./security/py-certbot, Client for the Lets Encrypt CA

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.26.0, Package name: py27-certbot-0.26.0, Maintainer: filip

Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.


Required to run:
[devel/py-setuptools] [devel/py-ZopeInterface] [time/py-pytz] [time/py-parsedatetime] [devel/py-mock] [lang/python27] [lang/py-six] [security/py-cryptography] [devel/py-ZopeComponent] [devel/py-configobj] [devel/py-configargparse] [time/py-rfc3339] [security/py-acme] [security/py-josepy]

Required to build:
[devel/py-readline] [pkgtools/cwrappers]

Master sites:

SHA1: a093e9cb6160750bfb48fe55b19ebb38ab03d160
RMD160: 53f6e85d352dca61b08d854757687026cc8e21bb
Filesize: 1207.519 KB

Version history: (Expand)


CVS history: (Expand)


   2018-07-24 11:24:11 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1)
Log message:
Add used by comment for py-certbot-dns-rfc2136.
   2018-07-17 18:32:16 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
net/py-{acme,certbot}: Update to 0.26.0.

### Added

- A new security enhancement which we're calling AutoHSTS has been
  added to Certbot's Apache plugin. This enhancement configures your
  webserver to send a HTTP Strict Transport Security header with a low
  max-age value that is slowly increased over time. The max-age value is
  not increased to a large value until you've successfully managed to
  renew your certificate. This enhancement can be requested with the
  --auto-hsts flag.
- New official DNS plugins have been created for Gehirn Infrastracture
  Service, Linode, OVH, and Sakura Cloud. These plugins can be found
  on our Docker Hub page at https://hub.docker.com/u/certbot and on
  PyPI.
- The ability to reuse ACME accounts from Let's Encrypt's ACMEv1
  endpoint on Let's Encrypt's ACMEv2 endpoint has been added.
- Certbot and its components now support Python 3.7.
- Certbot's install subcommand now allows you to interactively choose
  which certificate to install from the list of certificates managed
  by Certbot.
- Certbot now accepts the flag `--no-autorenew` which causes any
  obtained certificates to not be automatically renewed when it
  approaches expiration.
- Support for parsing the TLS-ALPN-01 challenge has been added back to
  the acme library.

### Changed

- Certbot's default ACME server has been changed to Let's Encrypt's
  ACMEv2 endpoint. By default, this server will now be used for both
  new certificate lineages and renewals.
- The Nginx plugin is no longer marked labeled as an "Alpha" version.
- The `prepare` method of Certbot's plugins is no longer called before
  running "Updater" enhancements that are run on every invocation of
  `certbot renew`.
   2018-06-12 11:22:35 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.25.0.

### Added

- Support for the ready status type was added to acme. Without this change,
  Certbot and acme users will begin encountering errors when using Let's
  Encrypt's ACMEv2 API starting on June 19th for the staging environment and
  July 5th for production. See
  https://community.letsencrypt.org/t/acm … atus/62866 for more
  information.
- Certbot now accepts the flag --reuse-key which will cause the same key to be
  used in the certificate when the lineage is renewed rather than generating a
  new key.
- You can now add multiple email addresses to your ACME account with Certbot by
  providing a comma separated list of emails to the --email flag.
- Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme.
  For more information, see
  https://community.letsencrypt.org/t/tls … d/63814/1.
- acme now supports specifying the source address to bind to when sending
  outgoing connections. You still cannot specify this address using Certbot.
- If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't
  already have an account registered at that server URL, Certbot will
  automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint
  if it exists.
- Interfaces were added to Certbot allowing plugins to be called at additional
  points. The `GenericUpdater` interface allows plugins to perform actions
  every time `certbot renew` is run, regardless of whether any certificates are
  due for renewal, and the `RenewDeployer` interface allows plugins to perform
  actions when a certificate is renewed. See `certbot.interfaces` for more
  information.

### Changed

- When running Certbot with --dry-run and you don't already have a staging
  account, the created account does not contain an email address even if one
  was provided to avoid expiration emails from Let's Encrypt's staging server.
- certbot-nginx does a better job of automatically detecting the location of
  Nginx's configuration files when run on BSD based systems.
- acme now requires and uses pytest when running tests with setuptools with
  `python setup.py test`.
- `certbot config_changes` no longer waits for user input before exiting.

### Fixed

- Misleading log output that caused users to think that Certbot's standalone
  plugin failed to bind to a port when performing a challenge has been
  corrected.
- An issue where certbot-nginx would fail to enable HSTS if the server block
  already had an `add_header` directive has been resolved.
- certbot-nginx now does a better job detecting the server block to base the
  configuration for TLS-SNI challenges on.
   2018-05-16 17:09:42 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
security/py-{acme,certbot}: Update to 0.24.0.

### Added

- certbot now has an enhance subcommand which allows you to configure
  security enhancements like HTTP to HTTPS redirects, OCSP stapling,
  and HSTS without reinstalling a certificate.
- certbot-dns-rfc2136 now allows the user to specify the port to use
  to reach the DNS server in its credentials file.
- acme now parses the wildcard field included in authorizations so it
  can be used by users of the library.

### Changed

- certbot-dns-route53 used to wait for each DNS update to propagate
  before sending the next one, but now it sends all updates before
  waiting which speeds up issuance for multiple domains dramatically.
- We've doubled the time Certbot will spend polling authorizations
  before timing out.
- The level of the message logged when Certbot is being used with
  non-standard paths warning that crontabs for renewal included in
  Certbot packages from OS package managers may not work has been
  reduced. This stops the message from being written to stderr every
  time `certbot renew` runs.

### Fixed

- certbot-auto now works with Python 3.6.
   2018-04-13 10:14:28 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.23.0.

### Added

- Support for OpenResty was added to the Nginx plugin.

### Changed

- The timestamps in Certbot's logfiles now use the system's local time
  zone rather than UTC.
- Certbot's DNS plugins that use Lexicon now rely on Lexicon>=2.2.1 to
  be able to create and delete multiple TXT records on a single
  domain.
- certbot-dns-google's test suite now works without an internet
  connection.

### Fixed

- Removed a small window that if during which an error occurred,
  Certbot wouldn't clean up performed challenges.
- The parameters `default` and `ipv6only` are now removed from
  `listen` directives when creating a new server block in the Nginx
  plugin.
- `server_name` directives enclosed in quotation marks in Nginx are
  now properly supported.
- Resolved an issue preventing the Apache plugin from starting Apache
  when it's not currently running on RHEL and Gentoo based systems.
   2018-03-23 15:37:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
security/py-certbot: Update to 0.22.2.

0.22.2
- A type error introduced in 0.22.1 that would occur during challenge
  cleanup when a Certbot plugin raises an exception while trying to
  complete the challenge was fixed.

0.22.1
- The ACME server used with Certbot's --dry-run and --staging flags is
  now Let's Encrypt's ACMEv2 staging server which allows people to
  also test ACMEv2 features with these flags.
- The HTTP Content-Type header is now set to the correct value during
  certificate revocation with new versions of the ACME protocol.
- When using Certbot with Let's Encrypt's ACMEv2 server, it would add
  a blank line to the top of chain.pem and between the certificates in
  fullchain.pem for each lineage. These blank lines have been removed.
- Resolved a bug that caused Certbot's --allow-subset-of-names flag
  not to work.
- Fixed a regression in acme.client.Client that caused the class to
  not work when it was initialized without a ClientNetwork which is
  done by some of the other projects using our ACME library.
   2018-03-13 11:08:51 by Filip Hajny | Files touched by this commit (5) | Package updated
Log message:
security/py-certbot: Update to 0.22.0

### Added

- Support for obtaining wildcard certificates and a newer version of the ACME
  protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2
  endpoint was added to Certbot and its ACME library. Certbot still works with
  older ACME versions and will automatically change the version of the protocol
  used based on the version the ACME CA implements.
- The Apache and Nginx plugins are now able to automatically install a wildcard
  certificate to multiple virtual hosts that you select from your server
  configuration.
- The `certbot install` command now accepts the `--cert-name` flag for
  selecting a certificate.
- `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library
  which automatically handles most of the differences between new and old ACME
  versions. `acme.client.ClientV2` is also available for people who only want
  to support one version of the protocol or want to handle the differences
  between versions themselves.
- certbot-auto now supports the flag --install-only which has the script
  install Certbot and its dependencies and exit without invoking Certbot.
- Support for issuing a single certificate for a wildcard and base domain was
  added to our Google Cloud DNS plugin. To do this, we now require your API
  credentials have additional permissions, however, your credentials will
  already have these permissions unless you defined a custom role with fewer
  permissions than the standard DNS administrator role provided by Google.
  These permissions are also only needed for the case described above so it
  will continue to work for existing users. For more information about the
  permissions changes, see the documentation in the plugin.

### Changed

- We have broken lockstep between our ACME library, Certbot, and its plugins.
  This means that the different components do not need to be the same version
  to work together like they did previously. This makes packaging easier
  because not every piece of Certbot needs to be repackaged to ship a change to
  a subset of its components.
- Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot,
  Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL
  6 based system, it will walk you through the process of installing Certbot
  with Python 3 and refuse to upgrade to a newer version of Certbot until you
  have done so.
- Certbot's components now work with older versions of setuptools to simplify
  packaging for EPEL 7.

### Fixed

- Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives
  has been resolved.
- A problem where Certbot's Apache plugin would add redundant include
  directives for the TLS configuration managed by Certbot has been fixed.
- Certbot's webroot plugin now properly deletes any directories it creates.
   2018-02-02 16:36:08 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.21.1.

- When creating an HTTP to HTTPS redirect in Nginx, we now ensure the
  Host header of the request is set to an expected value before
  redirecting users to the domain found in the header. The previous way
  Certbot configured Nginx redirects was a potential security issue
- Fixed a problem where Certbot's Apache plugin could fail HTTP-01
  challenges if basic authentication is configured for the domain you
  request a certificate for.
- certbot-auto --no-bootstrap now properly tries to use Python 3.4 on
  RHEL 6 based systems rather than Python 2.6.