Log message:
py-acme py-certbot*: updated to 2.7.4

Certbot 2.7.4

Fixed a bug introduced in version 2.7.0 that caused interactively entered
webroot plugin values to not be saved for renewal.
Fixed a bug introduced in version 2.7.0 of our Lexicon based DNS plugins that
caused them to fail to find the DNS zone that needs to be modified in some
cases.

Log message:
py-acme py-certbot*: updated to 2.7.3

Certbot 2.7.3

Fixed

Fixed a bug where arguments with contained spaces weren't being handled correctly
Fixed a bug that caused the ACME account to not be properly restored on
renewal causing problems in setups where the user had multiple accounts with
the same ACME server.

Certbot 2.7.2

Fixed

certbot-dns-ovh plugin now requires lexicon>=3.15.1 to ensure a consistent \ 
behavior with OVH APIs.
Fixed a bug where argument sources weren't correctly detected in abbreviated
arguments, short arguments, and some other circumstances

Log message:
py-acme py-certbot*: updated to 2.7.1

Certbot 2.7.1

Fixed a bug that broke the DNS plugin for DNSimple that was introduced in
version 2.7.0 of the plugin.
Correctly specified the new minimum version of the ConfigArgParse package
that Certbot requires which is 1.5.3.

Log message:
py-acme py-certbot*: updated to 2.7.0

Certbot 2.7.0

Added

Add certbot.util.LooseVersion class.
Add a new base class certbot.plugins.dns_common_lexicon.LexiconDNSAuthenticator \ 
to implement a DNS
authenticator plugin backed by Lexicon to communicate with the provider DNS API. \ 
This approach relies
heavily on conventions to reduce the implementation complexity of a new plugin.
Add a new test base class \ 
certbot.plugins.dns_test_common_lexicon.BaseLexiconDNSAuthenticatorTest to
help testing DNS plugins implemented on top of LexiconDNSAuthenticator.

Changed

NamespaceConfig now tracks how its arguments were set via a dictionary, allowing \ 
us to remove a bunch
of global state previously needed to inspect whether a user set an argument or not.
Support for Python 3.7 was deprecated and will be removed in our next planned \ 
release.
Added RENEWED_DOMAINS and FAILED_DOMAINS environment variables for consumption \ 
by post renewal hooks.
Deprecates LexiconClient base class and build_lexicon_config function in
certbot.plugins.dns_common_lexicon module in favor of LexiconDNSAuthenticator.
Deprecates BaseLexiconAuthenticatorTest and BaseLexiconClientTest test base \ 
classes of
certbot.plugins.dns_test_common_lexicon module in favor of \ 
BaseLexiconDNSAuthenticatorTest.

Fixed

Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp()
Filter zones in certbot-dns-google to avoid usage of private DNS zones to create \ 
records

Log message:
py-acme py-certbot*: updated to 2.6.0

Certbot 2.6.0

Added

--dns-google-project optionally allows for specifying the project that the DNS \ 
zone(s) reside in,
which allows for Certbot usage in scenarios where the auth credentials reside in \ 
a different
project to the zone(s) that are being managed.
There is now a new Other annotated challenge object to allow plugins to support \ 
entirely novel challenges.

Changed

Optionally sign the SOA query for dns-rfc2136, to help resolve problems with \ 
split-view
DNS setups and hidden primary setups.
Certbot versions prior to v1.32.0 did not sign queries with the specified TSIG key
resulting in difficulty with split-horizon implementations.
Certbot v1.32.0 through v2.5.0 signed queries by default, potentially causing
incompatibility with hidden primary setups with allow-update-forwarding enabled
if the secondary did not also have the TSIG key within its config.
Certbot v2.6.0 and later no longer signs queries by default, but allows
the user to optionally sign these queries by explicit configuration using the
dns_rfc2136_sign_query option in the credentials .ini file.
Lineage name validity is performed for new lineages. --cert-name may no longer \ 
contain
filepath separators (i.e. / or \, depending on the platform).
certbot-dns-google now loads credentials using the standard Application Default
Credentials strategy,
rather than explicitly requiring the Google Compute metadata server to be \ 
present if a service account
is not provided using --dns-google-credentials.
--dns-google-credentials now supports additional types of file-based credential, \ 
such as
External Account Credentials created by Workload Identity
Federation. All file-based credentials implemented by the Google Auth library \ 
are supported.

Fixed

certbot-dns-google no longer requires deprecated oauth2client library.
Certbot will no longer try to invoke plugins which do not subclass from the proper
certbot.interfaces.{Installer,Authenticator} interface (e.g. certbot -i standalone
will now be ignored). See GH-9664.

Log message:
py-acme py-certbot*: updated to 2.5.0

Certbot 2.5.0

Added

acme.messages.OrderResource now supports being round-tripped
through JSON
acme.client.ClientV2 now provides separate begin_finalization
and poll_finalization methods, in addition to the existing
finalize_order method.

Changed

--dns-route53-propagation-seconds is now deprecated. The Route53 plugin relies on the
GetChange API
to determine if a DNS update is complete. The flag has never had any effect and \ 
will be
removed in a future version of Certbot.
Packaged tests for all Certbot components besides josepy were moved inside
the _internal/tests module.

Fixed

Fixed renew sometimes not preserving the key type of RSA certificates.
Users who upgraded from Certbot <v1.25.0 to Certbot >=v2.0.0 may
have had their RSA certificates inadvertently changed to ECDSA certificates. If \ 
desired,
the key type may be changed back to RSA. See the User Guide.
Deprecated flags were inadvertently not printing warnings since v1.16.0. This is \ 
now fixed.

Log message:
py-acme py-certbot*: updated to 2.4.0

Certbot 2.4.0

Added

We deprecated support for the update_symlinks command. Support will be removed \ 
in a following
version of Certbot.

Changed

Docker build and deploy scripts now generate multiarch manifests for \ 
non-architecture-specific tags, instead of defaulting to amd64 images.

Fixed

Reverted 9475 due to a performance regression in large nginx deployments.

Log message:
py-acme py-certbot*: updated to 2.3.0

Certbot 2.3.0

Added

Allow a user to modify the configuration of a certificate without renewing it \ 
using the new reconfigure subcommand. See certbot help reconfigure for details.
certbot show_account now displays the ACME Account Thumbprint.

Changed

Certbot will no longer save previous CSRs and certificate private keys to \ 
/etc/letsencrypt/csr and /etc/letsencrypt/keys, respectively. These directories \ 
may be safely deleted.
Certbot will now only keep the current and 5 previous certificates in the \ 
/etc/letsencrypt/archive directory for each certificate lineage. Any prior \ 
certificates will be automatically deleted upon renewal. This number may be \ 
further lowered in future releases.
As always, users should only reference the certificate files within \ 
/etc/letsencrypt/live and never use /etc/letsencrypt/archive directly. See Where \ 
are my certificates? in the Certbot User Guide.
certbot.configuration.NamespaceConfig.key_dir and .csr_dir are now deprecated.
All Certbot components now require pytest to run tests.

Fixed

Fixed a crash when registering an account with BuyPass' ACME server.
Fixed a bug where Certbot would crash with AttributeError: can't set attribute \ 
on ACME server errors in Python 3.11.

Log message:
py-acme py-certbot*: updated to 2.2.0

Certbot 2.2.0

Changed

Certbot will no longer respect very long challenge polling intervals, which may \ 
be suggested
by some ACME servers. Certbot will continue to wait up to 90 seconds by default, \ 
or up to a
total of 30 minutes if requested by the server via Retry-After.

Log message:
py-acme py-certbot*: updated to 2.1.0

Certbot 2.1.0

Fixed

Interfaces which plugins register themselves as implementing without inheriting \ 
from them now show up in certbot plugins output.
IPluginFactory, IPlugin, IAuthenticator and IInstaller have been re-added to
certbot.interfaces.
This is to fix compatibility with a number of third-party DNS plugins which may
have started erroring with AttributeError in Certbot v2.0.0.
Plugin authors can find more information about Certbot 2.x compatibility
here.
A bug causing our certbot-apache tests to crash on some systems has been resolved.