Log message:
Update security/py-{acme,certbot} to 0.21.0.

### Added

- Support for the HTTP-01 challenge type was added to our Apache and Nginx
  plugins.
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server
  block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added
  allowing users to control whether the revoke subcommand also deletes the
  certificates it is revoking.

### Changed

- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME
  library.
- We split our implementation of JOSE (Javascript Object Signing and
  Encryption) out of our ACME library and into a separate package named josepy.
- We updated the ciphersuites used in Apache to the new values recommended by
  Mozilla

### Fixed

- An issue with our Apache plugin on Gentoo due to differences in their
  apache2ctl command have been resolved.

Log message:
Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.

Log message:
Update security/py-certbot to 0.18.2.

- An issue where Certbot's ACME module would raise an AttributeError
  trying to create self-signed certificates when used with pyOpenSSL
  17.3.0 has been resolved. For Certbot users with this version of
  pyOpenSSL, this caused Certbot to crash when performing a TLS SNI
  challenge or when the Nginx plugin tried to create an SSL server
  block.

Log message:
Update security/py-certbot to 0.18.1.

- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.
- certbot-auto now installs Certbot in directories under /opt/eff.org.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with --quiet has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.

Log message:
Update security/py-certbot to 0.18.0.

### Added
- The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman
  parameters.

### Changed
- certbot-auto now installs Certbot in directories under `/opt/eff.org`.
- The Nginx plugin can now be selected in Certbot's interactive output.
- Output verbosity of renewal failures when running with `--quiet` has
  been reduced.
- The default revocation reason shown in Certbot help output now is a
  human readable string instead of a numerical code.
- Plugin selection is now included in normal terminal output.

### Fixed
- A newer version of ConfigArgParse is now installed when using
  certbot-auto causing values set to false in a Certbot INI
  configuration file to be handled intuitively.
- New naming conventions preventing certbot-auto from installing OS
  dependencies on Fedora 26 have been resolved.

Log message:
Update security/py-certbot and security/py-acme to 0.17.0.

### Added

- Support in our nginx plugin for modifying SSL server blocks that do
  not contain certificate or key directives.
- A `--max-log-backups` flag to allow users to configure or even completely
  disable Certbot's built in log rotation.
- A `--user-agent-comment` flag to allow people who build tools around Certbot
  to differentiate their user agent string by adding a comment to its default
  value.

### Changed

- Due to some awesome work by cryptography project, compilation can now be
  avoided on most systems when using certbot-auto.
- The `--renew-hook` flag has been hidden in favor of `--deploy-hook`.
- We have started printing deprecation warnings in certbot-auto for
  experimentally supported systems with OS packages available.
- A certificate lineage's name is included in error messages during renewal.

### Fixed

- Encoding errors that could occur when parsing error messages from the ACME
  server containing Unicode have been resolved.
- certbot-auto no longer prints misleading messages about there being a newer
  pip version available when installation fails.
- Certbot's ACME library now properly extracts domains from critical SAN
  extensions.

Log message:
Update security/py-certbot to 0.16.0.

Added
- A plugin for performing DNS challenges using dynamic DNS updates as
  defined in RFC 2316 (available separately).
- Plugins for performing DNS challenges for the providers DNS Made
  Easy and LuaDNS (available separately).
- Support for performing TLS-SNI-01 challenges when using the manual
  plugin.
- Automatic detection of Arch Linux in the Apache plugin providing
  better default settings for the plugin.

Changed
- The text of the interactive question about whether a redirect from
  HTTP to HTTPS should be added by Certbot has been rewritten to
  better explain the choices to the user.
- Simplified HTTP challenge instructions in the manual plugin.

Fixed
- Problems performing a dry run when using the Nginx plugin have been
  fixed.
- Resolved an issue where certbot-dns-digitalocean's test suite would
  sometimes fail when ran using Python 3.
- On some systems, previous versions of certbot-auto would error out
  with a message about a missing hash for setuptools.
- A bug where Certbot would sometimes not print a space at the end of
  an interactive prompt has been resolved.
- Nonfatal tracebacks are no longer shown in rare cases where Certbot
  encounters an exception trying to close its TCP connection with the
  ACME server.

Log message:
Update security/py-certbot and security/py-acme to 0.15.0

Added
- Plugins for performing DNS challenges for popular providers
- IPv6 support in the standalone plugin.
- A mechanism for keeping your Apache and Nginx SSL/TLS configuration
  up to date.
- --http-01-address and --tls-sni-01-address flags for controlling the
  address Certbot listens on when using the standalone plugin.
- The command certbot certificates that lists certificates managed by
  Certbot now performs additional validity checks to notify you if
  your files have become corrupted.

Changed
- Messages custom hooks print to stdout are now displayed by Certbot
  when not running in --quiet mode.
- jwk and alg fields in JWS objects have been moved into the protected
  header causing Certbot to more closely follow the latest version of
  the ACME spec.

Fixed
- Permissions on renewal configuration files are now properly
  preserved when they are updated.
- A bug causing Certbot to display strange defaults in its help output
  when using Python <= 2.7.4 has been fixed.
- Certbot now properly handles mixed case domain names found in custom
  CSRs.
- A number of poorly worded prompts and error messages.

Removed
- Support for OpenSSL 1.0.0 in certbot-auto has been removed as we now
  pin a newer version of cryptography which dropped support for this
  version.

Log message:
Update security/py-certbot to 0.14.2.

0.14.2
- Certbot 0.14.0 included a bug where Certbot would create a temporary
  log file (usually in /tmp) if the program exited during argument parsing.

0.14.1
- Certbot now works with configargparse 0.12.0.
- Issues with the Apache plugin and Augeas 1.7+ have been resolved.
- A problem where the Nginx plugin would fail to install certificates on
  systems that had the plugin's SSL/TLS options file from 7+ months ago
  has been fixed.

Log message:
Update py-certbot and py-acme to 0.14.0.
Use ALTERNATIVES to handle different Python versions better.

0.14.0 - 2017-05-04

Added

- Python 3.3+ support for all Certbot packages. certbot-auto still
  currently only supports Python 2, but the acme, certbot,
  certbot-apache, and certbot-nginx packages on PyPI now fully support
  Python 2.6, 2.7, and 3.3+.
- Certbot's Apache plugin now handles multiple virtual hosts per file.
- Lockfiles to prevent multiple versions of Certbot running
  simultaneously.

Changed

- When converting an HTTP virtual host to HTTPS in Apache, Certbot
  only copies the virtual host rather than the entire contents of the
  file it's contained in.
- The Nginx plugin now includes SSL/TLS directives in a separate file
  located in Certbot's configuration directory rather than copying the
  contents of the file into every modified server block.

Fixed

- Ensure logging is configured before parts of Certbot attempt to log
  any messages.
- Support for the --quiet flag in certbot-auto.
- Reverted a change made in a previous release to make the acme and
  certbot packages always depend on argparse. This dependency is
  conditional again on the user's Python version.
- Small bugs in the Nginx plugin such as properly handling empty
  server blocks and setting server_names_hash_bucket_size during
  challenges.