| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Certbot 1.25.0
Changed
Dropped 32 bit support for the Windows beta installer
Windows beta installer is now distributed as "certbot-beta-installer-win_amd64.exe".
Users of the Windows beta should uninstall the old version before running this.
Added a check whether OCSP stapling is supported by the installer when requesting a
certificate with the run subcommand in combination with the --must-staple option.
If the installer does not support OCSP and the --must-staple option is used, Certbot
will raise an error and quit.
Certbot and its acme module now depend on josepy>=1.13.0 due to better type annotation
support.
Fixed
Updated dependencies to use new version of cryptography that uses OpenSSL 1.1.1n, in
response to https://www.openssl.org/news/secadv/20220315.txt.
Certbot 1.24.0
Added
When the --debug-challenges option is used in combination with -v, Certbot
now displays the challenge URLs (for http-01 challenges) or FQDNs (for
dns-01 challenges) and their expected return values.
Changed
Support for Python 3.6 was removed.
All Certbot components now require setuptools>=41.6.0.
The acme library now requires requests>=2.20.0.
Certbot and its acme library now require pytz>=2019.3.
certbot-nginx now requires pyparsing>=2.2.1.
certbot-dns-route53 now requires boto3>=1.15.15.
Fixed
Nginx plugin now checks included files for the singleton server_names_hash_bucket_size directive.
|
|
Certbot 1.14.0
Changed
certbot-auto no longer checks for updates on any operating system.
The module acme.magic_typing is deprecated and will be removed in a future release.
Please use the built-in module typing instead.
The DigitalOcean plugin now creates TXT records for the DNS-01 challenge with a lower 30s TTL.
Fixed
Don't output an empty line for a hidden certificate when certbot certificates is being used
in combination with --cert-name or -d.
|
|
Certbot 1.7.0
Added
Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name):
this concerns the plugin name, CLI flags, and keys in credential files.
The prefixed form is still supported but is deprecated, and will be removed in a future release.
Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload.
Changed
The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200,
due to https://www.linode.com/blog/linode/linode-turns-17/
We deprecated support for Python 3.5 in Certbot and its ACME library.
Support for Python 3.5 will be removed in the next major release of Certbot.
More details about these changes can be found on our GitHub repo.
|
|
1.6.0
Added
Certbot snaps are now available for the arm64 and armhf architectures.
Add minimal code to run Nginx plugin on NetBSD.
Make Certbot snap find externally snapped plugins
Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask implementing umask for both UNIX and Windows systems.
Support for alternative certificate chains in the acme module.
Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains, it may be used to indicate to Certbot which chain should be preferred.
e.g. --preferred-chain "DST Root CA X3"
Changed
Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
Generalize UI warning message on renewal rate limits
Certbot behaves similarly on Windows to on UNIX systems regarding umask, and the umask 022 is applied by default: all files/directories are not writable by anyone other than the user running Certbot and the system/admin users.
Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare for impending acmev1 deprecation.
Fixed
Cloudflare API Tokens may now be restricted to individual zones.
Don't use StrictVersion, but LooseVersion to check version requirements with setuptools, to fix some packaging issues with libraries respecting PEP404 for version string, with doesn't match StrictVersion requirements.
Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.
Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx plugins on, e.g., CentOS 7.
|
|
|
