./security/py-certbot, Client for the Lets Encrypt CA

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.21.1, Package name: py27-certbot-0.21.1, Maintainer: filip

Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.


Required to run:
[devel/py-setuptools] [devel/py-ZopeInterface] [time/py-pytz] [time/py-parsedatetime] [devel/py-mock] [lang/python27] [lang/py-six] [security/py-cryptography] [devel/py-ZopeComponent] [devel/py-configobj] [devel/py-configargparse] [time/py-rfc3339] [security/py-acme]

Required to build:
[devel/py-readline] [pkgtools/cwrappers]

Master sites:

SHA1: 824d40e584a017559fae58954845663a20e34a76
RMD160: bedb988810cf30594b2ee014029c3edb9914582d
Filesize: 1079.749 KB

Version history: (Expand)


CVS history: (Expand)


   2018-02-02 16:36:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.21.1.

- When creating an HTTP to HTTPS redirect in Nginx, we now ensure the
  Host header of the request is set to an expected value before
  redirecting users to the domain found in the header. The previous way
  Certbot configured Nginx redirects was a potential security issue
- Fixed a problem where Certbot's Apache plugin could fail HTTP-01
  challenges if basic authentication is configured for the domain you
  request a certificate for.
- certbot-auto --no-bootstrap now properly tries to use Python 3.4 on
  RHEL 6 based systems rather than Python 2.6.
   2018-01-22 14:37:25 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.21.0.

### Added

- Support for the HTTP-01 challenge type was added to our Apache and Nginx
  plugins.
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server
  block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added
  allowing users to control whether the revoke subcommand also deletes the
  certificates it is revoking.

### Changed

- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME
  library.
- We split our implementation of JOSE (Javascript Object Signing and
  Encryption) out of our ACME library and into a separate package named josepy.
- We updated the ciphersuites used in Apache to the new values recommended by
  Mozilla

### Fixed

- An issue with our Apache plugin on Gentoo due to differences in their
  apache2ctl command have been resolved.
   2017-12-09 17:39:04 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.
   2017-09-27 14:44:39 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.18.2.

- An issue where Certbot's ACME module would raise an AttributeError
  trying to create self-signed certificates when used with pyOpenSSL
  17.3.0 has been resolved. For Certbot users with this version of
  pyOpenSSL, this caused Certbot to crash when performing a TLS SNI
  challenge or when the Nginx plugin tried to create an SSL server
  block.
   2017-09-13 12:28:42 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.18.1.

- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.
- certbot-auto now installs Certbot in directories under /opt/eff.org.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with --quiet has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.
   2017-09-07 11:12:23 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot to 0.18.0.

### Added
- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.

### Changed
- certbot-auto now installs Certbot in directories under `/opt/eff.org`.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with `--quiet` has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.

### Fixed
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.
   2017-08-04 00:12:17 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot and security/py-acme to 0.17.0.

### Added

- Support in our nginx plugin for modifying SSL server blocks that do
  not contain certificate or key directives.
- A `--max-log-backups` flag to allow users to configure or even completely
  disable Certbot's built in log rotation.
- A `--user-agent-comment` flag to allow people who build tools around Certbot
  to differentiate their user agent string by adding a comment to its default
  value.

### Changed

- Due to some awesome work by cryptography project, compilation can now be
  avoided on most systems when using certbot-auto.
- The `--renew-hook` flag has been hidden in favor of `--deploy-hook`.
- We have started printing deprecation warnings in certbot-auto for
  experimentally supported systems with OS packages available.
- A certificate lineage's name is included in error messages during renewal.

### Fixed

- Encoding errors that could occur when parsing error messages from the ACME
  server containing Unicode have been resolved.
- certbot-auto no longer prints misleading messages about there being a newer
  pip version available when installation fails.
- Certbot's ACME library now properly extracts domains from critical SAN
  extensions.
   2017-08-02 22:31:29 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.16.0.

Added
- A plugin for performing DNS challenges using dynamic DNS updates as
  defined in RFC 2316 (available separately).
- Plugins for performing DNS challenges for the providers DNS Made
  Easy and LuaDNS (available separately).
- Support for performing TLS-SNI-01 challenges when using the manual
  plugin.
- Automatic detection of Arch Linux in the Apache plugin providing
  better default settings for the plugin.

Changed
- The text of the interactive question about whether a redirect from
  HTTP to HTTPS should be added by Certbot has been rewritten to
  better explain the choices to the user.
- Simplified HTTP challenge instructions in the manual plugin.

Fixed
- Problems performing a dry run when using the Nginx plugin have been
  fixed.
- Resolved an issue where certbot-dns-digitalocean's test suite would
  sometimes fail when ran using Python 3.
- On some systems, previous versions of certbot-auto would error out
  with a message about a missing hash for setuptools.
- A bug where Certbot would sometimes not print a space at the end of
  an interactive prompt has been resolved.
- Nonfatal tracebacks are no longer shown in rare cases where Certbot
  encounters an exception trying to close its TCP connection with the
  ACME server.