2021-08-05 12:52:01 by Adam Ciarcinski | Files touched by this commit (33) | |
Log message:
py-acme py-certbot*: updated to 1.18.0
1.18.0
Added
New functions that Certbot plugins can use to interact with the user have been \
added to certbot.display.util. We plan to deprecate using IDisplay with zope in \
favor of these new functions in the future.
The Plugin, Authenticator and Installer classes are added to certbot.interfaces \
module as alternatives to Certbot's current zope based plugin interfaces. The \
API of these interfaces is identical, but they are based on Python's abc module \
instead of zope. Certbot will continue to detect plugins that implement either \
interface, but we plan to drop support for zope based interfaces in a future \
version of Certbot.
The class certbot.configuration.NamespaceConfig is added to the Certbot's public API.
Changed
When self-validating HTTP-01 challenges using \
acme.challenges.HTTP01Response.simple_verify, we now assume that the response is \
composed of only ASCII characters. Previously we were relying on the default \
behavior of the requests library which tries to guess the encoding of the \
response which was error prone.
acme: the .client.Client and .client.BackwardsCompatibleClientV2 classes are now \
deprecated in favor of .client.ClientV2.
The certbot.tests.patch_get_utility* functions have been deprecated. Plugins \
should now patch certbot.display.util themselves in their tests or use \
certbot.tests.util.patch_display_util as a temporary workaround.
In order to simplify the transition to Certbot's new plugin interfaces, the \
classes Plugin and Installer in certbot.plugins.common module and \
certbot.plugins.dns_common.DNSAuthenticator now implement Certbot's new plugin \
interfaces. The Certbot plugins based on these classes are now automatically \
detected as implementing these interfaces.
We added a dependency on chardet to our acme library so that it will be used \
over charset_normalizer in newer versions of requests.
Fixed
The Apache authenticator no longer crashes with "Unable to insert \
label" when encountering a completely empty vhost. This issue affected \
Certbot 1.17.0.
Users of the Certbot snap on Debian 9 (Stretch) should no longer encounter an \
"access denied" error when installing DNS plugins.
|
2021-07-23 09:26:45 by Adam Ciarcinski | Files touched by this commit (18) | |
Log message:
py-acme, py-certbot*: updated to 1.17.0
Certbot 1.17.0
Added
Add Void Linux overrides for certbot-apache.
Changed
We changed how dependencies are specified between Certbot packages. For this
and future releases, higher level Certbot components will require that lower
level components are the same version or newer. More specifically, version X
of the Certbot package will now always require acme>=X and version Y of a
plugin package will always require acme>=Y and certbot=>Y. Specifying
dependencies in this way simplifies testing and development.
The Apache authenticator now always configures virtual hosts which do not have
an explicit ServerName. This should make it work more reliably with the
default Apache configuration in Debian-based environments.
Fixed
When we increased the logging level on our nginx "Could not parse \
file" message,
it caused a previously-existing inability to parse empty files to become more
visible. We have now added the ability to correctly parse empty files, so that
message should only show for more significant errors.
|
2021-06-14 14:15:41 by Adam Ciarcinski | Files touched by this commit (24) | |
Log message:
py-acme py-certbot*: updated to 1.16.0
Certbot 1.16.0
Changed
DNS plugins based on lexicon now require dns-lexicon >= v3.1.0
Use UTF-8 encoding for renewal configuration files
Windows installer now cleans up old Certbot dependency packages
before installing the new ones to avoid version conflicts.
This release contains a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. If you would like to see more verbose output, use
the -v or -vv flags. UX improvements are an iterative process and
the Certbot team welcomes constructive feedback.
Functions certbot.crypto_util.init_save_key and certbot.crypto_util.init_save_csr,
whose behaviors rely on the global Certbot config singleton, are deprecated and will
be removed in a future release. Please use certbot.crypto_util.generate_key and
certbot.crypto_util.generate_csr instead.
Fixed
Fix TypeError due to incompatibility with lexicon >= v3.6.0
Installers (e.g. nginx, Apache) were being restarted unnecessarily after dry-run \
renewals.
Colors and bold text should properly render in all supported versions of Windows.
|
2021-05-14 10:24:08 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 1.15.0
1.15.0 - 2021-05-04
More details about these changes can be found on our GitHub repo.
|
2021-04-15 07:16:37 by Adam Ciarcinski | Files touched by this commit (18) | |
Log message:
py-acme py-certbot*: updated to 1.14.0
Certbot 1.14.0
Changed
certbot-auto no longer checks for updates on any operating system.
The module acme.magic_typing is deprecated and will be removed in a future release.
Please use the built-in module typing instead.
The DigitalOcean plugin now creates TXT records for the DNS-01 challenge with a \
lower 30s TTL.
Fixed
Don't output an empty line for a hidden certificate when certbot certificates is \
being used
in combination with --cert-name or -d.
|
2021-03-06 14:34:25 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 1.13.0
Certbot 1.13.0
Changed
CLI flags --os-packages-only, --no-self-upgrade, --no-bootstrap and \
--no-permissions-check,
which are related to certbot-auto, are deprecated and will be removed in a \
future release.
Certbot no longer conditionally depends on an external mock module. Certbot's
test API will continue to use it if it is available for backwards
compatibility, however, this behavior has been deprecated and will be removed
in a future release.
The acme library no longer depends on the security extras from requests
which was needed to support SNI in TLS requests when using old versions of
Python 2.
Certbot and all of its components no longer depend on the library six.
The update of certbot-auto itself is now disabled on all RHEL-like systems.
When revoking a certificate by --cert-name, it is no longer necessary to specify \
the --server
if the certificate was obtained from a non-default ACME server.
The nginx authenticator now configures all matching HTTP and HTTPS vhosts for \
the HTTP-01
challenge. It is now compatible with external HTTPS redirection by a CDN or load \
balancer.
|
2021-02-09 11:06:43 by Adam Ciarcinski | Files touched by this commit (34) | |
Log message:
py-acme py-certbot*: updated to 1.12.0
1.12.0
Changed
The --preferred-chain flag now only checks the Issuer Common Name of the topmost \
(closest to the root) certificate in the chain, instead of checking every \
certificate in the chain.
Support for Python 2 has been removed.
In previous releases, we caused certbot-auto to stop updating its Certbot \
installation. In this release, we are beginning to disable updates to the \
certbot-auto script itself. This release includes Amazon Linux users, and all \
other systems that are not based on Debian or RHEL. We plan to make this change \
to the certbot-auto script for all users in the coming months.
Fixed
Fixed the apache component on openSUSE Tumbleweed which no longer provides an \
apache2ctl symlink and uses apachectl instead.
Fixed a typo in certbot/crypto_util.py causing an error upon attempting \
secp521r1 key generation
|
2021-01-16 07:29:24 by Makoto Fujiwara | Files touched by this commit (13) |
Log message:
(security/py-certbot-*) regen distinfo
|
2020-12-09 13:31:37 by Adam Ciarcinski | Files touched by this commit (18) | |
Log message:
py-acme py-certbot*: updated to 1.10.1
1.10.1 - 2020-12-03
Fixed
Fixed a bug in certbot.util.add_deprecated_argument that caused the deprecated \
--manual-public-ip-logging-ok flag to crash Certbot in some scenarios.
More details about these changes can be found on our GitHub repo.
1.10.0 - 2020-12-01
Added
Added timeout to DNS query function calls for dns-rfc2136 plugin.
Confirmation when deleting certificates
CLI flag --key-type has been added to specify 'rsa' or 'ecdsa' (default 'rsa').
CLI flag --elliptic-curve has been added which takes an NIST/SECG elliptic \
curve. Any of secp256r1, secp384r1 and secp521r1 are accepted values.
The command certbot certficates lists the which type of the private key that was \
used for the private key.
Support for Python 3.9 was added to Certbot and all of its components.
Changed
certbot-auto was deprecated on Debian based systems.
CLI flag --manual-public-ip-logging-ok is now a no-op, generates a deprecation \
warning, and will be removed in a future release.
Fixed
Fixed a Unicode-related crash in the nginx plugin when running under Python 2.
|
2020-10-20 16:15:52 by Makoto Fujiwara | Files touched by this commit (14) |
Log message:
(security/py-certbot-*) regen distinfo
|