./security/py-certbot-dns-route53, Amazon Web Services Route 53 API plugin for Certbot

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.0, Package name: py37-certbot-dns-route53-1.4.0, Maintainer: adam

The dns_route53 plugin automates the process of completing a dns-01 challenge
(DNS01) by creating, and subsequently removing, TXT records using the Amazon
Web Services Route 53 API.


Required to run:
[devel/py-setuptools] [devel/py-ZopeInterface] [devel/py-mock] [security/py-certbot] [security/py-acme] [net/py-boto3] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 9163c028c12df0f2b701bb744663bf700315ef62
RMD160: 64b1f5fa7c26a6d1a5fe96cd5d0d3b9920f315cc
Filesize: 15.306 KB

Version history: (Expand)


CVS history: (Expand)


   2020-05-07 12:53:46 by Adam Ciarcinski | Files touched by this commit (32) | Package updated
Log message:
py-acme/py-certbot*: updated to 1.4.0

1.4.0:

Added

* Turn off session tickets for apache plugin by default when appropriate.
* Added serial number of certificate to the output of `certbot certificates`
* Expose two new environment variables in the authenticator and cleanup scripts \ 
used by
  the `manual` plugin: `CERTBOT_REMAINING_CHALLENGES` is equal to the number of \ 
challenges
  remaining after the current challenge, `CERTBOT_ALL_DOMAINS` is a \ 
comma-separated list
  of all domains challenged for the current certificate.
* Added TLS-ALPN-01 challenge support in the `acme` library. Support of this
  challenge in the Certbot client is planned to be added in a future release.
* Added minimal proxy support for OCSP verification.
* On Windows, hooks are now executed in a Powershell shell instead of a CMD shell,
  allowing both `*.ps1` and `*.bat` as valid scripts for Certbot.

Changed

* Reorganized error message when a user entered an invalid email address.
* Stop asking interactively if the user would like to add a redirect.
* `mock` dependency is now conditional on Python 2 in all of our packages.
* Deprecate certbot-auto on Gentoo, macOS, and FreeBSD.

Fixed

* When using an RFC 8555 compliant endpoint, the `acme` library no longer sends the
  `resource` field in any requests or the `type` field when responding to challenges.
* Fix nginx plugin crash when non-ASCII configuration file is being read (instead,
  the user will be warned that UTF-8 must be used).
* Fix hanging OCSP queries during revocation checking - added a 10 second timeout.
* Standalone servers now have a default socket timeout of 30 seconds, fixing
  cases where an idle connection can cause the standalone plugin to hang.
* Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line
  endings. This should fix interoperability with Buypass' services.

More details about these changes can be found on our GitHub repo.
   2020-03-23 19:43:46 by Adam Ciarcinski | Files touched by this commit (17) | Package updated
Log message:
py-acme py-certbot: updated to 1.3.0

Certbot 1.3.0

Added
Added certbot.ocsp Certbot's API. The certbot.ocsp module can be used to
determine the OCSP status of certificates.
Don't verify the existing certificate in HTTP01Response.simple_verify, for
compatibility with the real-world ACME challenge checks.

Changed
Certbot will now renew certificates early if they have been revoked according
to OCSP.
Fix acme module warnings when response Content-Type includes params (e.g. charset).
Fixed issue where webroot plugin would incorrectly raise Read-only file system
error when creating challenge directories
   2020-02-16 21:23:28 by Adam Ciarcinski | Files touched by this commit (18) | Package updated
Log message:
py-acme py-certbot: updated to 1.2.0

1.2.0:

Added
Added support for Cloudflare's limited-scope API Tokens
Added support for $hostname in nginx server_name directive

Changed
Add directory field to error message when field is missing.
If MD5 hasher is not available, try it in non-security mode (fix for FIPS systems)
Disable old SSL versions and ciphersuites and remove SSLCompression off setting \ 
to follow Mozilla recommendations in Apache.
Remove ECDHE-RSA-AES128-SHA from NGINX ciphers list now that Windows 2008 R2 and \ 
Windows 7 are EOLed
Support for Python 3.4 has been removed.

Fixed
Fix collections.abc imports for Python 3.9.
More details about these changes can be found on our GitHub repo.

1.1.0:

Changed
Removed the fallback introduced with 0.34.0 in acme to retry a POST-as-GET \ 
request as a GET request when the targeted ACME CA server seems to not support \ 
POST-as-GET requests.
certbot-auto no longer supports architectures other than x86_64 on RHEL 6 based \ 
systems. Existing certbot-auto installations affected by this will continue to \ 
work, but they will no longer receive updates. To install a newer version of \ 
Certbot on these systems, you should update your OS.
Support for Python 3.4 in Certbot and its ACME library is deprecated and will be \ 
removed in the next release of Certbot. certbot-auto users on x86_64 systems \ 
running RHEL 6 or derivatives will be asked to enable Software Collections (SCL) \ 
repository so Python 3.6 can be installed. certbot-auto can enable the SCL repo \ 
for you on CentOS 6 while users on other RHEL 6 based systems will be asked to \ 
do this manually.
   2019-12-15 10:48:39 by Adam Ciarcinski | Files touched by this commit (33) | Package updated
Log message:
py-acme/py-cerbot-*: updated to 1.0.0

Certbot 1.0.0

Removed:
* The docs extras for the certbot-apache and certbot-nginx packages
  have been removed.

Changed:
* certbot-auto has deprecated support for systems using OpenSSL 1.0.1 that are
  not running on x86-64. This primarily affects RHEL 6 based systems.
* Certbot's config_changes subcommand has been removed
* certbot.plugins.common.TLSSNI01 has been removed.
* Deprecated attributes related to the TLS-SNI-01 challenge in
  acme.challenges and acme.standalone
  have been removed.
* The functions certbot.client.view_config_changes,
  certbot.main.config_changes,
  certbot.plugins.common.Installer.view_config_changes,
  certbot.reverter.Reverter.view_config_changes, and
  certbot.util.get_systemd_os_info have been removed
* Certbot's register --update-registration subcommand has been removed
* When possible, default to automatically configuring the webserver so all requests
  redirect to secure HTTPS access. This is mostly relevant when running Certbot
  in non-interactive mode. Previously, the default was to not redirect all requests.
   2019-11-14 19:28:19 by Adam Ciarcinski | Files touched by this commit (17) | Package updated
Log message:
py-certbot: updated to 0.40.1

0.40.1:

Changed
Added back support for Python 3.4 to Certbot components and certbot-auto due to \ 
a bug when requiring Python 2.7 or 3.5+ on RHEL 6 based systems.
More details about these changes can be found on our GitHub repo.

0.40.0:

Changed
We deprecated support for Python 3.4 in Certbot and its ACME library. Support \ 
for Python 3.4 will be removed in the next major release of Certbot. \ 
certbot-auto users on RHEL 6 based systems will be asked to enable Software \ 
Collections (SCL) repository so Python 3.6 can be installed. certbot-auto can \ 
enable the SCL repo for you on CentOS 6 while users on other RHEL 6 based \ 
systems will be asked to do this manually.
--server may now be combined with --dry-run. Certbot will, as before, use the \ 
staging server instead of the live server when --dry-run is used.
--dry-run now requests fresh authorizations every time, fixing the issue where \ 
it was prone to falsely reporting success.
Updated certbot-dns-google to depend on newer versions of \ 
google-api-python-client and oauth2client.
The OS detection logic again uses distro library for Linux OSes
certbot.plugins.common.TLSSNI01 has been deprecated and will be removed in a \ 
future release.
CLI flags --tls-sni-01-port and --tls-sni-01-address have been removed.
The values tls-sni and tls-sni-01 for the --preferred-challenges flag are no \ 
longer accepted.
Removed the flags: --agree-dev-preview, --dialog, and --apache-init-script
acme.standalone.BaseRequestHandlerWithLogging and \ 
acme.standalone.simple_tls_sni_01_server have been deprecated and will be \ 
removed in a future release of the library.
certbot-dns-rfc2136 now use TCP to query SOA records.

Fixed
More details about these changes can be found on our GitHub repo.
   2019-10-02 19:36:44 by Adam Ciarcinski | Files touched by this commit (43) | Package updated
Log message:
py-acme/py-certbot: updated to 0.39.0

0.39.0:

Added
Support for Python 3.8 was added to Certbot and all of its components.
Support for CentOS 8 was added to certbot-auto.

Changed
Don't send OCSP requests for expired certificates
Return to using platform.linux_distribution instead of distro.linux_distribution \ 
in OS fingerprinting for Python < 3.8
Updated the Nginx plugin's TLS configuration to keep support for some versions \ 
of IE11.

Fixed
Fixed OS detection in the Apache plugin on RHEL 6.
   2019-09-12 17:08:55 by Adam Ciarcinski | Files touched by this commit (16) | Package updated
Log message:
py-acme py-certbot*: updated to 0.38.0

0.38.0:
Added
Disable session tickets for Nginx users when appropriate.

Changed
If Certbot fails to rollback your server configuration, the error message links \ 
to the Let's Encrypt forum. Change the link to the Help category now that the \ 
Server category has been closed.
Replace platform.linux_distribution with distro.linux_distribution as a step \ 
towards Python 3.8 support in Certbot.

Fixed
Fixed OS detection in the Apache plugin on Scientific Linux.
   2019-08-23 11:57:50 by Adam Ciarcinski | Files touched by this commit (22) | Package updated
Log message:
py-certbot: updated to 0.37.2

0.37.2:
Stop disabling TLS session tickets in Nginx as it caused TLS failures on some \ 
systems.

0.37.1:
Fixed
Stop disabling TLS session tickets in Apache as it caused TLS failures on some \ 
systems.

0.37.0:
Added
Turn off session tickets for apache plugin by default
acme: Authz deactivation added to acme module.

Changed
Follow updated Mozilla recommendations for Nginx ssl_protocols, ssl_ciphers, and \ 
ssl_prefer_server_ciphers

Fixed
Fix certbot-auto failures on RHEL 8.