Releases: certbot/certbot
Releases · certbot/certbot
Certbot 2.11.0
Added
Changed
- In anticipation of backwards incompatible changes, certbot-dns-cloudflare now
requires less than version 2.20 of Cloudflare's python library.
Fixed
- Fixed a bug in Certbot where a CSR's SANs did not always follow the order of
the domain names that the user requested interactively. In some cases, the
resulting cert's common name might seem picked up randomly from the SANs
when it should be the first item the user had in mind.
More details about these changes can be found on our GitHub repo.
Certbot 2.10.0
Added
- The Python source packages which we upload to PyPI are
now also being uploaded to
our releases on GitHub where
we now also include a SHA256SUMS checksum file and a PGP signature for that
file.
Changed
- We no longer publish our beta Windows installer as was originally announced
here.
Fixed
More details about these changes can be found on our GitHub repo.
Certbot 2.9.0
Added
- Support for Python 3.12 was added.
Changed
Fixed
- Updates
joinpath
syntax to only use one addition per call, because the multiple inputs
version was causing mypy errors on Python 3.10. - Makes the
reconfigure
verb actually use the staging server for the dry run to check the new
configuration.
More details about these changes can be found on our GitHub repo.
Certbot 2.8.0
Added
- Added support for Alpine Linux distribution when is used the apache plugin
Changed
- Support for Python 3.7 was removed.
Fixed
- Stop using the deprecated
pkg_resources
API included insetuptools
.
More details about these changes can be found on our GitHub repo.
Certbot 2.7.4
Fixed
- Fixed a bug introduced in version 2.7.0 that caused interactively entered
webroot plugin values to not be saved for renewal. - Fixed a bug introduced in version 2.7.0 of our Lexicon based DNS plugins that
caused them to fail to find the DNS zone that needs to be modified in some
cases.
More details about these changes can be found on our GitHub repo.
Certbot 2.7.3
Fixed
- Fixed a bug where arguments with contained spaces weren't being handled correctly
- Fixed a bug that caused the ACME account to not be properly restored on
renewal causing problems in setups where the user had multiple accounts with
the same ACME server.
More details about these changes can be found on our GitHub repo.
Certbot 2.7.2
Fixed
certbot-dns-ovh
plugin now requireslexicon>=3.15.1
to ensure a consistent behavior with OVH APIs.- Fixed a bug where argument sources weren't correctly detected in abbreviated
arguments, short arguments, and some other circumstances
More details about these changes can be found on our GitHub repo.
Certbot 2.7.1
Fixed
- Fixed a bug that broke the DNS plugin for DNSimple that was introduced in
version 2.7.0 of the plugin. - Correctly specified the new minimum version of the ConfigArgParse package
that Certbot requires which is 1.5.3.
More details about these changes can be found on our GitHub repo.
Certbot 2.7.0
Added
- Add
certbot.util.LooseVersion
class. See GH #9489. - Add a new base class
certbot.plugins.dns_common_lexicon.LexiconDNSAuthenticator
to implement a DNS
authenticator plugin backed by Lexicon to communicate with the provider DNS API. This approach relies
heavily on conventions to reduce the implementation complexity of a new plugin. - Add a new test base class
certbot.plugins.dns_test_common_lexicon.BaseLexiconDNSAuthenticatorTest
to
help testing DNS plugins implemented on top ofLexiconDNSAuthenticator
.
Changed
NamespaceConfig
now tracks how its arguments were set via a dictionary, allowing us to remove a bunch
of global state previously needed to inspect whether a user set an argument or not.- Support for Python 3.7 was deprecated and will be removed in our next planned release.
- Added
RENEWED_DOMAINS
andFAILED_DOMAINS
environment variables for consumption by post renewal hooks. - Deprecates
LexiconClient
base class andbuild_lexicon_config
function in
certbot.plugins.dns_common_lexicon
module in favor ofLexiconDNSAuthenticator
. - Deprecates
BaseLexiconAuthenticatorTest
andBaseLexiconClientTest
test base classes of
certbot.plugins.dns_test_common_lexicon
module in favor ofBaseLexiconDNSAuthenticatorTest
.
Fixed
- Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp()
- Filter zones in
certbot-dns-google
to avoid usage of private DNS zones to create records
More details about these changes can be found on our GitHub repo.
Certbot 2.6.0
Added
--dns-google-project
optionally allows for specifying the project that the DNS zone(s) reside in,
which allows for Certbot usage in scenarios where the auth credentials reside in a different
project to the zone(s) that are being managed.- There is now a new
Other
annotated challenge object to allow plugins to support entirely novel challenges.
Changed
- Optionally sign the SOA query for dns-rfc2136, to help resolve problems with split-view
DNS setups and hidden primary setups.- Certbot versions prior to v1.32.0 did not sign queries with the specified TSIG key
resulting in difficulty with split-horizon implementations. - Certbot v1.32.0 through v2.5.0 signed queries by default, potentially causing
incompatibility with hidden primary setups withallow-update-forwarding
enabled
if the secondary did not also have the TSIG key within its config. - Certbot v2.6.0 and later no longer signs queries by default, but allows
the user to optionally sign these queries by explicit configuration using the
dns_rfc2136_sign_query
option in the credentials .ini file.
- Certbot versions prior to v1.32.0 did not sign queries with the specified TSIG key
- Lineage name validity is performed for new lineages.
--cert-name
may no longer contain
filepath separators (i.e./
or\
, depending on the platform). certbot-dns-google
now loads credentials using the standard Application Default
Credentials strategy,
rather than explicitly requiring the Google Compute metadata server to be present if a service account
is not provided using--dns-google-credentials
.--dns-google-credentials
now supports additional types of file-based credential, such as
External Account Credentials created by Workload Identity
Federation. All file-based credentials implemented by the Google Auth library are supported.
Fixed
certbot-dns-google
no longer requires deprecatedoauth2client
library.- Certbot will no longer try to invoke plugins which do not subclass from the proper
certbot.interfaces.{Installer,Authenticator}
interface (e.g.certbot -i standalone
will now be ignored). See GH-9664.
More details about these changes can be found on our GitHub repo.