2023-02-21 07:51:53 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 2.3.0
Certbot 2.3.0
Added
Allow a user to modify the configuration of a certificate without renewing it \
using the new reconfigure subcommand. See certbot help reconfigure for details.
certbot show_account now displays the ACME Account Thumbprint.
Changed
Certbot will no longer save previous CSRs and certificate private keys to \
/etc/letsencrypt/csr and /etc/letsencrypt/keys, respectively. These directories \
may be safely deleted.
Certbot will now only keep the current and 5 previous certificates in the \
/etc/letsencrypt/archive directory for each certificate lineage. Any prior \
certificates will be automatically deleted upon renewal. This number may be \
further lowered in future releases.
As always, users should only reference the certificate files within \
/etc/letsencrypt/live and never use /etc/letsencrypt/archive directly. See Where \
are my certificates? in the Certbot User Guide.
certbot.configuration.NamespaceConfig.key_dir and .csr_dir are now deprecated.
All Certbot components now require pytest to run tests.
Fixed
Fixed a crash when registering an account with BuyPass' ACME server.
Fixed a bug where Certbot would crash with AttributeError: can't set attribute \
on ACME server errors in Python 3.11.
|
2023-01-15 22:11:08 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 2.2.0
Certbot 2.2.0
Changed
Certbot will no longer respect very long challenge polling intervals, which may \
be suggested
by some ACME servers. Certbot will continue to wait up to 90 seconds by default, \
or up to a
total of 30 minutes if requested by the server via Retry-After.
|
2022-12-12 11:02:32 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 2.1.0
Certbot 2.1.0
Fixed
Interfaces which plugins register themselves as implementing without inheriting \
from them now show up in certbot plugins output.
IPluginFactory, IPlugin, IAuthenticator and IInstaller have been re-added to
certbot.interfaces.
This is to fix compatibility with a number of third-party DNS plugins which may
have started erroring with AttributeError in Certbot v2.0.0.
Plugin authors can find more information about Certbot 2.x compatibility
here.
A bug causing our certbot-apache tests to crash on some systems has been resolved.
|
2022-11-26 19:01:37 by Adam Ciarcinski | Files touched by this commit (21) | |
Log message:
py-acme py-certbot*: updated to 2.0.0
Certbot 2.0.0
Added
Support for Python 3.11 was added to Certbot and all of its components.
acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument \
which defaults to 30 that causes the verification request to timeout after that \
many seconds.
Changed
The default key type for new certificates is now ECDSA secp256r1 (P-256). It was \
previously RSA 2048-bit. Existing certificates are not affected.
The Apache plugin no longer supports Apache 2.2.
acme and Certbot no longer support versions of ACME from before the RFC 8555 \
standard.
acme and Certbot no longer support the old urn:acme:error: ACME error prefix.
Removed the deprecated certbot-dns-cloudxns plugin.
Certbot will now error if a certificate has --reuse-key set and a conflicting \
--key-type, --key-size or --elliptic-curve is requested on the CLI. Use \
--new-key to change the key while preserving --reuse-key.
3rd party plugins no longer support the dist_name:plugin_name format on the CLI \
and in configuration files. Use the shorter plugin_name format.
acme.client.Client, acme.client.ClientBase, \
acme.client.BackwardsCompatibleClientV2, acme.mixins, \
acme.client.DER_CONTENT_TYPE, acme.fields.Resource, acme.fields.resource, \
acme.magic_typing, acme.messages.OLD_ERROR_PREFIX, \
acme.messages.Directory.register, \
acme.messages.Authorization.resolved_combinations, \
acme.messages.Authorization.combinations have been removed.
acme.messages.Directory now only supports lookups by the exact resource name \
string in the ACME directory (e.g. directory['newOrder']).
Removed the deprecated source_address argument for acme.client.ClientNetwork.
The zope based interfaces in certbot.interfaces have been removed in favor of \
the abc based interfaces found in the same module.
Certbot no longer depends on zope.
Removed deprecated function certbot.util.get_strict_version.
Removed deprecated functions certbot.crypto_util.init_save_csr, \
certbot.crypto_util.init_save_key,
and certbot.compat.misc.execute_command
The attributes FileDisplay, NoninteractiveDisplay, SIDE_FRAME, \
input_with_timeout, separate_list_input, summarize_domain_list, HELP, and ESC \
from certbot.display.util have been removed.
Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins \
should now
patch certbot.display.util themselves in their tests or use
certbot.tests.util.patch_display_util as a temporary workaround.
Certbot's test API under certbot.tests now uses unittest.mock instead of the 3rd \
party mock library.
Fixed
Fixes a bug where the certbot working directory has unusably restrictive \
permissions on systems with stricter default umasks.
Requests to subscribe to the EFF mailing list now time out after 60 seconds.
|
2022-11-09 09:37:26 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 1.32.0
1.32.0 - 2022-11-08
Changed
* DNS RFC2136 module now uses the TSIG key to check for an authoritative SOA \
record. Helps the use of split-horizon and multiple views in BIND9 using the key \
in an ACL to determine which view to use.
Fixed
* CentOS 9 and other RHEL-derived OSes now correctly use httpd instead of \
apachectl for
various Apache-related commands
|
2022-10-19 16:25:20 by Nia Alarie | Files touched by this commit (21) |
Log message:
fighting a losing battle against the py-cryptography rustification, part 5
Convert py-OpenSSL users to versioned_dependencies.mk
|
2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26) |
Log message:
fighting a losing battle against py-cryptography rustification, part 2
Switch users to versioned_dependencies.mk.
|
2022-10-07 09:27:16 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 1.31.0
Certbot 1.31.0
Changed
If Certbot exits before setting up its usual log files, the temporary directory \
created to save logging information will begin with the name certbot-log- rather \
than a generic name. This should not be considered a stable aspect of Certbot \
and may change again in the future.
Fixed
Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare \
library
which was introduced in the Cloudflare library version 2.10.1. The library would \
raise
an error if a token was specified in the Certbot --dns-cloudflare-credentials file as
well as the cloudflare.cfg configuration file of the Cloudflare library.
|
2022-09-08 17:12:57 by Adam Ciarcinski | Files touched by this commit (17) | |
Log message:
py-acme py-certbot*: updated to 1.30.0
Changes 1.30.0
acme.client.ClientBase, acme.messages.Authorization.resolved_combinations,
acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource,
and acme.fields.Resource are deprecated and will be removed in a future release.
acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support for
the old ACME error prefix in Certbot will be removed in the next major release of
Certbot.
acme.messages.Directory.register is deprecated and will be removed in the next
major release of Certbot. Furthermore, .Directory will only support lookups
by the exact resource name string in the ACME directory (e.g. directory['newOrder']).
The certbot-dns-cloudxns plugin is now deprecated and will be removed in the
next major release of Certbot.
The source_address argument for acme.client.ClientNetwork is deprecated
and support for it will be removed in the next major release.
Add UI text suggesting users create certs for multiple domains, when possible
|
2022-07-12 07:44:00 by Adam Ciarcinski | Files touched by this commit (18) | |
Log message:
py-acme py-certbot*: updated to 1.29.0
Certbot 1.29.0
Added
Updated Windows installer to be signed and trusted in Windows
Changed
--allow-subset-of-names will now additionally retry in cases where domains are \
rejected while creating or finalizing orders. This requires subproblem support \
from the ACME server.
Fixed
The show_account subcommand now uses the "newAccount" ACME endpoint to \
fetch the account
data, so it doesn't rely on the locally stored account URL. This fixes \
situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
The generated Certificate Signing Requests are now generated as version 1 \
instead of version 3. This resolves situations in where strict enforcement of \
PKCS#10 meant that CSRs that were generated as version 3 were rejected.
|