./security/py-certbot, Client for the Lets Encrypt CA

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.20.0, Package name: py27-certbot-0.20.0, Maintainer: filip

Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.


Required to run:
[security/py-OpenSSL] [devel/py-setuptools] [devel/py-ZopeInterface] [time/py-pytz] [time/py-parsedatetime] [devel/py-mock] [lang/python27] [lang/py-six] [security/py-cryptography] [devel/py-ZopeComponent] [devel/py-configobj] [devel/py-configargparse] [time/py-rfc3339] [security/py-acme]

Required to build:
[devel/py-readline] [pkgtools/cwrappers]

Master sites:

SHA1: dc61e4acdf47941997f8904e0288a219136fac6c
RMD160: b4b776d559c6ac0d36fbed606d1d52c829462b39
Filesize: 1082.167 KB

Version history: (Expand)


CVS history: (Expand)


   2017-12-09 17:39:04 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.
   2017-09-27 14:44:39 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.18.2.

- An issue where Certbot's ACME module would raise an AttributeError
  trying to create self-signed certificates when used with pyOpenSSL
  17.3.0 has been resolved. For Certbot users with this version of
  pyOpenSSL, this caused Certbot to crash when performing a TLS SNI
  challenge or when the Nginx plugin tried to create an SSL server
  block.
   2017-09-13 12:28:42 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.18.1.

- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.
- certbot-auto now installs Certbot in directories under /opt/eff.org.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with --quiet has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.
   2017-09-07 11:12:23 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot to 0.18.0.

### Added
- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.

### Changed
- certbot-auto now installs Certbot in directories under `/opt/eff.org`.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with `--quiet` has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.

### Fixed
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.
   2017-08-04 00:12:17 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot and security/py-acme to 0.17.0.

### Added

- Support in our nginx plugin for modifying SSL server blocks that do
  not contain certificate or key directives.
- A `--max-log-backups` flag to allow users to configure or even completely
  disable Certbot's built in log rotation.
- A `--user-agent-comment` flag to allow people who build tools around Certbot
  to differentiate their user agent string by adding a comment to its default
  value.

### Changed

- Due to some awesome work by cryptography project, compilation can now be
  avoided on most systems when using certbot-auto.
- The `--renew-hook` flag has been hidden in favor of `--deploy-hook`.
- We have started printing deprecation warnings in certbot-auto for
  experimentally supported systems with OS packages available.
- A certificate lineage's name is included in error messages during renewal.

### Fixed

- Encoding errors that could occur when parsing error messages from the ACME
  server containing Unicode have been resolved.
- certbot-auto no longer prints misleading messages about there being a newer
  pip version available when installation fails.
- Certbot's ACME library now properly extracts domains from critical SAN
  extensions.
   2017-08-02 22:31:29 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.16.0.

Added
- A plugin for performing DNS challenges using dynamic DNS updates as
  defined in RFC 2316 (available separately).
- Plugins for performing DNS challenges for the providers DNS Made
  Easy and LuaDNS (available separately).
- Support for performing TLS-SNI-01 challenges when using the manual
  plugin.
- Automatic detection of Arch Linux in the Apache plugin providing
  better default settings for the plugin.

Changed
- The text of the interactive question about whether a redirect from
  HTTP to HTTPS should be added by Certbot has been rewritten to
  better explain the choices to the user.
- Simplified HTTP challenge instructions in the manual plugin.

Fixed
- Problems performing a dry run when using the Nginx plugin have been
  fixed.
- Resolved an issue where certbot-dns-digitalocean's test suite would
  sometimes fail when ran using Python 3.
- On some systems, previous versions of certbot-auto would error out
  with a message about a missing hash for setuptools.
- A bug where Certbot would sometimes not print a space at the end of
  an interactive prompt has been resolved.
- Nonfatal tracebacks are no longer shown in rare cases where Certbot
  encounters an exception trying to close its TCP connection with the
  ACME server.
   2017-06-14 15:16:08 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot and security/py-acme to 0.15.0

Added
- Plugins for performing DNS challenges for popular providers
- IPv6 support in the standalone plugin.
- A mechanism for keeping your Apache and Nginx SSL/TLS configuration
  up to date.
- --http-01-address and --tls-sni-01-address flags for controlling the
  address Certbot listens on when using the standalone plugin.
- The command certbot certificates that lists certificates managed by
  Certbot now performs additional validity checks to notify you if
  your files have become corrupted.

Changed
- Messages custom hooks print to stdout are now displayed by Certbot
  when not running in --quiet mode.
- jwk and alg fields in JWS objects have been moved into the protected
  header causing Certbot to more closely follow the latest version of
  the ACME spec.

Fixed
- Permissions on renewal configuration files are now properly
  preserved when they are updated.
- A bug causing Certbot to display strange defaults in its help output
  when using Python <= 2.7.4 has been fixed.
- Certbot now properly handles mixed case domain names found in custom
  CSRs.
- A number of poorly worded prompts and error messages.

Removed
- Support for OpenSSL 1.0.0 in certbot-auto has been removed as we now
  pin a newer version of cryptography which dropped support for this
  version.
   2017-05-30 16:28:52 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-certbot to 0.14.2.

0.14.2
- Certbot 0.14.0 included a bug where Certbot would create a temporary
  log file (usually in /tmp) if the program exited during argument parsing.

0.14.1
- Certbot now works with configargparse 0.12.0.
- Issues with the Apache plugin and Augeas 1.7+ have been resolved.
- A problem where the Nginx plugin would fail to install certificates on
  systems that had the plugin's SSL/TLS options file from 7+ months ago
  has been fixed.