Next | Query returned 29 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2018-07-24 11:24:11 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1)
Log message:
Add used by comment for py-certbot-dns-rfc2136.
   2018-07-17 18:32:16 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
net/py-{acme,certbot}: Update to 0.26.0.

### Added

- A new security enhancement which we're calling AutoHSTS has been
  added to Certbot's Apache plugin. This enhancement configures your
  webserver to send a HTTP Strict Transport Security header with a low
  max-age value that is slowly increased over time. The max-age value is
  not increased to a large value until you've successfully managed to
  renew your certificate. This enhancement can be requested with the
  --auto-hsts flag.
- New official DNS plugins have been created for Gehirn Infrastracture
  Service, Linode, OVH, and Sakura Cloud. These plugins can be found
  on our Docker Hub page at https://hub.docker.com/u/certbot and on
  PyPI.
- The ability to reuse ACME accounts from Let's Encrypt's ACMEv1
  endpoint on Let's Encrypt's ACMEv2 endpoint has been added.
- Certbot and its components now support Python 3.7.
- Certbot's install subcommand now allows you to interactively choose
  which certificate to install from the list of certificates managed
  by Certbot.
- Certbot now accepts the flag `--no-autorenew` which causes any
  obtained certificates to not be automatically renewed when it
  approaches expiration.
- Support for parsing the TLS-ALPN-01 challenge has been added back to
  the acme library.

### Changed

- Certbot's default ACME server has been changed to Let's Encrypt's
  ACMEv2 endpoint. By default, this server will now be used for both
  new certificate lineages and renewals.
- The Nginx plugin is no longer marked labeled as an "Alpha" version.
- The `prepare` method of Certbot's plugins is no longer called before
  running "Updater" enhancements that are run on every invocation of
  `certbot renew`.
   2018-06-12 11:22:35 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.25.0.

### Added

- Support for the ready status type was added to acme. Without this change,
  Certbot and acme users will begin encountering errors when using Let's
  Encrypt's ACMEv2 API starting on June 19th for the staging environment and
  July 5th for production. See
  https://community.letsencrypt.org/t/acm … atus/62866 for more
  information.
- Certbot now accepts the flag --reuse-key which will cause the same key to be
  used in the certificate when the lineage is renewed rather than generating a
  new key.
- You can now add multiple email addresses to your ACME account with Certbot by
  providing a comma separated list of emails to the --email flag.
- Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme.
  For more information, see
  https://community.letsencrypt.org/t/tls … d/63814/1.
- acme now supports specifying the source address to bind to when sending
  outgoing connections. You still cannot specify this address using Certbot.
- If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't
  already have an account registered at that server URL, Certbot will
  automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint
  if it exists.
- Interfaces were added to Certbot allowing plugins to be called at additional
  points. The `GenericUpdater` interface allows plugins to perform actions
  every time `certbot renew` is run, regardless of whether any certificates are
  due for renewal, and the `RenewDeployer` interface allows plugins to perform
  actions when a certificate is renewed. See `certbot.interfaces` for more
  information.

### Changed

- When running Certbot with --dry-run and you don't already have a staging
  account, the created account does not contain an email address even if one
  was provided to avoid expiration emails from Let's Encrypt's staging server.
- certbot-nginx does a better job of automatically detecting the location of
  Nginx's configuration files when run on BSD based systems.
- acme now requires and uses pytest when running tests with setuptools with
  `python setup.py test`.
- `certbot config_changes` no longer waits for user input before exiting.

### Fixed

- Misleading log output that caused users to think that Certbot's standalone
  plugin failed to bind to a port when performing a challenge has been
  corrected.
- An issue where certbot-nginx would fail to enable HSTS if the server block
  already had an `add_header` directive has been resolved.
- certbot-nginx now does a better job detecting the server block to base the
  configuration for TLS-SNI challenges on.
   2018-05-16 17:09:42 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.24.0.

### Added

- certbot now has an enhance subcommand which allows you to configure
  security enhancements like HTTP to HTTPS redirects, OCSP stapling,
  and HSTS without reinstalling a certificate.
- certbot-dns-rfc2136 now allows the user to specify the port to use
  to reach the DNS server in its credentials file.
- acme now parses the wildcard field included in authorizations so it
  can be used by users of the library.

### Changed

- certbot-dns-route53 used to wait for each DNS update to propagate
  before sending the next one, but now it sends all updates before
  waiting which speeds up issuance for multiple domains dramatically.
- We've doubled the time Certbot will spend polling authorizations
  before timing out.
- The level of the message logged when Certbot is being used with
  non-standard paths warning that crontabs for renewal included in
  Certbot packages from OS package managers may not work has been
  reduced. This stops the message from being written to stderr every
  time `certbot renew` runs.

### Fixed

- certbot-auto now works with Python 3.6.
   2018-04-13 10:14:28 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.23.0.

### Added

- Support for OpenResty was added to the Nginx plugin.

### Changed

- The timestamps in Certbot's logfiles now use the system's local time
  zone rather than UTC.
- Certbot's DNS plugins that use Lexicon now rely on Lexicon>=2.2.1 to
  be able to create and delete multiple TXT records on a single
  domain.
- certbot-dns-google's test suite now works without an internet
  connection.

### Fixed

- Removed a small window that if during which an error occurred,
  Certbot wouldn't clean up performed challenges.
- The parameters `default` and `ipv6only` are now removed from
  `listen` directives when creating a new server block in the Nginx
  plugin.
- `server_name` directives enclosed in quotation marks in Nginx are
  now properly supported.
- Resolved an issue preventing the Apache plugin from starting Apache
  when it's not currently running on RHEL and Gentoo based systems.
   2018-03-23 15:37:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.22.2.

0.22.2
- A type error introduced in 0.22.1 that would occur during challenge
  cleanup when a Certbot plugin raises an exception while trying to
  complete the challenge was fixed.

0.22.1
- The ACME server used with Certbot's --dry-run and --staging flags is
  now Let's Encrypt's ACMEv2 staging server which allows people to
  also test ACMEv2 features with these flags.
- The HTTP Content-Type header is now set to the correct value during
  certificate revocation with new versions of the ACME protocol.
- When using Certbot with Let's Encrypt's ACMEv2 server, it would add
  a blank line to the top of chain.pem and between the certificates in
  fullchain.pem for each lineage. These blank lines have been removed.
- Resolved a bug that caused Certbot's --allow-subset-of-names flag
  not to work.
- Fixed a regression in acme.client.Client that caused the class to
  not work when it was initialized without a ClientNetwork which is
  done by some of the other projects using our ACME library.
   2018-03-13 11:08:51 by Filip Hajny | Files touched by this commit (5) | Package updated
Log message:
security/py-certbot: Update to 0.22.0

### Added

- Support for obtaining wildcard certificates and a newer version of the ACME
  protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2
  endpoint was added to Certbot and its ACME library. Certbot still works with
  older ACME versions and will automatically change the version of the protocol
  used based on the version the ACME CA implements.
- The Apache and Nginx plugins are now able to automatically install a wildcard
  certificate to multiple virtual hosts that you select from your server
  configuration.
- The `certbot install` command now accepts the `--cert-name` flag for
  selecting a certificate.
- `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library
  which automatically handles most of the differences between new and old ACME
  versions. `acme.client.ClientV2` is also available for people who only want
  to support one version of the protocol or want to handle the differences
  between versions themselves.
- certbot-auto now supports the flag --install-only which has the script
  install Certbot and its dependencies and exit without invoking Certbot.
- Support for issuing a single certificate for a wildcard and base domain was
  added to our Google Cloud DNS plugin. To do this, we now require your API
  credentials have additional permissions, however, your credentials will
  already have these permissions unless you defined a custom role with fewer
  permissions than the standard DNS administrator role provided by Google.
  These permissions are also only needed for the case described above so it
  will continue to work for existing users. For more information about the
  permissions changes, see the documentation in the plugin.

### Changed

- We have broken lockstep between our ACME library, Certbot, and its plugins.
  This means that the different components do not need to be the same version
  to work together like they did previously. This makes packaging easier
  because not every piece of Certbot needs to be repackaged to ship a change to
  a subset of its components.
- Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot,
  Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL
  6 based system, it will walk you through the process of installing Certbot
  with Python 3 and refuse to upgrade to a newer version of Certbot until you
  have done so.
- Certbot's components now work with older versions of setuptools to simplify
  packaging for EPEL 7.

### Fixed

- Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives
  has been resolved.
- A problem where Certbot's Apache plugin would add redundant include
  directives for the TLS configuration managed by Certbot has been fixed.
- Certbot's webroot plugin now properly deletes any directories it creates.
   2018-02-02 16:36:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.21.1.

- When creating an HTTP to HTTPS redirect in Nginx, we now ensure the
  Host header of the request is set to an expected value before
  redirecting users to the domain found in the header. The previous way
  Certbot configured Nginx redirects was a potential security issue
- Fixed a problem where Certbot's Apache plugin could fail HTTP-01
  challenges if basic authentication is configured for the domain you
  request a certificate for.
- certbot-auto --no-bootstrap now properly tries to use Python 3.4 on
  RHEL 6 based systems rather than Python 2.6.
   2018-01-22 14:37:25 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.21.0.

### Added

- Support for the HTTP-01 challenge type was added to our Apache and Nginx
  plugins.
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server
  block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added
  allowing users to control whether the revoke subcommand also deletes the
  certificates it is revoking.

### Changed

- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME
  library.
- We split our implementation of JOSE (Javascript Object Signing and
  Encryption) out of our ACME library and into a separate package named josepy.
- We updated the ciphersuites used in Apache to the new values recommended by
  Mozilla

### Fixed

- An issue with our Apache plugin on Gentoo due to differences in their
  apache2ctl command have been resolved.
   2017-12-09 17:39:04 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.

Next | Query returned 29 messages, browsing 1 to 10 | Previous