* Python 3.9 support was removed
* Migrated most functionality from setup.py to pyproject.toml
* certbot-nginx no longer uses socket.gethostname when generating self-signed
certificates for use as a temporary step of installing certificates as it
would sometimes result in strings that are too long to be used in the common
name of a certificate. The static domain "temp-certbot-nginx.invalid" is now
used instead
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=102
- Update to 4.0.0:
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/request/show/1271252
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-nginx?expand=0&rev=46
* Added
+ The --preferred-profile and --required-profile flags allow requesting
a profile.
* Changed
+ Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
left, if the lifetime is shorter than 10 days).
+ removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+ removed acme.crypto_util._pyopenssl_cert_or_req_san
+ removed acme.crypto_util.dump_pyopenssl_chain
+ removed acme.crypto_util.gen_ss_cert
+ removed certbot.crypto_util.dump_pyopenssl_chain
+ removed certbot.crypto_util.pyopenssl_load_certificate
* Fixed
+ Moved RewriteEngine on directive added during apache http01
authentication to the end of the virtual host, so that it overwrites
any RewriteEngine off directives that already exist and allows
redirection to the challenge URL.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=96
* certbot-nginx now requires pyOpenSSL>=25.0.0.
* certbot-nginx now requires pyparsing>=2.4.7.
* Allow nginx plugin to parse non-breaking spaces in nginx
configuration files.
* When adding ssl listen directives in nginx server blocks,
IP addresses are now preserved.
* Nginx configurations can now have the http block in files other
than the root (nginx.conf)
* Nginx server_name directives with internal comments now ignore
commented names
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=94
- update to 2.9.0:
* sync with the main certbot package
- Add %{?sle15_python_module_pythons}
* The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01
* The docs extras for the certbot-apache and certbot-nginx
* Follow updated Mozilla recommendations for Nginx ssl_protocols,
* Stop disabling TLS session tickets in Nginx as it caused TLS
* Match Nginx parser update in allowing variable names to start
* Fix ranking of vhosts in Nginx so that all port-matching
- Split the module from the main certboot package
OBS-URL: https://build.opensuse.org/request/show/1157920
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-nginx?expand=0&rev=41
* sync with the main certbot package
* The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01
* The docs extras for the certbot-apache and certbot-nginx
* Follow updated Mozilla recommendations for Nginx ssl_protocols,
* Stop disabling TLS session tickets in Nginx as it caused TLS
* Match Nginx parser update in allowing variable names to start
* Fix ranking of vhosts in Nginx so that all port-matching
- Split the module from the main certboot package
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=84
- update to 1.29.0:
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/request/show/988445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot-nginx?expand=0&rev=36
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=71
* Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org
* A change to order finalization has been made to the `acme` module and Certbot:
- An order's `certificate` field will only be processed if the order's `status` is `valid`.
- An order's `error` field will only be processed if the order's `status` is `invalid`.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot-nginx?expand=0&rev=69
