./security/py-certbot, Client for the Lets Encrypt CA

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.27.0, Package name: py27-certbot-0.27.0, Maintainer: fhajny

Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.


Required to run:
[devel/py-setuptools] [devel/py-ZopeInterface] [time/py-pytz] [time/py-parsedatetime] [devel/py-mock] [lang/python27] [lang/py-six] [security/py-cryptography] [devel/py-ZopeComponent] [devel/py-configobj] [devel/py-configargparse] [time/py-rfc3339] [security/py-acme] [security/py-josepy]

Required to build:
[devel/py-readline] [pkgtools/cwrappers]

Master sites:

SHA1: c193ba836ab6181e865a4b7c7a8e4b843bda6a9b
RMD160: dc2751280fdfdd2e72c5b44cd2c873c18e067206
Filesize: 1211.197 KB

Version history: (Expand)


CVS history: (Expand)


   2018-12-15 22:12:25 by Thomas Klausner | Files touched by this commit (67) | Package updated
Log message:
*: update email for fhajny
   2018-09-06 14:25:26 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
py-{acme,certbot}: Update to 0.27.0.

## 0.27.0 - 2018-09-05

### Added

- The Apache plugin now accepts the parameter --apache-ctl which can
  be used to configure the path to the Apache control script.

### Changed

- When using `acme.client.ClientV2` (or
 `acme.client.BackwardsCompatibleClientV2` with an ACME server that
 supports a newer version of the ACME protocol), an
 `acme.errors.ConflictError` will be raised if you try to create
 an ACME account with a key that has already been used. Previously,
 a JSON parsing error was raised in this scenario when using the
 library with Let's Encrypt's ACMEv2 endpoint.

### Fixed

- When Apache is not installed, Certbot's Apache plugin no longer
  prints messages about being unable to find apachectl to the
  terminal when the plugin is not selected.
- If you're using the Apache plugin with the --apache-vhost-root flag
  set to a directory containing a disabled virtual host for the
  domain you're requesting a certificate for, the virtual host will
  now be temporarily enabled if necessary to pass the HTTP challenge.
- The documentation for the Certbot package can now be built using
  Sphinx 1.6+.
- You can now call `query_registration` without having to first call
  `new_account` on `acme.client.ClientV2` objects.
- The requirement of `setuptools>=1.0` has been removed from
  `certbot-dns-ovh`.
- Names in certbot-dns-sakuracloud's tests have been updated to refer
  to Sakura Cloud rather than NS1 whose plugin certbot-dns-sakuracloud
  was based on.

## 0.26.1 - 2018-07-17

### Fixed

- Fix a bug that was triggered when users who had previously manually
  set `--server` to get ACMEv2 certs tried to renew ACMEv1 certs.
   2018-07-24 11:24:11 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1)
Log message:
Add used by comment for py-certbot-dns-rfc2136.
   2018-07-17 18:32:16 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
net/py-{acme,certbot}: Update to 0.26.0.

### Added

- A new security enhancement which we're calling AutoHSTS has been
  added to Certbot's Apache plugin. This enhancement configures your
  webserver to send a HTTP Strict Transport Security header with a low
  max-age value that is slowly increased over time. The max-age value is
  not increased to a large value until you've successfully managed to
  renew your certificate. This enhancement can be requested with the
  --auto-hsts flag.
- New official DNS plugins have been created for Gehirn Infrastracture
  Service, Linode, OVH, and Sakura Cloud. These plugins can be found
  on our Docker Hub page at https://hub.docker.com/u/certbot and on
  PyPI.
- The ability to reuse ACME accounts from Let's Encrypt's ACMEv1
  endpoint on Let's Encrypt's ACMEv2 endpoint has been added.
- Certbot and its components now support Python 3.7.
- Certbot's install subcommand now allows you to interactively choose
  which certificate to install from the list of certificates managed
  by Certbot.
- Certbot now accepts the flag `--no-autorenew` which causes any
  obtained certificates to not be automatically renewed when it
  approaches expiration.
- Support for parsing the TLS-ALPN-01 challenge has been added back to
  the acme library.

### Changed

- Certbot's default ACME server has been changed to Let's Encrypt's
  ACMEv2 endpoint. By default, this server will now be used for both
  new certificate lineages and renewals.
- The Nginx plugin is no longer marked labeled as an "Alpha" version.
- The `prepare` method of Certbot's plugins is no longer called before
  running "Updater" enhancements that are run on every invocation of
  `certbot renew`.
   2018-06-12 11:22:35 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.25.0.

### Added

- Support for the ready status type was added to acme. Without this change,
  Certbot and acme users will begin encountering errors when using Let's
  Encrypt's ACMEv2 API starting on June 19th for the staging environment and
  July 5th for production. See
  https://community.letsencrypt.org/t/acm … atus/62866 for more
  information.
- Certbot now accepts the flag --reuse-key which will cause the same key to be
  used in the certificate when the lineage is renewed rather than generating a
  new key.
- You can now add multiple email addresses to your ACME account with Certbot by
  providing a comma separated list of emails to the --email flag.
- Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme.
  For more information, see
  https://community.letsencrypt.org/t/tls … d/63814/1.
- acme now supports specifying the source address to bind to when sending
  outgoing connections. You still cannot specify this address using Certbot.
- If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't
  already have an account registered at that server URL, Certbot will
  automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint
  if it exists.
- Interfaces were added to Certbot allowing plugins to be called at additional
  points. The `GenericUpdater` interface allows plugins to perform actions
  every time `certbot renew` is run, regardless of whether any certificates are
  due for renewal, and the `RenewDeployer` interface allows plugins to perform
  actions when a certificate is renewed. See `certbot.interfaces` for more
  information.

### Changed

- When running Certbot with --dry-run and you don't already have a staging
  account, the created account does not contain an email address even if one
  was provided to avoid expiration emails from Let's Encrypt's staging server.
- certbot-nginx does a better job of automatically detecting the location of
  Nginx's configuration files when run on BSD based systems.
- acme now requires and uses pytest when running tests with setuptools with
  `python setup.py test`.
- `certbot config_changes` no longer waits for user input before exiting.

### Fixed

- Misleading log output that caused users to think that Certbot's standalone
  plugin failed to bind to a port when performing a challenge has been
  corrected.
- An issue where certbot-nginx would fail to enable HSTS if the server block
  already had an `add_header` directive has been resolved.
- certbot-nginx now does a better job detecting the server block to base the
  configuration for TLS-SNI challenges on.
   2018-05-16 17:09:42 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.24.0.

### Added

- certbot now has an enhance subcommand which allows you to configure
  security enhancements like HTTP to HTTPS redirects, OCSP stapling,
  and HSTS without reinstalling a certificate.
- certbot-dns-rfc2136 now allows the user to specify the port to use
  to reach the DNS server in its credentials file.
- acme now parses the wildcard field included in authorizations so it
  can be used by users of the library.

### Changed

- certbot-dns-route53 used to wait for each DNS update to propagate
  before sending the next one, but now it sends all updates before
  waiting which speeds up issuance for multiple domains dramatically.
- We've doubled the time Certbot will spend polling authorizations
  before timing out.
- The level of the message logged when Certbot is being used with
  non-standard paths warning that crontabs for renewal included in
  Certbot packages from OS package managers may not work has been
  reduced. This stops the message from being written to stderr every
  time `certbot renew` runs.

### Fixed

- certbot-auto now works with Python 3.6.
   2018-04-13 10:14:28 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.23.0.

### Added

- Support for OpenResty was added to the Nginx plugin.

### Changed

- The timestamps in Certbot's logfiles now use the system's local time
  zone rather than UTC.
- Certbot's DNS plugins that use Lexicon now rely on Lexicon>=2.2.1 to
  be able to create and delete multiple TXT records on a single
  domain.
- certbot-dns-google's test suite now works without an internet
  connection.

### Fixed

- Removed a small window that if during which an error occurred,
  Certbot wouldn't clean up performed challenges.
- The parameters `default` and `ipv6only` are now removed from
  `listen` directives when creating a new server block in the Nginx
  plugin.
- `server_name` directives enclosed in quotation marks in Nginx are
  now properly supported.
- Resolved an issue preventing the Apache plugin from starting Apache
  when it's not currently running on RHEL and Gentoo based systems.
   2018-03-23 15:37:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.22.2.

0.22.2
- A type error introduced in 0.22.1 that would occur during challenge
  cleanup when a Certbot plugin raises an exception while trying to
  complete the challenge was fixed.

0.22.1
- The ACME server used with Certbot's --dry-run and --staging flags is
  now Let's Encrypt's ACMEv2 staging server which allows people to
  also test ACMEv2 features with these flags.
- The HTTP Content-Type header is now set to the correct value during
  certificate revocation with new versions of the ACME protocol.
- When using Certbot with Let's Encrypt's ACMEv2 server, it would add
  a blank line to the top of chain.pem and between the certificates in
  fullchain.pem for each lineage. These blank lines have been removed.
- Resolved a bug that caused Certbot's --allow-subset-of-names flag
  not to work.
- Fixed a regression in acme.client.Client that caused the class to
  not work when it was initialized without a ClientNetwork which is
  done by some of the other projects using our ACME library.