8c95e397e7- update to 2.11.0 * Fixed a bug in Certbot where a CSR's SANs did not always follow the order of the domain names that the user requested interactively. In some cases, the resulting cert's common name might seem picked up randomly from the SANs when it should be the first item the user had in mind.
devel
Markéta Machová2024-06-25 12:16:36 +00:00
8fb415a9d9Accepting request 1174588 from devel:languages:python:certbotAna Guerrero2024-05-16 15:17:25 +00:00
8728c3905c- update to 2.10.0: * We no longer publish our beta Windows installer as was originally announcedDirk Mueller2024-05-09 13:50:24 +00:00
47b7c8ececAccepting request 1145433 from devel:languages:python:certbotAna Guerrero2024-02-09 22:54:34 +00:00
4b472621b6- update to 2.9.0: * Support for Python 3.12 was added. * Updates joinpath syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. * Makes the reconfigure verb actually use the staging server for the dry run to check the new configuration. * The default key type for new certificates is now ECDSA secp256r1 (P-256). It was * Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key * The zope based interfaces in certbot.interfaces have been removed in favor of the abc * Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util * Fixes a bug where the certbot working directory has unusably restrictive permissions on * Certbot will no longer respect very long challenge polling intervals, which may be suggested by some ACME servers. Certbot will continue to wait up to 90 seconds by default, or up to * Allow a user to modify the configuration of a certificate without renewing it using the new * Certbot will no longer save previous CSRs and certificate private keys to /etc/letsencrypt/csr * Certbot will now only keep the current and 5 previous certificates in the /etc/letsencrypt/archive directory for each certificate lineage. Any prior certificates will be automatically deleted upon * We deprecated support for the update_symlinks command. Support will be removed in a following * Optionally sign the SOA query for dns-rfc2136, to help resolve problems with split-view DNS setups * Certbot will no longer try to invoke plugins which do not subclass from the proper certbot.interfaces.{Installer,Authenticator} * If Certbot exits before setting up its usual log files, the temporary directory created to save logging information will begin with the name certbot-log- rather than a generic name. This should not be considered a * Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare library which was introduced in the Cloudflare library version 2.10.1. The library would raise an error if a token was specified in the Certbot --dns-cloudflare-credentials file as well as the cloudflare.cfgDirk Mueller2024-02-09 13:25:07 +00:00
29d986c0bfAccepting request 1133000 from devel:languages:python:certbotAna Guerrero2023-12-14 21:02:50 +00:00
f3df20bfa5- Update to 2.8.0 * Support for Python 3.7 was removed. * Stop using the deprecated pkg_resources API included in setuptools.Markéta Machová2023-12-07 10:42:45 +00:00
56825c2fad- Add built-in-lexicon.patch to fix failures with dns-lexicon.Markéta Machová2023-11-16 14:32:51 +00:00
b1d2e792fa- Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal.Markéta Machová2023-11-16 12:58:04 +00:00
c9c961bc7dAccepting request 1123633 from devel:languages:python:certbotAna Guerrero2023-11-06 20:14:51 +00:00
67e391d36d- Update to 2.7.3 * Add certbot.util.LooseVersion class. See GH #9489. * NamespaceConfig now tracks how its arguments were set via a dictionary, allowing us to remove a bunch of global state previously needed to inspect whether a user set an argument or not. * Support for Python 3.7 was deprecated and will be removed in our next planned release. * Added RENEWED_DOMAINS and FAILED_DOMAINS environment variables for consumption by post renewal hooks. * Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp()Markéta Machová2023-10-30 15:52:53 +00:00
121ccf37f9* The certbot-dns-cloudxns plugin is now deprecated and will be removed in the next major release of Certbot. * Lots of deprecations in the acme module. * Add UI text suggesting users create certs for multiple domains, when possible.Markéta Machová2022-09-21 17:54:12 +00:00
d4973caa48- Update to 1.30.0 * Add UI text suggesting users create certs for multiple domains, when possible.Markéta Machová2022-09-21 17:48:42 +00:00
64e51ff1e2- update to 1.29.0: * --allow-subset-of-names will now additionally retry in cases where domains are rejected while creating or finalizing orders. This requires subproblem support from the ACME server * The show_account subcommand now uses the "newAccount" ACME endpoint to fetch the account data, so it doesn't rely on the locally stored account URL. This fixes situations where Certbot would use old ACMEv1 registration info with non-functional account URLs. * The generated Certificate Signing Requests are now generated as version 1 instead of version 3. This resolves situations in where strict enforcement of PKCS#10 meant that CSRs that were generated as version 3 were rejectedDirk Mueller2022-07-11 13:18:04 +00:00
6b16892476- update to 1.28.0: * Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org * A change to order finalization has been made to the acme module and Certbot: - An order's certificate field will only be processed if the order's status is valid. - An order's error field will only be processed if the order's status is invalid.Dirk Mueller2022-06-24 19:25:24 +00:00
15140efa51- Update to version 1.27.0 * The PGP key F2871B4152AE13C49519111F447BF683AA3B26C3 was added as an additional trusted key to sign our PyPI packages * When certonly is run with an installer specified (e.g. --nginx), certonly will now also run restart for that installer - Refreshed python-certbot.keyringMarkéta Machová2022-05-30 09:16:37 +00:00
8e3ad2443d- update to version 1.17.0 * We changed how dependencies are specified between Certbot packages. For this and future releases, higher level Certbot components will require that lower level components are the same version or newer. More specifically, version X of the Certbot package will now always require acme>=X and version Y of a plugin package will always require acme>=Y and certbot=>Y. Specifying dependencies in this way simplifies testing and development.Markéta Machová2021-07-30 08:42:52 +00:00
d03f07a700- update to version 1.14.0 * certbot-auto no longer checks for updates on any operating system. * Don't output an empty line for a hidden certificate when certbot certificates is being used in combination with --cert-name or -d.0Markéta Machová2021-04-14 15:14:40 +00:00
1a9cc25a0d- update to version 1.13.0 * The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. See [#8577](https://github.com/certbot/certbot/issues/8577). * Support for Python 2 has been removed. * CLI flags --os-packages-only, --no-self-upgrade, --no-bootstrap and --no-permissions-check, which are related to certbot-auto, are deprecated and will be removed in a future release. * Certbot no longer conditionally depends on an external mock module. Certbot's test API will continue to use it if it is available for backwards compatibility, however, this behavior has been deprecated and will be removed in a future release. * Certbot and all of its components no longer depend on the library six. * The update of certbot-auto itself is now disabled on all RHEL-like systems.Markéta Machová2021-03-08 08:27:29 +00:00
53fce760c6- Update to version 1.9.0 * certbot-auto was deprecated on all systems except for those based on Debian or RHEL. * Update the packaging instructions to promote usage of python -m pytest to test Certbot instead of the deprecated python setup.py test setuptools approach. * Reduced CLI logging when handling some kinds of errors. * The minimum version of the acme library required by Certbot was corrected. In the previous release, Certbot said it required acme>=1.6.0 when it actually required acme>=1.8.0 to properly support removing contact information from an ACME account.Markéta Machová2020-10-07 08:29:09 +00:00
866d5d5e39Accepting request 838326 from home:frispete:pythonMarkéta Machová2020-10-07 07:58:09 +00:00
3d44578bd1- Update to version 1.7.0 * Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name): this concerns the plugin name, CLI flags, and keys in credential files. The prefixed form is still supported but is deprecated, and will be removed in a future release. * We deprecated support for Python 3.5 in Certbot and its ACME library. Support for Python 3.5 will be removed in the next major release of Certbot.Markéta Machová2020-08-21 08:40:27 +00:00
536015dc11- update to version 1.6.0 * Support for alternative certificate chains in the acme module. * Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains, it may be used to indicate to Certbot which chain should be preferred.Markéta Machová2020-07-13 08:37:39 +00:00
95de223977- Update to version 1.5.0 * Require explicit confirmation of snap plugin permissions before connecting. * Add support for OCSP responses which use a public key hash ResponderID, fixing interoperability with Sectigo CAs.Markéta Machová2020-06-11 12:11:19 +00:00
faa63edcb1- Update to version 1.4.0 * Added serial number of certificate to the output of certbot certificates * Expose two new environment variables in the authenticator and cleanup scripts used by the manual plugin: CERTBOT_REMAINING_CHALLENGES is equal to the number of challenges remaining after the current challenge, CERTBOT_ALL_DOMAINS is a comma-separated list of all domains challenged for the current certificate. * Added minimal proxy support for OCSP verification. * mock dependency is now conditional on Python 2 in all of our packages. * Fix hanging OCSP queries during revocation checking - added a 10 second timeout. * Standalone servers now have a default socket timeout of 30 seconds, fixing cases where an idle connection can cause the standalone plugin to hang. * Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line endings. This should fix interoperability with Buypass' services.Markéta Machová2020-05-14 08:37:58 +00:00
59da1d1a22- update to version 1.2.0 * Add directory field to error message when field is missing. * If MD5 hasher is not available, try it in non-security mode (fix for FIPS systems) * Support for Python 3.4 has been removed. * Fix collections.abc imports for Python 3.9.Markéta Machová2020-02-21 15:40:54 +00:00
cdc834ca93- update to version 1.1.0 * Support for Python 3.4 in Certbot and its ACME library is deprecated and will be removed in the next release of Certbot.Markéta Machová2020-01-21 09:48:27 +00:00
dfdb86e497- update to version 1.0.0 * certbot-auto has deprecated support for systems using OpenSSL 1.0.1 that are not running on x86-64. * Certbot's config_changes subcommand has been removed * certbot.plugins.common.TLSSNI01 has been removed. * The functions certbot.client.view_config_changes, certbot.main.config_changes, certbot.plugins.common.Installer.view_config_changes, certbot.reverter.Reverter.view_config_changes, and certbot.util.get_systemd_os_info have been removed * Certbot's register --update-registration subcommand has been removed * When possible, default to automatically configuring the webserver so all requests redirect to secure HTTPS access. This is mostly relevant when running Certbot in non-interactive mode. Previously, the default was to not redirect all requests.Markéta Machová2020-01-03 11:22:21 +00:00
50791d4be6- update to version 0.40.1 * --server may now be combined with --dry-run. * --dry-run now requests fresh authorizations every time, fixing the issue where it was prone to falsely reporting success. * The OS detection logic again uses distro library for Linux OSes * certbot.plugins.common.TLSSNI01 has been deprecated and will be removed in a future release. * CLI flags --tls-sni-01-port and --tls-sni-01-address have been removed. * The values tls-sni and tls-sni-01 for the --preferred-challenges flag are no longer accepted. * Removed the flags: --agree-dev-preview, --dialog, and --apache-init-scriptMarkéta Machová2019-11-14 12:22:07 +00:00
410d6a5f1f- update to version 0.38.0 * If Certbot fails to rollback your server configuration, the error message links to the Let's Encrypt forum. * Replace platform.linux_distribution with distro.linux_distribution as a step towards Python 3.8 support in Certbot.Markéta Machová2019-09-11 12:36:34 +00:00
852b4898f9- update to version 0.36.0 * Update the 'manage your account' help to be more generic. * Certbot's config_changes subcommand has been deprecated and will be removed in a future release. * certbot config_changes no longer accepts a --num parameter. * The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release.Markéta Machová2019-07-17 13:45:34 +00:00
ab0d2c8ff8- update to 0.35.1 * Renewal parameter webroot_path is always saved. * Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde.Markéta Machová2019-06-18 09:44:00 +00:00
e270f53a96- update to 0.34.2: * Apache plugin now tries to restart httpd on Fedora using systemctl if a configuration test error is detected. This has to be done due to the way Fedora now generates the self signed certificate files upon first restart. * Updated Certbot and its plugins to improve the handling of file system permissions on Windows as a step towards adding proper Windows support to Certbot. * Updated urllib3 to 1.24.2 in certbot-auto. * Removed the fallback introduced with 0.32.0 in acme to retry a challenge response with a keyAuthorization if sending the response without this field caused a malformed error to be received from the ACME server. * Linode DNS plugin now supports api keys created from their new panel at [cloud.linode.com](https://cloud.linode.com) * Adding a warning noting that future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags. * certbot-auto now prints warnings when run as root with insecure file system permissions. If you see these messages, you should fix the problem by following the instructions at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/, however, these warnings can be disabled as necessary with the flag --no-permissions-check. * acme module uses now a POST-as-GET request to retrieve the registration from an ACME v2 server * Convert the tsig algorithm specified in the certbot_dns_rfc2136 configuration file to all uppercase letters before validating. This makes the value in the config case insensitive.Dirk Mueller2019-05-18 23:25:01 +00:00
Ana Guerrero
Markéta Machová
Dirk Mueller
Dominique Leuenberger
Danilo Spinella
Richard Brown
Tomáš Chvátal
Ludwig Nussel
OBS User buildservice-autocommit