letsencrypt changelog

Changelog History

Page 1

• v1.10.1 Changes

  December 03, 2020

  🛠 Fixed

  • 🗄 Fixed a bug in certbot.util.add_deprecated_argument that caused the
    🗄 deprecated --manual-public-ip-logging-ok flag to crash Certbot in some
    scenarios.
    More details about these changes can be found on our GitHub repo.

• v1.10.0 Changes

  December 01, 2020

  ➕ Added

  • ➕ Added timeout to DNS query function calls for dns-rfc2136 plugin.
  • Confirmation when deleting certificates
  • 0️⃣ CLI flag --key-type has been added to specify 'rsa' or 'ecdsa' (default 'rsa').
  • CLI flag --elliptic-curve has been added which takes an NIST/SECG elliptic curve. Any of
    secp256r1, secp284r1 and secp521r1 are accepted values.
  • The command certbot certficates lists the which type of the private key that was used
    for the private key.
  • 👌 Support for Python 3.9 was added to Certbot and all of its components.

  🔄 Changed

  • 🗄 certbot-auto was deprecated on Debian based systems.
  • 🌲 CLI flag --manual-public-ip-logging-ok is now a no-op, generates a
    🚀 deprecation warning, and will be removed in a future release.

  🛠 Fixed

  • 🛠 Fixed a Unicode-related crash in the nginx plugin when running under Python 2.
    More details about these changes can be found on our GitHub repo.

• v1.9.0 Changes

  October 07, 2020

  ➕ Added

  • 📦 --preconfigured-renewal flag, for packager use only.
    👀 See the packaging guide.

  🔄 Changed

  • 🗄 certbot-auto was deprecated on all systems except for those based on Debian or RHEL.
  • ⚡️ Update the packaging instructions to promote usage of python -m pytest to test Certbot
    ✅ instead of the deprecated python setup.py test setuptools approach.
  • ⬇️ Reduced CLI logging when reloading nginx, if it is not running.
  • ⬇️ Reduced CLI logging when handling some kinds of errors.

  🛠 Fixed

  • 🛠 Fixed server_name case-sensitivity in the nginx plugin.
  • The minimum version of the acme library required by Certbot was corrected.
    🚀 In the previous release, Certbot said it required acme>=1.6.0 when it
    👍 actually required acme>=1.8.0 to properly support removing contact
    information from an ACME account.
  • ⬆️ Upgraded the version of httplib2 used in our snaps and Docker images to add
    👌 support for proxy environment variables and fix the plugin for Google Cloud
    DNS.

  More details about these changes can be found on our GitHub repo.

• v1.8.0 Changes

  September 08, 2020

  ➕ Added

  • ➕ Added the ability to remove email and phone contact information from an account
    ⚡️ using update_account --register-unsafely-without-email

  🔄 Changed

  • 👌 Support for Python 3.5 has been removed.

  🛠 Fixed

  • 🔌 The problem causing the Apache plugin in the Certbot snap on ARM systems to
    🛠 fail to load the Augeas library it depends on has been fixed.
  • The acme library can now tell the ACME server to clear contact information by passing an empty
    tuple to the contact field of a Registration message.
  • Fixed the ***stack smashing detected*** error in the Certbot snap on some systems.
    More details about these changes can be found on our GitHub repo.

• v1.7.0 Changes

  August 04, 2020

  ➕ Added

  • Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name):
    🔌 this concerns the plugin name, CLI flags, and keys in credential files.
    🚀 The prefixed form is still supported but is deprecated, and will be removed in a future release.
  • ➕ Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload.

  🔄 Changed

  • 🔌 The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200,
    due to https://www.linode.com/blog/linode/linode-turns-17/
  • 🗄 We deprecated support for Python 3.5 in Certbot and its ACME library.
    👌 Support for Python 3.5 will be removed in the next major release of Certbot.
    More details about these changes can be found on our GitHub repo.

• v1.6.0 Changes

  July 07, 2020

  ➕ Added

  • Certbot snaps are now available for the arm64 and armhf architectures.
  • ➕ Add minimal code to run Nginx plugin on NetBSD.
  • 🔌 Make Certbot snap find externally snapped plugins
  • Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask
    🏁 implementing umask for both UNIX and Windows systems.
  • 👌 Support for alternative certificate chains in the acme module.
  • ➕ Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains,
    it may be used to indicate to Certbot which chain should be preferred.
    • e.g. --preferred-chain "DST Root CA X3"

  🔄 Changed

  • 👍 Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
  • ⚠ Generalize UI warning message on renewal rate limits
  • 🏁 Certbot behaves similarly on Windows to on UNIX systems regarding umask, and
    0️⃣ the umask 022 is applied by default: all files/directories are not writable by anyone
    other than the user running Certbot and the system/admin users.
  • Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare
    🗄 for impending acmev1 deprecation.

  🛠 Fixed

  • Cloudflare API Tokens may now be restricted to individual zones.
  • Don't use StrictVersion, but LooseVersion to check version requirements with setuptools,
    to fix some packaging issues with libraries respecting PEP404 for version string,
    with doesn't match StrictVersion requirements.
  • Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.
  • 🛠 Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx
    🔌 plugins on, e.g., CentOS 7.
    More details about these changes can be found on our GitHub repo.

• v1.5.0 Changes

  June 02, 2020

  ➕ Added

  • 🔌 Require explicit confirmation of snap plugin permissions before connecting.

  🔄 Changed

  • 👌 Improved error message in apache installer when mod_ssl is not available.

  🛠 Fixed

  • ➕ Add support for OCSP responses which use a public key hash ResponderID, fixing
    interoperability with Sectigo CAs.
  • 🛠 Fix TLS-ALPN test that fails when run with newer versions of OpenSSL.
    More details about these changes can be found on our GitHub repo.

• v1.4.0 Changes

  May 05, 2020

  ➕ Added

  • 0️⃣ Turn off session tickets for apache plugin by default when appropriate.
  • ➕ Added serial number of certificate to the output of certbot certificates
  • 🔦 Expose two new environment variables in the authenticator and cleanup scripts used by
    the manual plugin: CERTBOT_REMAINING_CHALLENGES is equal to the number of challenges
    remaining after the current challenge, CERTBOT_ALL_DOMAINS is a comma-separated list
    of all domains challenged for the current certificate.
  • ➕ Added TLS-ALPN-01 challenge support in the acme library. Support of this
    🚀 challenge in the Certbot client is planned to be added in a future release.
  • ➕ Added minimal proxy support for OCSP verification.
  • 🏁 On Windows, hooks are now executed in a Powershell shell instead of a CMD shell,
    allowing both *.ps1 and *.bat as valid scripts for Certbot.

  🔄 Changed

  • Reorganized error message when a user entered an invalid email address.
  • Stop asking interactively if the user would like to add a redirect.
  • 📦 mock dependency is now conditional on Python 2 in all of our packages.
  • 🍎 Deprecate certbot-auto on Gentoo, macOS, and FreeBSD.

  🛠 Fixed

  • When using an RFC 8555 compliant endpoint, the acme library no longer sends the
    resource field in any requests or the type field when responding to challenges.
  • 🛠 Fix nginx plugin crash when non-ASCII configuration file is being read (instead,
    the user will be warned that UTF-8 must be used).
  • 🛠 Fix hanging OCSP queries during revocation checking - added a 10 second timeout.
  • 0️⃣ Standalone servers now have a default socket timeout of 30 seconds, fixing
    🔌 cases where an idle connection can cause the standalone plugin to hang.
  • 📜 Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line
    endings. This should fix interoperability with Buypass' services.
    More details about these changes can be found on our GitHub repo.

• v1.3.0 Changes

  March 03, 2020

  ➕ Added

  • ➕ Added certbot.ocsp Certbot's API. The certbot.ocsp module can be used to
    determine the OCSP status of certificates.
  • Don't verify the existing certificate in HTTP01Response.simple_verify, for
    compatibility with the real-world ACME challenge checks.

  🔄 Changed

  • Certbot will now renew certificates early if they have been revoked according
    to OCSP.
  • 🛠 Fix acme module warnings when response Content-Type includes params (e.g. charset).
  • 🛠 Fixed issue where webroot plugin would incorrectly raise Read-only file system
    error when creating challenge directories (issue #7165).

  🛠 Fixed

  More details about these changes can be found on our GitHub repo.

• v1.2.0 Changes

  February 05, 2020

  ➕ Added

  • ➕ Added support for Cloudflare's limited-scope API Tokens

  🔄 Changed

  • ➕ Add directory field to error message when field is missing.
  • 🔒 If MD5 hasher is not available, try it in non-security mode (fix for FIPS systems) -- #1948
  • 🚚 Disable old SSL versions and ciphersuites and remove SSLCompression off setting to follow Mozilla recommendations in Apache.
  • ✂ Remove ECDHE-RSA-AES128-SHA from NGINX ciphers list now that Windows 2008 R2 and Windows 7 are EOLed
  • 👌 Support for Python 3.4 has been removed.

  🛠 Fixed

  • 🛠 Fix collections.abc imports for Python 3.9.
    More details about these changes can be found on our GitHub repo.

• 1
• 2
• 3
• 4
• 5
• Next ›
• Last »