All Versions
81
Latest Version
Avg Release Cycle
25 days
Latest Release
1022 days ago

Changelog History
Page 5

  • v0.25.0 Changes

    June 06, 2018

    โž• Added

    • ๐Ÿ‘Œ Support for the ready status type was added to acme. Without this change, Certbot and acme users will begin encountering errors when using Let's Encrypt's ACMEv2 API starting on June 19th for the staging environment and July 5th for production. See https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 for more information.
    • Certbot now accepts the flag --reuse-key which will cause the same key to be used in the certificate when the lineage is renewed rather than generating a new key.
    • You can now add multiple email addresses to your ACME account with Certbot by providing a comma separated list of emails to the --email flag.
    • ๐Ÿ‘Œ Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme. For more information, see https://community.letsencrypt.org/t/tls-alpn-validation-method/63814/1.
    • ๐Ÿ‘ acme now supports specifying the source address to bind to when sending outgoing connections. You still cannot specify this address using Certbot.
    • If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't already have an account registered at that server URL, Certbot will automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint if it exists.
    • ๐Ÿ”Œ Interfaces were added to Certbot allowing plugins to be called at additional points. The GenericUpdater interface allows plugins to perform actions every time certbot renew is run, regardless of whether any certificates are due for renewal, and the RenewDeployer interface allows plugins to perform actions when a certificate is renewed. See certbot.interfaces for more information.

    ๐Ÿ”„ Changed

    • When running Certbot with --dry-run and you don't already have a staging account, the created account does not contain an email address even if one was provided to avoid expiration emails from Let's Encrypt's staging server.
    • ๐Ÿ‘ท certbot-nginx does a better job of automatically detecting the location of Nginx's configuration files when run on BSD based systems.
    • โœ… acme now requires and uses pytest when running tests with setuptools with python setup.py test.
    • certbot config_changes no longer waits for user input before exiting.

    ๐Ÿ›  Fixed

    • ๐ŸŒฒ Misleading log output that caused users to think that Certbot's standalone plugin failed to bind to a port when performing a challenge has been corrected.
    • An issue where certbot-nginx would fail to enable HSTS if the server block already had an add_header directive has been resolved.
    • ๐Ÿ‘ท certbot-nginx now does a better job detecting the server block to base the configuration for TLS-SNI challenges on.

    ๐Ÿš€ Despite us having broken lockstep, we are continuing to release new versions of ๐Ÿš€ all Certbot components during releases for the time being, however, the only ๐Ÿ“ฆ packages with functional changes were:

    • acme
    • certbot
    • certbot-apache
    • certbot-nginx

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/54?closed=1

  • v0.24.0 Changes

    May 02, 2018

    โž• Added

    • ๐Ÿ”’ certbot now has an enhance subcommand which allows you to configure security enhancements like HTTP to HTTPS redirects, OCSP stapling, and HSTS without reinstalling a certificate.
    • certbot-dns-rfc2136 now allows the user to specify the port to use to reach the DNS server in its credentials file.
    • ๐Ÿ“œ acme now parses the wildcard field included in authorizations so it can be used by users of the library.

    ๐Ÿ”„ Changed

    • โšก๏ธ certbot-dns-route53 used to wait for each DNS update to propagate before sending the next one, but now it sends all updates before waiting which speeds up issuance for multiple domains dramatically.
    • ๐Ÿง Certbot's official Docker images are now based on Alpine Linux 3.7 rather than 3.4 because 3.4 has reached its end-of-life.
    • We've doubled the time Certbot will spend polling authorizations before timing out.
    • The level of the message logged when Certbot is being used with non-standard paths warning that crontabs for renewal included in Certbot packages from OS package managers may not work has been reduced. This stops the message from being written to stderr every time certbot renew runs.

    ๐Ÿ›  Fixed

    • certbot-auto now works with Python 3.6.

    ๐Ÿš€ Despite us having broken lockstep, we are continuing to release new versions of ๐Ÿš€ all Certbot components during releases for the time being, however, the only ๐Ÿ“ฆ packages with changes other than their version number were:

    • acme
    • certbot
    • certbot-apache
    • ๐Ÿ’… certbot-dns-digitalocean (only style improvements to tests)
    • certbot-dns-rfc2136

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/52?closed=1

  • v0.23.0 Changes

    April 04, 2018

    โž• Added

    • ๐Ÿ‘Œ Support for OpenResty was added to the Nginx plugin.

    ๐Ÿ”„ Changed

    • The timestamps in Certbot's logfiles now use the system's local time zone rather than UTC.
    • ๐Ÿ”Œ Certbot's DNS plugins that use Lexicon now rely on Lexicon>=2.2.1 to be able to create and delete multiple TXT records on a single domain.
    • โœ… certbot-dns-google's test suite now works without an internet connection.

    ๐Ÿ›  Fixed

    • โœ‚ Removed a small window that if during which an error occurred, Certbot wouldn't clean up performed challenges.
    • ๐Ÿšš The parameters default and ipv6only are now removed from listen directives when creating a new server block in the Nginx plugin.
    • server_name directives enclosed in quotation marks in Nginx are now properly supported.
    • ๐Ÿ”Œ Resolved an issue preventing the Apache plugin from starting Apache when it's not currently running on RHEL and Gentoo based systems.

    ๐Ÿš€ Despite us having broken lockstep, we are continuing to release new versions of ๐Ÿš€ all Certbot components during releases for the time being, however, the only ๐Ÿ“ฆ packages with changes other than their version number were:

    • certbot
    • certbot-apache
    • certbot-dns-cloudxns
    • certbot-dns-dnsimple
    • certbot-dns-dnsmadeeasy
    • certbot-dns-google
    • certbot-dns-luadns
    • certbot-dns-nsone
    • certbot-dns-rfc2136
    • certbot-nginx

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/50?closed=1

  • v0.22.2 Changes

    March 19, 2018

    ๐Ÿ›  Fixed

    • A type error introduced in 0.22.1 that would occur during challenge cleanup when a Certbot plugin raises an exception while trying to complete the challenge was fixed.

    ๐Ÿš€ Despite us having broken lockstep, we are continuing to release new versions of ๐Ÿš€ all Certbot components during releases for the time being, however, the only ๐Ÿ“ฆ packages with changes other than their version number were:

    • certbot

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/53?closed=1

  • v0.22.1 Changes

    March 19, 2018

    ๐Ÿ”„ Changed

    • The ACME server used with Certbot's --dry-run and --staging flags is now Let's Encrypt's ACMEv2 staging server which allows people to also test ACMEv2 features with these flags.

    ๐Ÿ›  Fixed

    • The HTTP Content-Type header is now set to the correct value during certificate revocation with new versions of the ACME protocol.
    • When using Certbot with Let's Encrypt's ACMEv2 server, it would add a blank line to the top of chain.pem and between the certificates in fullchain.pem for each lineage. These blank lines have been removed.
    • Resolved a bug that caused Certbot's --allow-subset-of-names flag not to work.
    • ๐Ÿ›  Fixed a regression in acme.client.Client that caused the class to not work when it was initialized without a ClientNetwork which is done by some of the other projects using our ACME library.

    ๐Ÿš€ Despite us having broken lockstep, we are continuing to release new versions of ๐Ÿš€ all Certbot components during releases for the time being, however, the only ๐Ÿ“ฆ packages with changes other than their version number were:

    • acme
    • certbot

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/51?closed=1

  • v0.22.0 Changes

    March 07, 2018

    โž• Added

    • ๐Ÿ‘Œ Support for obtaining wildcard certificates and a newer version of the ACME protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2 endpoint was added to Certbot and its ACME library. Certbot still works with older ACME versions and will automatically change the version of the protocol used based on the version the ACME CA implements.
    • ๐Ÿ”Œ The Apache and Nginx plugins are now able to automatically install a wildcard certificate to multiple virtual hosts that you select from your server configuration.
    • The certbot install command now accepts the --cert-name flag for selecting a certificate.
    • acme.client.BackwardsCompatibleClientV2 was added to Certbot's ACME library which automatically handles most of the differences between new and old ACME versions. acme.client.ClientV2 is also available for people who only want to support one version of the protocol or want to handle the differences between versions themselves.
    • ๐Ÿ‘ certbot-auto now supports the flag --install-only which has the script install Certbot and its dependencies and exit without invoking Certbot.
    • ๐Ÿ‘Œ Support for issuing a single certificate for a wildcard and base domain was added to our Google Cloud DNS plugin. To do this, we now require your API credentials have additional permissions, however, your credentials will already have these permissions unless you defined a custom role with fewer permissions than the standard DNS administrator role provided by Google. These permissions are also only needed for the case described above so it will continue to work for existing users. For more information about the permissions changes, see the documentation in the plugin.

    ๐Ÿ”„ Changed

    • ๐Ÿ”Œ We have broken lockstep between our ACME library, Certbot, and its plugins. This means that the different components do not need to be the same version to work together like they did previously. This makes packaging easier because not every piece of Certbot needs to be repackaged to ship a change to a subset of its components.
    • ๐Ÿ‘Œ Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot, Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL 6 based system, it will walk you through the process of installing Certbot with Python 3 and refuse to upgrade to a newer version of Certbot until you have done so.
    • Certbot's components now work with older versions of setuptools to simplify packaging for EPEL 7.

    ๐Ÿ›  Fixed

    • ๐Ÿ”Œ Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives has been resolved.
    • ๐Ÿ”Œ A problem where Certbot's Apache plugin would add redundant include directives for the TLS configuration managed by Certbot has been fixed.
    • ๐Ÿ”Œ Certbot's webroot plugin now properly deletes any directories it creates.

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/48?closed=1

  • v0.21.1 Changes

    January 25, 2018

    ๐Ÿ›  Fixed

    • When creating an HTTP to HTTPS redirect in Nginx, we now ensure the Host header of the request is set to an expected value before redirecting users to the domain found in the header. The previous way Certbot configured Nginx redirects was a potential security issue which you can read more about at https://community.letsencrypt.org/t/security-issue-with-redirects-added-by-certbots-nginx-plugin/51493.
    • ๐Ÿ›  Fixed a problem where Certbot's Apache plugin could fail HTTP-01 challenges if basic authentication is configured for the domain you request a certificate for.
    • certbot-auto --no-bootstrap now properly tries to use Python 3.4 on RHEL 6 based systems rather than Python 2.6.

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/49?closed=1

  • v0.21.0 Changes

    January 17, 2018

    โž• Added

    • ๐Ÿ‘Œ Support for the HTTP-01 challenge type was added to our Apache and Nginx plugins. For those not aware, Let's Encrypt disabled the TLS-SNI-01 challenge type which was what was previously being used by our Apache and Nginx plugins last week due to a security issue. For more information about Let's Encrypt's change, click here. Our Apache and Nginx plugins will automatically switch to use HTTP-01 so no changes need to be made to your Certbot configuration, however, you should make sure your server is accessible on port 80 and isn't behind an external proxy doing things like redirecting all traffic from HTTP to HTTPS. HTTP to HTTPS redirects inside Apache and Nginx are fine.
    • ๐Ÿ”Œ IPv6 support was added to the Nginx plugin.
    • ๐Ÿ‘Œ Support for automatically creating server blocks based on the default server block was added to the Nginx plugin.
    • The flags --delete-after-revoke and --no-delete-after-revoke were added allowing users to control whether the revoke subcommand also deletes the certificates it is revoking.

    ๐Ÿ”„ Changed

    • ๐Ÿ—„ We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME library. Support for these versions of Python will be removed in the next major release of Certbot. If you are using certbot-auto on a RHEL 6 based system, it will guide you through the process of installing Python 3.
    • We split our implementation of JOSE (Javascript Object Signing and Encryption) out of our ACME library and into a separate package named josepy. This package is available on PyPI and on GitHub.
    • โšก๏ธ We updated the ciphersuites used in Apache to the new values recommended by Mozilla. The major change here is adding ChaCha20 to the list of supported ciphersuites.

    ๐Ÿ›  Fixed

    • ๐Ÿ”Œ An issue with our Apache plugin on Gentoo due to differences in their apache2ctl command have been resolved.

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/47?closed=1

  • v0.20.0 Changes

    December 06, 2017

    โž• Added

    • Certbot's ACME library now recognizes URL fields in challenge objects in preparation for Let's Encrypt's new ACME endpoint. The value is still accessible in our ACME library through the name "uri".

    ๐Ÿ”„ Changed

    • ๐Ÿ”ง The Apache plugin now parses some distro specific Apache configuration files on non-Debian systems allowing it to get a clearer picture on the running configuration. Internally, these changes were structured so that external contributors can easily write patches to make the plugin work in new Apache configurations.
    • ๐Ÿ‘ Certbot better reports network failures by removing information about connection retries from the error output.
    • ๐Ÿ”Œ An unnecessary question when using Certbot's webroot plugin interactively has been removed.

    ๐Ÿ›  Fixed

    • ๐Ÿ”Œ Certbot's NGINX plugin no longer sometimes incorrectly reports that it was unable to deploy a HTTP->HTTPS redirect when requesting Certbot to enable a redirect for multiple domains.
    • ๐Ÿ”Œ Problems where the Apache plugin was failing to find directives and duplicating existing directives on openSUSE have been resolved.
    • โœ… An issue running the test shipped with Certbot and some our DNS plugins with older versions of mock have been resolved.
    • On some systems, users reported strangely interleaved output depending on when stdout and stderr were flushed. This problem was resolved by having Certbot regularly flush these streams.

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/44?closed=1

  • v0.19.0 Changes

    October 04, 2017

    โž• Added

    • Certbot now has renewal hook directories where executable files can be placed for Certbot to run with the renew subcommand. Pre-hooks, deploy-hooks, and post-hooks can be specified in the renewal-hooks/pre, renewal-hooks/deploy, and renewal-hooks/post directories respectively in Certbot's configuration directory (which is /etc/letsencrypt by default). Certbot will automatically create these directories when it is run if they do not already exist.
    • After revoking a certificate with the revoke subcommand, Certbot will offer to delete the lineage associated with the certificate. When Certbot is run with --non-interactive, it will automatically try to delete the associated lineage.
    • ๐Ÿ”Œ When using Certbot's Google Cloud DNS plugin on Google Compute Engine, you no longer have to provide a credential file to Certbot if you have configured sufficient permissions for the instance which Certbot can automatically obtain using Google's metadata service.

    ๐Ÿ”„ Changed

    • When deleting certificates interactively using the delete subcommand, Certbot will now allow you to select multiple lineages to be deleted at once.
    • ๐Ÿ”Œ Certbot's Apache plugin no longer always parses Apache's sites-available on Debian based systems and instead only parses virtual hosts included in your Apache configuration. You can provide an additional directory for Certbot to parse using the command line flag --apache-vhost-root.

    ๐Ÿ›  Fixed

    • ๐Ÿ”Œ The plugins subcommand can now be run without root access.
    • โšก๏ธ certbot-auto now includes a timeout when updating itself so it no longer hangs indefinitely when it is unable to connect to the external server.
    • ๐Ÿš€ An issue where Certbot's Apache plugin would sometimes fail to deploy a certificate on Debian based systems if mod_ssl wasn't already enabled has been resolved.
    • ๐Ÿณ A bug in our Docker image where the certificates subcommand could not report if certificates maintained by Certbot had been revoked has been fixed.
    • ๐Ÿ”Œ Certbot's RFC 2136 DNS plugin (for use with software like BIND) now properly performs DNS challenges when the domain being verified contains a CNAME record.

    More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/43?closed=1