Subject: CVS commit: pkgsrc/security
From: Filip Hajny
Date: 2018-06-12 11:22:35
Message id:

Log Message:
security/py-{acme,certbot}: Update to 0.25.0.

### Added

- Support for the ready status type was added to acme. Without this change,
  Certbot and acme users will begin encountering errors when using Let's
  Encrypt's ACMEv2 API starting on June 19th for the staging environment and
  July 5th for production. See … atus/62866 for more
- Certbot now accepts the flag --reuse-key which will cause the same key to be
  used in the certificate when the lineage is renewed rather than generating a
  new key.
- You can now add multiple email addresses to your ACME account with Certbot by
  providing a comma separated list of emails to the --email flag.
- Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme.
  For more information, see … d/63814/1.
- acme now supports specifying the source address to bind to when sending
  outgoing connections. You still cannot specify this address using Certbot.
- If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't
  already have an account registered at that server URL, Certbot will
  automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint
  if it exists.
- Interfaces were added to Certbot allowing plugins to be called at additional
  points. The `GenericUpdater` interface allows plugins to perform actions
  every time `certbot renew` is run, regardless of whether any certificates are
  due for renewal, and the `RenewDeployer` interface allows plugins to perform
  actions when a certificate is renewed. See `certbot.interfaces` for more

### Changed

- When running Certbot with --dry-run and you don't already have a staging
  account, the created account does not contain an email address even if one
  was provided to avoid expiration emails from Let's Encrypt's staging server.
- certbot-nginx does a better job of automatically detecting the location of
  Nginx's configuration files when run on BSD based systems.
- acme now requires and uses pytest when running tests with setuptools with
  `python test`.
- `certbot config_changes` no longer waits for user input before exiting.

### Fixed

- Misleading log output that caused users to think that Certbot's standalone
  plugin failed to bind to a port when performing a challenge has been
- An issue where certbot-nginx would fail to enable HSTS if the server block
  already had an `add_header` directive has been resolved.
- certbot-nginx now does a better job detecting the server block to base the
  configuration for TLS-SNI challenges on.