* Support for Python 3.12 was added.
* Updates `joinpath` syntax to only use one addition per call,
because the multiple inputs version was causing mypy errors
on Python 3.10.
* Makes the `reconfigure` verb actually use the staging server
for the dry run to check the new configuration.
* acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument
which defaults to 30 that causes the verification request to timeout after
* The default key type for new certificates is now ECDSA secp256r1 (P-256).
* acme.messages.Directory now only supports lookups by the exact resource name
* Certbot will no longer respect very long challenge polling intervals, which
may be suggested by some ACME servers. Certbot will continue to wait up to
90 seconds by default, or up to a total of 30 minutes if requested by the server
* acme.client.ClientV2 now provides separate begin_finalization and poll_finalization
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
* The source_address argument for acme.client.ClientNetwork is deprecated and
* use order "status" to determine action during finalization
* The PGP key F2871B4152AE13C49519111F447BF683AA3B26C3 was added
* Added show_account subcommand, which will fetch the account information from
the ACME server and show the account details (account URL and, if applicable,
* Previously, when Certbot was in the process of registering a new ACME account
and the ACME server did not present any Terms of Service, the user was asked
to agree with a non-existent Terms of Service ("None"). This bug is now fixed,
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=108
- Update to 2.6.0
* Support for Python 3.11 was added to Certbot and all of its components
* acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument
which defaults to 30 that causes the verification request to timeout after
that many seconds.
* The default key type for new certificates is now ECDSA secp256r1 (P-256).
It was previously RSA 2048-bit. Existing certificates are not affected.
* acme and Certbot no longer support versions of ACME from before the RFC 8555 standard.
* acme and Certbot no longer support the old urn:acme:error: ACME error prefix.
* many acme classes have been removed
* acme.messages.Directory now only supports lookups by the exact resource name
string in the ACME directory
* Removed the deprecated source_address argument for acme.client.ClientNetwork.
* Certbot will no longer respect very long challenge polling intervals, which
may be suggested by some ACME servers. Certbot will continue to wait up to
90 seconds by default, or up to a total of 30 minutes if requested by the server
via Retry-After.
* certbot show_account now displays the ACME Account Thumbprint.
* acme.messages.OrderResource now supports being round-tripped through JSON
* acme.client.ClientV2 now provides separate begin_finalization and poll_finalization
methods, in addition to the existing finalize_order method.
* Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module.
- Drop the signature (last was acme-1.31.0.tar.gz.asc) and python-acme.keyring
* PyPI currently hides the signatures and plans to drop support
* https://github.com/certbot/certbot/issues/9707
OBS-URL: https://build.opensuse.org/request/show/1091295
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=94
* acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource
and acme.fields.Resource are deprecated and will be removed in a future release.
* acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support
for the old ACME error prefix in Certbot will be removed in the next major
release of Certbot.
* acme.messages.Directory.register is deprecated and will be removed in the
next major release of Certbot. Furthermore, .Directory will only support
lookups by the exact resource name string in the ACME directory (e.g.
directory['newOrder']).
* The source_address argument for acme.client.ClientNetwork is deprecated and
support for it will be removed in the next major release.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=89
* --allow-subset-of-names will now additionally retry in cases where domains
are rejected while creating or finalizing orders. This requires subproblem
support from the ACME server
* The show_account subcommand now uses the "newAccount" ACME endpoint to
fetch the account data, so it doesn't rely on the locally stored account URL.
This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
* The generated Certificate Signing Requests are now generated as version 1
instead of version 3. This resolves situations in where strict enforcement
of PKCS#10 meant that CSRs that were generated as version 3 were rejected
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=87
- Update to version 1.26.0
* Added show_account subcommand, which will fetch the account information from
the ACME server and show the account details (account URL and, if applicable,
email address or addresses)
* The acme library now requires requests>=2.20.0.
* Certbot and its acme library now require pytz>=2019.3.
* Certbot and its acme module now depend on josepy>=1.13.0 due to better type annotation support.
* Previously, when Certbot was in the process of registering a new ACME account
and the ACME server did not present any Terms of Service, the user was asked
to agree with a non-existent Terms of Service ("None"). This bug is now fixed,
so that if an ACME server does not provide any Terms of Service to agree with,
the user is not asked to agree to a non-existent Terms of Service any longer.
* If account registration fails, Certbot did not relay the error from the ACME
server back to the user. This is now fixed: the error message from the ACME
server is now presented to the user when account registration fails.
OBS-URL: https://build.opensuse.org/request/show/967673
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=80
* Support for Python 2 has been removed.
* The acme library no longer depends on the security extras from
requests which was needed to support SNI in TLS requests when
using old versions of Python 2.
* When revoking a certificate by --cert-name, it is no longer
necessary to specify the --server if the certificate was
obtained from a non-default ACME server.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=67
* Added TLS-ALPN-01 challenge support in the acme library. Support of this
challenge in the Certbot client is planned to be added in a future release.
* mock dependency is now conditional on Python 2 in all of our packages.
* When using an RFC 8555 compliant endpoint, the acme library no longer sends the
resource field in any requests or the type field when responding to challenges.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=54
* Removed the fallback introduced with 0.34.0 in acme to retry a POST-as-GET
request as a GET request when the targeted ACME CA server seems to not support
POST-as-GET requests.
* Support for Python 3.4 in Certbot and its ACME library is deprecated and will be
removed in the next release of Certbot.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=48
- update to 0.32.0
* Certbot and its acme module now depend on josepy>=1.1.0.
* An ACME CA server may return a "Retry-After" HTTP header on
authorization polling, as specified in the ACME protocol, to
indicate when the next polling should occur. Certbot now reads
this header if set and respect its value.
* The acme module avoids sending the keyAuthorization field in
the JWS payload when responding to a challenge as the field is
not included in the current ACME protocol. To ease the migration
path for ACME CA servers, Certbot and its acme module will first
try the request without the keyAuthorization field but will
temporarily retry the request with the field included if a
malformed error is received. This fallback will be removed in
version 0.34.0.
OBS-URL: https://build.opensuse.org/request/show/685974
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-acme?expand=0&rev=16
