2019-04-08 17:48:31 by Adam Ciarcinski | Files touched by this commit (23) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
py-acme,py-certbot*: updated to 0.33.1
0.33.1:
Fixed
A bug causing certbot-auto to print warnings or crash on some RHEL based systems \
has been resolved.
Despite us having broken lockstep, we are continuing to release new versions of \
all Certbot components during releases for the time being, however, the only \
changes in this release were to certbot-auto.
0.33.0:
Added
Fedora 29+ is now supported by certbot-auto. Since Python 2.x is on a \
deprecation path in Fedora, certbot-auto will install and use Python 3.x on \
Fedora 29+.
CLI flag --https-port has been added for Nginx plugin exclusively, and replaces \
--tls-sni-01-port. It defines the HTTPS port the Nginx plugin will use while \
setting up a new SSL vhost. By default the HTTPS port is 443.
Changed
Support for TLS-SNI-01 has been removed from all official Certbot plugins.
Attributes related to the TLS-SNI-01 challenge in acme.challenges and \
acme.standalone modules are deprecated and will be removed soon.
CLI flags --tls-sni-01-port and --tls-sni-01-address are now no-op, will \
generate a deprecation warning if used, and will be removed soon.
Options tls-sni and tls-sni-01 in --preferred-challenges flag are now no-op, \
will generate a deprecation warning if used, and will be removed soon.
CLI flag --standalone-supported-challenges has been removed.
Fixed
Certbot uses the Python library cryptography for OCSP when cryptography>=2.5 \
is installed. We fixed a bug in Certbot causing it to interpret timestamps in \
the OCSP response as being in the local timezone rather than UTC.
Issue causing the default CentOS 6 TLS configuration to ignore some of the HTTPS \
VirtualHosts created by Certbot. mod_ssl loading is now moved to main http.conf \
for this environment where possible.
|
2019-03-10 16:23:51 by Adam Ciarcinski | Files touched by this commit (21) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
py-certbot: updated to 0.32.0
Added
If possible, Certbot uses built-in support for OCSP from recent cryptography \
versions instead of the OpenSSL binary: as a consequence Certbot does not need \
the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.
Changed
Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the \
warnings described at https://github.com/certbot/josepy/issues/13.
Apache plugin now respects CERTBOT_DOCS environment variable when adding command \
line defaults.
The running of manual plugin hooks is now always included in Certbot's log output.
Tests execution for certbot, certbot-apache and certbot-nginx packages now \
relies on pytest.
An ACME CA server may return a "Retry-After" HTTP header on \
authorization polling, as specified in the ACME protocol, to indicate when the \
next polling should occur. Certbot now reads this header if set and respect its \
value.
The acme module avoids sending the keyAuthorization field in the JWS payload \
when responding to a challenge as the field is not included in the current ACME \
protocol. To ease the migration path for ACME CA servers, Certbot and its acme \
module will first try the request without the keyAuthorization field but will \
temporarily retry the request with the field included if a malformed error is \
received. This fallback will be removed in version 0.34.0.
|
2019-02-12 13:56:32 by Adam Ciarcinski | Files touched by this commit (17) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
py-acme,py-certbot*: updated to 0.31.0
0.31.0:
Added
Avoid reprocessing challenges that are already validated when a certificate is \
issued.
Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with \
the acme module.
Changed
Certbot's official Docker images are now based on Alpine Linux 3.9 rather than \
3.7. The new version comes with OpenSSL 1.1.1.
Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on \
2.x branch is maintained).
Apache plugin now attempts to configure all VirtualHosts matching requested \
domain name instead of only a single one when answering the HTTP-01 challenge.
Fixed
Fixed accessing josepy contents through acme.jose when the full acme.jose path \
is used.
Clarify behavior for deleting certs as part of revocation.
Despite us having broken lockstep, we are continuing to release new versions of \
all Certbot components during releases for the time being, however, the only \
package with changes other than its version number was:
acme
certbot
certbot-apache
certbot-dns-cloudxns
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-gehirn
certbot-dns-linode
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-ovh
certbot-dns-sakuracloud
More details about these changes can be found on our GitHub repo.
|
2019-01-15 13:05:47 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (3) |
Log message:
py-certbot-nginx: add nginx certbot plugin
|