Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
More details about these changes can be found on our GitHub repo.
joinpath
syntax to only use one addition per call, because the multiple inputs
version was causing mypy errors on Python 3.10.reconfigure
verb actually use the staging server for the dry run to check the new
configuration.More details about these changes can be found on our GitHub repo.
pkg_resources
API included in setuptools
.More details about these changes can be found on our GitHub repo.
More details about these changes can be found on our GitHub repo.
More details about these changes can be found on our GitHub repo.
certbot-dns-ovh
plugin now requires lexicon>=3.15.1
to ensure a consistent behavior with OVH APIs.More details about these changes can be found on our GitHub repo.
certbot.util.LooseVersion
class. See GH #9489.certbot.plugins.dns_common_lexicon.LexiconDNSAuthenticator
to implement a DNS
authenticator plugin backed by Lexicon to communicate with the provider DNS API. This approach relies
heavily on conventions to reduce the implementation complexity of a new plugin.certbot.plugins.dns_test_common_lexicon.BaseLexiconDNSAuthenticatorTest
to
help testing DNS plugins implemented on top of LexiconDNSAuthenticator
.NamespaceConfig
now tracks how its arguments were set via a dictionary, allowing us to remove a bunch
of global state previously needed to inspect whether a user set an argument or not.RENEWED_DOMAINS
and FAILED_DOMAINS
environment variables for consumption by post renewal hooks.LexiconClient
base class and build_lexicon_config
function in
certbot.plugins.dns_common_lexicon
module in favor of LexiconDNSAuthenticator
.BaseLexiconAuthenticatorTest
and BaseLexiconClientTest
test base classes of
certbot.plugins.dns_test_common_lexicon
module in favor of BaseLexiconDNSAuthenticatorTest
.certbot-dns-google
to avoid usage of private DNS zones to create recordsMore details about these changes can be found on our GitHub repo.
--dns-google-project
optionally allows for specifying the project that the DNS zone(s) reside in,
which allows for Certbot usage in scenarios where the auth credentials reside in a different
project to the zone(s) that are being managed.Other
annotated challenge object to allow plugins to support entirely novel challenges.allow-update-forwarding
enabled
if the secondary did not also have the TSIG key within its config.dns_rfc2136_sign_query
option in the credentials .ini file.--cert-name
may no longer contain
filepath separators (i.e. /
or \
, depending on the platform).certbot-dns-google
now loads credentials using the standard Application Default
Credentials strategy,
rather than explicitly requiring the Google Compute metadata server to be present if a service account
is not provided using --dns-google-credentials
.--dns-google-credentials
now supports additional types of file-based credential, such as
External Account Credentials created by Workload Identity
Federation. All file-based credentials implemented by the Google Auth library are supported.certbot-dns-google
no longer requires deprecated oauth2client
library.certbot.interfaces.{Installer,Authenticator}
interface (e.g. certbot -i standalone
will now be ignored). See GH-9664.More details about these changes can be found on our GitHub repo.
acme.messages.OrderResource
now supports being round-tripped
through JSONbegin_finalization
and poll_finalization
methods, in addition to the existing
finalize_order
method.--dns-route53-propagation-seconds
is now deprecated. The Route53 plugin relies on the
GetChange API
to determine if a DNS update is complete. The flag has never had any effect and will be
removed in a future version of Certbot._internal/tests
module.renew
sometimes not preserving the key type of RSA certificates.
More details about these changes can be found on our GitHub repo.