on Python 3.10.
* Makes the `reconfigure` verb actually use the staging server
for the dry run to check the new configuration.
* Disable old SSL versions and ciphersuites and remove SSLCompression off
* Stop disabling TLS session tickets in Apache as it caused TLS
* The error message when Certbot's Apache plugin is unable to
* Tests execution for certbot, certbot-apache and certbot-nginx
* Apache plugin now attempts to configure all VirtualHosts matching
requested domain name instead of only a single one when answering
* The grammar used by Augeas parser in Apache plugin was updated
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-apache?expand=0&rev=91
- update to 1.29.0:
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/request/show/988434
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-apache?expand=0&rev=36
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-apache?expand=0&rev=78
* Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org
* A change to order finalization has been made to the `acme` module and Certbot:
- An order's `certificate` field will only be processed if the order's `status` is `valid`.
- An order's `error` field will only be processed if the order's `status` is `invalid`.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-apache?expand=0&rev=76
