7c88d1243b
- Update to 5.3.1 * We rebuilt our snaps to include updated versions our dependencies.
Markéta Machová2026-02-24 14:53:14 +00:00
60dfb4c52d
Accepting request 1332024 from devel:languages:python:certbot
Ana Guerrero2026-02-09 18:28:29 +00:00
2191b1e202
- Update to 5.3.0 * A new command line flag, --ip-address, has been added. This requests certificates with IP address SANs when using the standalone or manual plugin. Note that for Let's Encrypt's implementation of IP address certificates, you'll also need to pass --preferred-profile shortlived. * Deploy directory hooks are now also run when using certbot certonly or certbot run to get a new cert. * A few largely unused functions/types from certbot.crypto_util have been deprecated in our effort to remove our pyOpenSSL dependency. * Authenticator.get_chall_pref's argument has been renamed from domain to identifier, and can now receive string-formatted IP addresses in addition to domain names.
Markéta Machová2026-02-09 12:54:49 +00:00
f2d322ba8a
- Update to 5.2.2 * Support for Python 3.14 was added. * While nothing significant should have changed from the user's perspective, we've been doing a lot of internal refactoring in preparation for soon adding support for IP address certificates to Certbot. * Fixed a regression that caused certbot to crash if multiple --webroot-path values were set on the command line.
Markéta Machová2026-01-15 13:57:36 +00:00
2714495e02
- Update to 5.1.0 * sync with the rest of certbot ecosystem
Markéta Machová2025-10-14 08:00:33 +00:00
2a6ce6f908
- Update to 5.1.0 * sync with the rest of certbot ecosystem
Markéta Machová2025-10-14 08:00:33 +00:00
d4419c39ce
Accepting request 1302582 from devel:languages:python:certbot
Ana Guerrero2025-09-03 19:08:31 +00:00
9a2d9f3cfc
Accepting request 1302582 from devel:languages:python:certbot
Ana Guerrero2025-09-03 19:08:31 +00:00
a66840214e
- Update to 5.0.0 * Certbot now stores the Retry-After value given by ACME Renewal Info (ARI) so the value can be respected across multiple Certbot runs. * Added uv as a test dependency, and switched most pip invocations to uv pip for faster installs. * certbot.ocsp.RevocationChecker.__init__ no longer accepts the parameter enforce_openssl_binary_usage and always uses the cryptography library for OCSP checking. * Python 3.9 support was removed. * Migrated most functionality from setup.py to pyproject.toml
Markéta Machová2025-09-03 12:19:52 +00:00
b9795d6715
- Update to 5.0.0 * Certbot now stores the Retry-After value given by ACME Renewal Info (ARI) so the value can be respected across multiple Certbot runs. * Added uv as a test dependency, and switched most pip invocations to uv pip for faster installs. * certbot.ocsp.RevocationChecker.__init__ no longer accepts the parameter enforce_openssl_binary_usage and always uses the cryptography library for OCSP checking. * Python 3.9 support was removed. * Migrated most functionality from setup.py to pyproject.toml
Markéta Machová2025-09-03 12:19:52 +00:00
a4f4e53fe2
- Update to 4.2.0 * Added --eab-hmac-alg parameter to support custom HMAC algorithm for External Account Binding. * Catches and ignores errors during the directory fetch for ARI checking so that these errors do not hinder the actual certificate issuance. * Removed the dependency on pytz * Support for Python 3.9 was deprecated and will be removed in our next planned release. * The Certbot snap no longer sets the environment variable PYTHONPATH stopping it from picking up Python files in the current directory and polluting the environment for Certbot hooks written in Python. * Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env variables for use by post-hooks when certificate renewals fail, but we were not actually setting them. Now, we are. * Certbot now always uses the server value from the renewal configuration file for ARI checks instead of the server value from the current invocation of Certbot. This helps prevent ARI requests from going to the wrong server if the user changes CAs. - Make the libalternatives transition conditional
Markéta Machová2025-08-12 15:58:21 +00:00
1e2c3894d7
- Update to 4.2.0 * Added --eab-hmac-alg parameter to support custom HMAC algorithm for External Account Binding. * Catches and ignores errors during the directory fetch for ARI checking so that these errors do not hinder the actual certificate issuance. * Removed the dependency on pytz * Support for Python 3.9 was deprecated and will be removed in our next planned release. * The Certbot snap no longer sets the environment variable PYTHONPATH stopping it from picking up Python files in the current directory and polluting the environment for Certbot hooks written in Python. * Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env variables for use by post-hooks when certificate renewals fail, but we were not actually setting them. Now, we are. * Certbot now always uses the server value from the renewal configuration file for ARI checks instead of the server value from the current invocation of Certbot. This helps prevent ARI requests from going to the wrong server if the user changes CAs. - Make the libalternatives transition conditional
Markéta Machová2025-08-12 15:58:21 +00:00
8b79b2a697
Accepting request 1288528 from devel:languages:python:certbot
Ana Guerrero2025-06-26 09:39:28 +00:00
6a2d199250
Accepting request 1288528 from devel:languages:python:certbot
Ana Guerrero2025-06-26 09:39:28 +00:00
b6792978cd
- Convert to libalternatives - Drop some ancient compatibility code
Markéta Machová2025-06-25 12:15:52 +00:00
6ae512cced
- Convert to libalternatives - Drop some ancient compatibility code
Markéta Machová2025-06-25 12:15:52 +00:00
57125d1aef
Accepting request 1286006 from devel:languages:python:certbot
Ana Guerrero2025-06-16 10:26:23 +00:00
ecc7a49204
Accepting request 1286006 from devel:languages:python:certbot
Ana Guerrero2025-06-16 10:26:23 +00:00
09a3e5b47e
- Update to 4.1.1 * Deprecated parameter enforce_openssl_binary_usage from certbot.ocsp.RevocationChecker. * The --preferred-profile and --required-profile flags now have their values stored in the renewal configuration so the same setting will be used on renewal. * No longer checks ARI during certbot --dry-run. * Fixed an unintended change introduced in 4.0.0 where renew_before_expiry could not be shorter than certbot's default renewal time. * Switched to src-layout from flat-layout to accommodate PEP 517 pip editable installs
Markéta Machová2025-06-13 14:41:40 +00:00
a383c8e675
- Update to 4.1.1 * Deprecated parameter enforce_openssl_binary_usage from certbot.ocsp.RevocationChecker. * The --preferred-profile and --required-profile flags now have their values stored in the renewal configuration so the same setting will be used on renewal. * No longer checks ARI during certbot --dry-run. * Fixed an unintended change introduced in 4.0.0 where renew_before_expiry could not be shorter than certbot's default renewal time. * Switched to src-layout from flat-layout to accommodate PEP 517 pip editable installs
Markéta Machová2025-06-13 14:41:40 +00:00
95f453c79e
Accepting request 1271240 from devel:languages:python:certbot
Ana Guerrero2025-04-22 15:28:57 +00:00
acc04cb883
Accepting request 1271240 from devel:languages:python:certbot
Ana Guerrero2025-04-22 15:28:57 +00:00
7e957d9eca
- Update to 4.0.0: * Added + The --preferred-profile and --required-profile flags allow requesting a profile. * Changed + Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime left, if the lifetime is shorter than 10 days). + removed acme.crypto_util._pyopenssl_cert_or_req_all_names + removed acme.crypto_util._pyopenssl_cert_or_req_san + removed acme.crypto_util.dump_pyopenssl_chain + removed acme.crypto_util.gen_ss_cert + removed certbot.crypto_util.dump_pyopenssl_chain + removed certbot.crypto_util.pyopenssl_load_certificate * Fixed + Moved RewriteEngine on directive added during apache http01 authentication to the end of the virtual host, so that it overwrites any RewriteEngine off directives that already exist and allows redirection to the challenge URL.
Steve Kowalik2025-04-22 03:35:58 +00:00
252baa1fc5
- Update to 4.0.0: * Added + The --preferred-profile and --required-profile flags allow requesting a profile. * Changed + Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime left, if the lifetime is shorter than 10 days). + removed acme.crypto_util._pyopenssl_cert_or_req_all_names + removed acme.crypto_util._pyopenssl_cert_or_req_san + removed acme.crypto_util.dump_pyopenssl_chain + removed acme.crypto_util.gen_ss_cert + removed certbot.crypto_util.dump_pyopenssl_chain + removed certbot.crypto_util.pyopenssl_load_certificate * Fixed + Moved RewriteEngine on directive added during apache http01 authentication to the end of the virtual host, so that it overwrites any RewriteEngine off directives that already exist and allows redirection to the challenge URL.
Steve Kowalik2025-04-22 03:35:58 +00:00
71fe30866c
Accepting request 1254987 from devel:languages:python:certbot
Ana Guerrero2025-03-21 19:23:24 +00:00
e4566bfad8
Accepting request 1254987 from devel:languages:python:certbot
Ana Guerrero2025-03-21 19:23:24 +00:00
105d562683
- Update to 3.3.0 * The --register-unsafely-without-email flag is no longer needed in non-interactive mode. * In interactive mode, pressing Enter at the email prompt will register without an email. * deprecated certbot.crypto_util.dump_pyopenssl_chain * deprecated certbot.crypto_util.pyopenssl_load_certificate * Fixed a bug introduced in Certbot 3.1.0 where OpenSSL environment variables needed in our snap configuration were persisted in calls to external programs like nginx which could cause them to fail to load OpenSSL.
Markéta Machová2025-03-21 12:24:37 +00:00
b9ea4f4c4b
- Update to 3.3.0 * The --register-unsafely-without-email flag is no longer needed in non-interactive mode. * In interactive mode, pressing Enter at the email prompt will register without an email. * deprecated certbot.crypto_util.dump_pyopenssl_chain * deprecated certbot.crypto_util.pyopenssl_load_certificate * Fixed a bug introduced in Certbot 3.1.0 where OpenSSL environment variables needed in our snap configuration were persisted in calls to external programs like nginx which could cause them to fail to load OpenSSL.
Markéta Machová2025-03-21 12:24:37 +00:00
2be72aa29b
Accepting request 1247394 from devel:languages:python:certbot
Ana Guerrero2025-02-20 15:41:53 +00:00
646aaa8b6c
Accepting request 1247394 from devel:languages:python:certbot
Ana Guerrero2025-02-20 15:41:53 +00:00
7099a5ec2e
- update to 3.2.0: * certbot-nginx now requires pyparsing>=2.4.7. * certbot and its acme library now require cryptography>=43.0.0. * certbot-nginx and our acme library now require pyOpenSSL>=25.0.0. * Deprecated gen_ss_cert in acme.crypto_util as it uses deprecated pyOpenSSL API. * Add make_self_signed_cert to acme.crypto_util to replace gen_ss_cert. * Directory hooks are now run on all commands by default, not just renew * Help output now shows False as default when it can be set via cli.ini instead of None` * Changed terms of service agreement text to have a newline after the TOS link * certbot-cloudflare-dns is now pinned to version 2.19 of Cloudflare's python library * Our runtime dependency on setuptools has been dropped from all * The csr_dir and key_dir attributes on * Support for Python 3.8 was deprecated and will be removed in our * Fixed a bug in Certbot where a CSR's SANs did not always follow the order of the domain names that the user requested interactively. In some cases, the resulting cert's common name might seem picked up randomly from the SANs when it should be the first item the user
Dirk Mueller2025-02-13 11:24:57 +00:00
00d1633555
- update to 3.2.0: * certbot-nginx now requires pyparsing>=2.4.7. * certbot and its acme library now require cryptography>=43.0.0. * certbot-nginx and our acme library now require pyOpenSSL>=25.0.0. * Deprecated gen_ss_cert in acme.crypto_util as it uses deprecated pyOpenSSL API. * Add make_self_signed_cert to acme.crypto_util to replace gen_ss_cert. * Directory hooks are now run on all commands by default, not just renew * Help output now shows False as default when it can be set via cli.ini instead of None` * Changed terms of service agreement text to have a newline after the TOS link * certbot-cloudflare-dns is now pinned to version 2.19 of Cloudflare's python library * Our runtime dependency on setuptools has been dropped from all * The csr_dir and key_dir attributes on * Support for Python 3.8 was deprecated and will be removed in our * Fixed a bug in Certbot where a CSR's SANs did not always follow the order of the domain names that the user requested interactively. In some cases, the resulting cert's common name might seem picked up randomly from the SANs when it should be the first item the user
Dirk Mueller2025-02-13 11:24:57 +00:00
f8b6267484
Accepting request 1240555 from devel:languages:python:certbot
Ana Guerrero2025-01-27 19:56:57 +00:00
b28ec1c7ed
Accepting request 1240555 from devel:languages:python:certbot
Ana Guerrero2025-01-27 19:56:57 +00:00
89aa193d9b
- Update to 3.1.0 * Python 3.8 support was removed. * Our runtime dependency on setuptools has been dropped from all Certbot components. * Certbot's packages no longer depend on library importlib_resources. - Convert to pip-based build
Markéta Machová2025-01-27 14:11:26 +00:00
434c669e3a
- Update to 3.1.0 * Python 3.8 support was removed. * Our runtime dependency on setuptools has been dropped from all Certbot components. * Certbot's packages no longer depend on library importlib_resources. - Convert to pip-based build
Markéta Machová2025-01-27 14:11:26 +00:00
d71206df3b
Accepting request 1228065 from devel:languages:python:certbot
Ana Guerrero2024-12-03 19:48:14 +00:00
6365023ca6
Accepting request 1228065 from devel:languages:python:certbot
Ana Guerrero2024-12-03 19:48:14 +00:00
277b11b778
- Update to 3.0.1 * The update_symlinks command was removed. * The csr_dir and key_dir attributes on certbot.configuration.NamespaceConfig were removed. * The --manual-public-ip-logging-ok command line flag was removed. * Support for Python 3.8 was deprecated and will be removed in our next planned release.
Markéta Machová2024-12-03 14:48:46 +00:00
edf91a3e61
- Update to 3.0.1 * The update_symlinks command was removed. * The csr_dir and key_dir attributes on certbot.configuration.NamespaceConfig were removed. * The --manual-public-ip-logging-ok command line flag was removed. * Support for Python 3.8 was deprecated and will be removed in our next planned release.
Markéta Machová2024-12-03 14:48:46 +00:00
77d79f8550
Accepting request 1183167 from devel:languages:python:certbot
Ana Guerrero2024-06-25 21:08:57 +00:00
5abc4b835b
Accepting request 1183167 from devel:languages:python:certbot
Ana Guerrero2024-06-25 21:08:57 +00:00
8c95e397e7
- update to 2.11.0 * Fixed a bug in Certbot where a CSR's SANs did not always follow the order of the domain names that the user requested interactively. In some cases, the resulting cert's common name might seem picked up randomly from the SANs when it should be the first item the user had in mind.
Markéta Machová2024-06-25 12:16:36 +00:00
dcbd7187d4
- update to 2.11.0 * Fixed a bug in Certbot where a CSR's SANs did not always follow the order of the domain names that the user requested interactively. In some cases, the resulting cert's common name might seem picked up randomly from the SANs when it should be the first item the user had in mind.
Markéta Machová2024-06-25 12:16:36 +00:00
8fb415a9d9
Accepting request 1174588 from devel:languages:python:certbot
Ana Guerrero2024-05-16 15:17:25 +00:00
b91117336f
Accepting request 1174588 from devel:languages:python:certbot
Ana Guerrero2024-05-16 15:17:25 +00:00
8728c3905c
- update to 2.10.0: * We no longer publish our beta Windows installer as was originally announced
Dirk Mueller2024-05-09 13:50:24 +00:00
f0cc79eda5
- update to 2.10.0: * We no longer publish our beta Windows installer as was originally announced
Dirk Mueller2024-05-09 13:50:24 +00:00
47b7c8ecec
Accepting request 1145433 from devel:languages:python:certbot
Ana Guerrero2024-02-09 22:54:34 +00:00
e1a538de04
Accepting request 1145433 from devel:languages:python:certbot
Ana Guerrero2024-02-09 22:54:34 +00:00
4b472621b6
- update to 2.9.0: * Support for Python 3.12 was added. * Updates joinpath syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. * Makes the reconfigure verb actually use the staging server for the dry run to check the new configuration. * The default key type for new certificates is now ECDSA secp256r1 (P-256). It was * Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key * The zope based interfaces in certbot.interfaces have been removed in favor of the abc * Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util * Fixes a bug where the certbot working directory has unusably restrictive permissions on * Certbot will no longer respect very long challenge polling intervals, which may be suggested by some ACME servers. Certbot will continue to wait up to 90 seconds by default, or up to * Allow a user to modify the configuration of a certificate without renewing it using the new * Certbot will no longer save previous CSRs and certificate private keys to /etc/letsencrypt/csr * Certbot will now only keep the current and 5 previous certificates in the /etc/letsencrypt/archive directory for each certificate lineage. Any prior certificates will be automatically deleted upon * We deprecated support for the update_symlinks command. Support will be removed in a following * Optionally sign the SOA query for dns-rfc2136, to help resolve problems with split-view DNS setups * Certbot will no longer try to invoke plugins which do not subclass from the proper certbot.interfaces.{Installer,Authenticator} * If Certbot exits before setting up its usual log files, the temporary directory created to save logging information will begin with the name certbot-log- rather than a generic name. This should not be considered a * Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare library which was introduced in the Cloudflare library version 2.10.1. The library would raise an error if a token was specified in the Certbot --dns-cloudflare-credentials file as well as the cloudflare.cfg
Dirk Mueller2024-02-09 13:25:07 +00:00
a8f6320924
- update to 2.9.0: * Support for Python 3.12 was added. * Updates joinpath syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. * Makes the reconfigure verb actually use the staging server for the dry run to check the new configuration. * The default key type for new certificates is now ECDSA secp256r1 (P-256). It was * Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key * The zope based interfaces in certbot.interfaces have been removed in favor of the abc * Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util * Fixes a bug where the certbot working directory has unusably restrictive permissions on * Certbot will no longer respect very long challenge polling intervals, which may be suggested by some ACME servers. Certbot will continue to wait up to 90 seconds by default, or up to * Allow a user to modify the configuration of a certificate without renewing it using the new * Certbot will no longer save previous CSRs and certificate private keys to /etc/letsencrypt/csr * Certbot will now only keep the current and 5 previous certificates in the /etc/letsencrypt/archive directory for each certificate lineage. Any prior certificates will be automatically deleted upon * We deprecated support for the update_symlinks command. Support will be removed in a following * Optionally sign the SOA query for dns-rfc2136, to help resolve problems with split-view DNS setups * Certbot will no longer try to invoke plugins which do not subclass from the proper certbot.interfaces.{Installer,Authenticator} * If Certbot exits before setting up its usual log files, the temporary directory created to save logging information will begin with the name certbot-log- rather than a generic name. This should not be considered a * Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare library which was introduced in the Cloudflare library version 2.10.1. The library would raise an error if a token was specified in the Certbot --dns-cloudflare-credentials file as well as the cloudflare.cfg
Dirk Mueller2024-02-09 13:25:07 +00:00
29d986c0bf
Accepting request 1133000 from devel:languages:python:certbot
Ana Guerrero2023-12-14 21:02:50 +00:00
bd1edbb49c
Accepting request 1133000 from devel:languages:python:certbot
Ana Guerrero2023-12-14 21:02:50 +00:00
f3df20bfa5
- Update to 2.8.0 * Support for Python 3.7 was removed. * Stop using the deprecated pkg_resources API included in setuptools.
Markéta Machová2023-12-07 10:42:45 +00:00
9519055731
- Update to 2.8.0 * Support for Python 3.7 was removed. * Stop using the deprecated pkg_resources API included in setuptools.
Markéta Machová2023-12-07 10:42:45 +00:00
56825c2fad
- Add built-in-lexicon.patch to fix failures with dns-lexicon.
Markéta Machová2023-11-16 14:32:51 +00:00
751493d720
- Add built-in-lexicon.patch to fix failures with dns-lexicon.
Markéta Machová2023-11-16 14:32:51 +00:00
b1d2e792fa
- Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal.
Markéta Machová2023-11-16 12:58:04 +00:00
2c3d1232ec
- Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal.
Markéta Machová2023-11-16 12:58:04 +00:00
c9c961bc7d
Accepting request 1123633 from devel:languages:python:certbot
Ana Guerrero2023-11-06 20:14:51 +00:00
aeaffb8239
Accepting request 1123633 from devel:languages:python:certbot
Ana Guerrero2023-11-06 20:14:51 +00:00
67e391d36d
- Update to 2.7.3 * Add certbot.util.LooseVersion class. See GH #9489. * NamespaceConfig now tracks how its arguments were set via a dictionary, allowing us to remove a bunch of global state previously needed to inspect whether a user set an argument or not. * Support for Python 3.7 was deprecated and will be removed in our next planned release. * Added RENEWED_DOMAINS and FAILED_DOMAINS environment variables for consumption by post renewal hooks. * Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp()
Markéta Machová2023-10-30 15:52:53 +00:00
e4b724796b
- Update to 2.7.3 * Add certbot.util.LooseVersion class. See GH #9489. * NamespaceConfig now tracks how its arguments were set via a dictionary, allowing us to remove a bunch of global state previously needed to inspect whether a user set an argument or not. * Support for Python 3.7 was deprecated and will be removed in our next planned release. * Added RENEWED_DOMAINS and FAILED_DOMAINS environment variables for consumption by post renewal hooks. * Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp()
Markéta Machová2023-10-30 15:52:53 +00:00
121ccf37f9
* The certbot-dns-cloudxns plugin is now deprecated and will be removed in the next major release of Certbot. * Lots of deprecations in the acme module. * Add UI text suggesting users create certs for multiple domains, when possible.
Markéta Machová2022-09-21 17:54:12 +00:00
671ebb1a97
* The certbot-dns-cloudxns plugin is now deprecated and will be removed in the next major release of Certbot. * Lots of deprecations in the acme module. * Add UI text suggesting users create certs for multiple domains, when possible.
Markéta Machová2022-09-21 17:54:12 +00:00
Ana Guerrero
Markéta Machová
Dominique Leuenberger
Steve Kowalik
Dirk Mueller