head 1.83; access; symbols pkgsrc-2023Q4:1.82.0.2 pkgsrc-2023Q4-base:1.82 pkgsrc-2023Q3:1.77.0.4 pkgsrc-2023Q3-base:1.77 pkgsrc-2023Q2:1.77.0.2 pkgsrc-2023Q2-base:1.77 pkgsrc-2023Q1:1.75.0.2 pkgsrc-2023Q1-base:1.75 pkgsrc-2022Q4:1.72.0.2 pkgsrc-2022Q4-base:1.72 pkgsrc-2022Q3:1.68.0.2 pkgsrc-2022Q3-base:1.68 pkgsrc-2022Q2:1.66.0.2 pkgsrc-2022Q2-base:1.66 pkgsrc-2022Q1:1.63.0.2 pkgsrc-2022Q1-base:1.63 pkgsrc-2021Q4:1.61.0.2 pkgsrc-2021Q4-base:1.61 pkgsrc-2021Q3:1.58.0.2 pkgsrc-2021Q3-base:1.58 pkgsrc-2021Q2:1.55.0.2 pkgsrc-2021Q2-base:1.55 pkgsrc-2021Q1:1.52.0.2 pkgsrc-2021Q1-base:1.52 pkgsrc-2020Q4:1.49.0.2 pkgsrc-2020Q4-base:1.49 pkgsrc-2020Q3:1.46.0.2 pkgsrc-2020Q3-base:1.46 pkgsrc-2020Q2:1.44.0.2 pkgsrc-2020Q2-base:1.44 pkgsrc-2020Q1:1.42.0.2 pkgsrc-2020Q1-base:1.42 pkgsrc-2019Q4:1.39.0.4 pkgsrc-2019Q4-base:1.39 pkgsrc-2019Q3:1.36.0.2 pkgsrc-2019Q3-base:1.36 pkgsrc-2019Q2:1.33.0.2 pkgsrc-2019Q2-base:1.33 pkgsrc-2018Q4:1.28.0.4 pkgsrc-2018Q4-base:1.28 pkgsrc-2018Q3:1.28.0.2 pkgsrc-2018Q3-base:1.28 pkgsrc-2018Q2:1.25.0.2 pkgsrc-2018Q2-base:1.25 pkgsrc-2018Q1:1.22.0.2 pkgsrc-2018Q1-base:1.22 pkgsrc-2017Q4:1.18.0.2 pkgsrc-2017Q4-base:1.18 pkgsrc-2017Q3:1.16.0.4 pkgsrc-2017Q3-base:1.16 pkgsrc-2017Q2:1.12.0.2 pkgsrc-2017Q2-base:1.12 pkgsrc-2017Q1:1.8.0.2 pkgsrc-2017Q1-base:1.8 pkgsrc-2016Q4:1.5.0.2 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q3:1.3.0.4 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.2 pkgsrc-2016Q2-base:1.3; locks; strict; comment @# @; 1.83 date 2024.02.10.07.15.22; author adam; state Exp; branches; next 1.82; commitid eMwcC9xLoLlh9RXE; 1.82 date 2023.12.12.16.39.34; author adam; state Exp; branches; next 1.81; commitid Bt5uu9XM5UmxccQE; 1.81 date 2023.11.08.17.43.41; author adam; state Exp; branches; next 1.80; commitid tTqan1ifUj7nEPLE; 1.80 date 2023.10.26.09.32.25; author adam; state Exp; branches; next 1.79; commitid PSZfa6TaBuSLl7KE; 1.79 date 2023.10.11.18.27.03; author adam; state Exp; branches; next 1.78; commitid PFbB8jYBuic9NeIE; 1.78 date 2023.10.06.10.26.22; author adam; state Exp; branches; next 1.77; commitid sKrlOO7tBIWaiyHE; 1.77 date 2023.05.12.09.17.14; author adam; state Exp; branches; next 1.76; commitid rSY3Knu9BXmnDEoE; 1.76 date 2023.04.17.09.22.04; author adam; state Exp; branches; next 1.75; commitid VZadJyjVoHpNsrlE; 1.75 date 2023.03.08.10.11.46; author adam; state Exp; branches; next 1.74; commitid ylgAn7lOFtNw1jgE; 1.74 date 2023.02.21.06.51.51; author adam; state Exp; branches; next 1.73; commitid XiTOJwJM0l4WomeE; 1.73 date 2023.01.15.21.11.06; author adam; state Exp; branches; next 1.72; commitid A1gebvnALJfqlG9E; 1.72 date 2022.12.12.10.02.30; author adam; state Exp; branches; next 1.71; commitid L7y97PyCP3zQJf5E; 1.71 date 2022.11.26.18.01.35; author adam; state Exp; branches; next 1.70; commitid UH9XWwAEBT55Ue3E; 1.70 date 2022.11.09.08.37.24; author adam; state Exp; branches; next 1.69; commitid O2m2YtVioq2qk01E; 1.69 date 2022.10.07.07.27.15; author adam; state Exp; branches; next 1.68; commitid 2kqeyl22MM290LWD; 1.68 date 2022.09.08.15.12.55; author adam; state Exp; branches; next 1.67; commitid PsUdVLrJZA0mv4TD; 1.67 date 2022.07.12.05.43.58; author adam; state Exp; branches; next 1.66; commitid 6Gj7GqkKWHX3ezLD; 1.66 date 2022.06.08.12.00.00; author adam; state Exp; branches; next 1.65; commitid W6g35yRpZcrSoeHD; 1.65 date 2022.05.04.11.27.10; author adam; state Exp; branches; next 1.64; commitid xyCW7dxJru5elJCD; 1.64 date 2022.04.08.18.00.27; author adam; state Exp; branches; next 1.63; commitid aVKyvtDA8uO3mqzD; 1.63 date 2022.03.17.12.23.31; author adam; state Exp; branches; next 1.62; commitid 5AWTouazUZ8eczwD; 1.62 date 2022.02.10.21.23.32; author adam; state Exp; branches; next 1.61; commitid B716Vt4AFRqcj7sD; 1.61 date 2021.12.10.09.14.52; author adam; state Exp; branches; next 1.60; commitid p5KmQkN1ju4Vg5kD; 1.60 date 2021.11.13.17.30.26; author adam; state Exp; branches; next 1.59; commitid Vh6rVWIZiiqHSEgD; 1.59 date 2021.10.10.18.43.11; author adam; state Exp; branches; next 1.58; commitid oOWGa9i9UoIwnicD; 1.58 date 2021.09.15.12.05.15; author adam; state Exp; branches; next 1.57; commitid GodgvE1SIPRLY29D; 1.57 date 2021.08.05.10.52.00; author adam; state Exp; branches; next 1.56; commitid yhqfUjWV7iacTL3D; 1.56 date 2021.07.23.07.26.43; author adam; state Exp; branches; next 1.55; commitid qoMmryIFT2lGa52D; 1.55 date 2021.06.14.12.15.39; author adam; state Exp; branches; next 1.54; commitid CfylvkQME4EE16XC; 1.54 date 2021.05.14.08.24.06; author adam; state Exp; branches; next 1.53; commitid 6JEOnMI5sZLZJ5TC; 1.53 date 2021.04.15.05.16.35; author adam; state Exp; branches; next 1.52; commitid ga6HgUuzZ6hnDlPC; 1.52 date 2021.03.06.13.34.23; author adam; state Exp; branches; next 1.51; commitid pP9TE6owWOzWFfKC; 1.51 date 2021.02.09.10.06.41; author adam; state Exp; branches; next 1.50; commitid hxbR7NMuWCOok1HC; 1.50 date 2021.01.14.14.21.51; author adam; state Exp; branches; next 1.49; commitid i7sTZPugdBbMzHDC; 1.49 date 2020.12.09.12.31.35; author adam; state Exp; branches; next 1.48; commitid vM1ErJiOLVqL74zC; 1.48 date 2020.10.18.18.45.03; author adam; state Exp; branches; next 1.47; commitid hsbhbJotYBiyRpsC; 1.47 date 2020.09.30.09.03.45; author adam; state Exp; branches; next 1.46; commitid 2Ze4o3CopScZd3qC; 1.46 date 2020.08.26.11.10.13; author adam; state Exp; branches; next 1.45; commitid i4297Ysi29y73zlC; 1.45 date 2020.07.10.10.24.21; author adam; state Exp; branches; next 1.44; commitid GCpOesjlDEsXiwfC; 1.44 date 2020.06.08.15.53.29; author adam; state Exp; branches; next 1.43; commitid ds51vYNBifUG9rbC; 1.43 date 2020.05.07.10.53.44; author adam; state Exp; branches; next 1.42; commitid LYSs6vEelpsEwi7C; 1.42 date 2020.03.23.18.43.45; author adam; state Exp; branches; next 1.41; commitid EFTSdS6gBY7ozy1C; 1.41 date 2020.02.16.20.23.26; author adam; state Exp; branches; next 1.40; commitid MaHVrWnQx7OohWWB; 1.40 date 2019.12.30.19.43.56; author triaxx; state Exp; branches; next 1.39; commitid bpu5rNWmwwmIBLQB; 1.39 date 2019.12.15.09.48.37; author adam; state Exp; branches; next 1.38; commitid w6iifigKI326NMOB; 1.38 date 2019.11.14.18.28.17; author adam; state Exp; branches; next 1.37; commitid M9Kb1br7rfFaFQKB; 1.37 date 2019.10.02.17.36.43; author adam; state Exp; branches; next 1.36; commitid xfzgCW1mv4DpLjFB; 1.36 date 2019.09.12.15.08.53; author adam; state Exp; branches; next 1.35; commitid wSnr9TDJWJbwAJCB; 1.35 date 2019.08.23.09.57.49; author adam; state Exp; branches; next 1.34; commitid KJRjfIGFveUxv8AB; 1.34 date 2019.07.15.12.52.54; author adam; state Exp; branches; next 1.33; commitid kAWaBzwgFq0pJ8vB; 1.33 date 2019.06.12.10.27.37; author adam; state Exp; branches; next 1.32; commitid jnrglSdtscPiZSqB; 1.32 date 2019.06.11.14.22.01; author triaxx; state Exp; branches; next 1.31; commitid gvA8l7kfNfEVjMqB; 1.31 date 2019.02.12.12.56.31; author adam; state dead; branches; next 1.30; commitid X6iOLw71H3ZtFtbB; 1.30 date 2019.01.15.12.07.25; author triaxx; state Exp; branches; next 1.29; commitid jWkHztzQM84tiS7B; 1.29 date 2019.01.15.09.32.11; author triaxx; state Exp; branches; next 1.28; commitid VSZaawjFpwOqrR7B; 1.28 date 2018.09.06.12.25.26; author fhajny; state Exp; branches 1.28.4.1; next 1.27; commitid br5NMRhFhscqB2RA; 1.27 date 2018.07.24.09.24.11; author triaxx; state Exp; branches; next 1.26; commitid hR9vnkldd4Ye1nLA; 1.26 date 2018.07.17.16.32.16; author fhajny; state Exp; branches; next 1.25; commitid l4WXEWaihO71CvKA; 1.25 date 2018.06.12.09.22.35; author fhajny; state Exp; branches; next 1.24; commitid jAWFfCkcUmKsmYFA; 1.24 date 2018.05.16.15.09.42; author fhajny; state Exp; branches; next 1.23; commitid 9dN3P1ONJVEk9xCA; 1.23 date 2018.04.13.08.14.28; author fhajny; state Exp; branches; next 1.22; commitid nN5objrx7IxqUfyA; 1.22 date 2018.03.23.14.37.08; author fhajny; state Exp; branches; next 1.21; commitid k9G6lfGWsrZkHAvA; 1.21 date 2018.03.13.10.08.51; author fhajny; state Exp; branches; next 1.20; commitid wmcABrJ0gjEOxhuA; 1.20 date 2018.02.02.15.36.08; author fhajny; state Exp; branches; next 1.19; commitid oXl98WYzq0TpBipA; 1.19 date 2018.01.22.13.37.25; author fhajny; state Exp; branches; next 1.18; commitid m6bhjeiEcb9MiSnA; 1.18 date 2017.12.09.16.39.03; author fhajny; state Exp; branches; next 1.17; commitid QtAabJlaqtwUIeiA; 1.17 date 2017.09.27.12.44.39; author fhajny; state Exp; branches; next 1.16; commitid I9xMyr2EDbAOLP8A; 1.16 date 2017.09.13.10.28.42; author fhajny; state Exp; branches; next 1.15; commitid vkMBXjAL05rkt17A; 1.15 date 2017.09.07.09.12.23; author fhajny; state Exp; branches; next 1.14; commitid aQRclBrj5myZef6A; 1.14 date 2017.08.03.22.12.17; author fhajny; state Exp; branches; next 1.13; commitid t27ZSNQKMbLeGO1A; 1.13 date 2017.08.02.20.31.29; author fhajny; state Exp; branches; next 1.12; commitid 1rSz56ha7mUM9G1A; 1.12 date 2017.06.14.13.16.08; author fhajny; state Exp; branches; next 1.11; commitid xMyvNtRgPio4klVz; 1.11 date 2017.05.30.14.28.52; author fhajny; state Exp; branches; next 1.10; commitid Wy0SDgVEWrAMcqTz; 1.10 date 2017.05.11.08.23.35; author fhajny; state Exp; branches; next 1.9; commitid 1yNqsCIOGgo9NWQz; 1.9 date 2017.04.06.19.51.15; author fhajny; state Exp; branches; next 1.8; commitid rYW7J1N3KUP5JvMz; 1.8 date 2017.02.07.14.03.58; author wiz; state Exp; branches; next 1.7; commitid 9mtcRvnOlWVBF1Fz; 1.7 date 2017.01.25.12.34.07; author wiz; state Exp; branches; next 1.6; commitid umOdU20WOS1OzlDz; 1.6 date 2017.01.12.16.02.44; author fhajny; state Exp; branches; next 1.5; commitid 0wY02w7dBrx0aHBz; 1.5 date 2016.10.19.13.45.54; author wiz; state Exp; branches; next 1.4; commitid g26i3Qv3cqID8Lqz; 1.4 date 2016.10.11.09.23.35; author fhajny; state Exp; branches; next 1.3; commitid T2ZukvpdBJ5hWHpz; 1.3 date 2016.06.15.19.59.43; author fhajny; state Exp; branches; next 1.2; commitid rTg7pnuz8GELfBaz; 1.2 date 2016.06.03.11.30.14; author fhajny; state Exp; branches; next 1.1; commitid V6Gey4BLjR3TN09z; 1.1 date 2016.05.25.18.18.16; author fhajny; state Exp; branches; next ; commitid O5xOTgkM9ryMmT7z; 1.28.4.1 date 2019.01.29.13.53.37; author bsiegert; state Exp; branches; next ; commitid 3QMOirq9xBnfrG9B; desc @@ 1.83 log @py-acme py-certbot*: updated to 2.9.0 Certbot 2.9.0 Added Support for Python 3.12 was added. Fixed Updates joinpath syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. Makes the reconfigure verb actually use the staging server for the dry run to check the new configuration. @ text @# $NetBSD: Makefile.common,v 1.82 2023/12/12 16:39:34 adam Exp $ # used by security/py-acme/Makefile # used by security/py-certbot/Makefile # used by security/py-certbot-apache/Makefile # used by security/py-certbot-dns-cloudflare/Makefile # used by security/py-certbot-dns-digitalocean/Makefile # used by security/py-certbot-dns-dnsimple/Makefile # used by security/py-certbot-dns-dnsmadeeasy/Makefile # used by security/py-certbot-dns-gehirn/Makefile # used by security/py-certbot-dns-google/Makefile # used by security/py-certbot-dns-linode/Makefile # used by security/py-certbot-dns-luadns/Makefile # used by security/py-certbot-dns-nsone/Makefile # used by security/py-certbot-dns-ovh/Makefile # used by security/py-certbot-dns-rfc2136/Makefile # used by security/py-certbot-dns-route53/Makefile # used by security/py-certbot-dns-sakuracloud/Makefile # used by security/py-certbot-nginx/Makefile CERTBOT_VERSION= 2.9.0 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES?= security python MAINTAINER= adam@@NetBSD.org HOMEPAGE= https://github.com/certbot/certbot LICENSE= apache-2.0 TOOL_DEPENDS+= ${PYPKGPREFIX}-wheel-[0-9]*:../../devel/py-wheel DEPENDS+= ${PYPKGPREFIX}-setuptools>=41.6.0:../../devel/py-setuptools USE_LANGUAGES= # none PYTHON_VERSIONS_INCOMPATIBLE= 27 @ 1.82 log @py-acme py-certbot*: updated to 2.8.0 Certbot 2.8.0 Added Added support for Alpine Linux distribution when is used the apache plugin Changed Support for Python 3.7 was removed. Fixed Stop using the deprecated pkg_resources API included in setuptools. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.81 2023/11/08 17:43:41 adam Exp $ d5 1 d20 1 a20 1 CERTBOT_VERSION= 2.8.0 @ 1.81 log @py-acme py-certbot*: updated to 2.7.4 Certbot 2.7.4 Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal. Fixed a bug introduced in version 2.7.0 of our Lexicon based DNS plugins that caused them to fail to find the DNS zone that needs to be modified in some cases. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.80 2023/10/26 09:32:25 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.7.4 d28 1 a33 3 do-test: cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX} @ 1.80 log @py-acme py-certbot*: updated to 2.7.3 Certbot 2.7.3 Fixed Fixed a bug where arguments with contained spaces weren't being handled correctly Fixed a bug that caused the ACME account to not be properly restored on renewal causing problems in setups where the user had multiple accounts with the same ACME server. Certbot 2.7.2 Fixed certbot-dns-ovh plugin now requires lexicon>=3.15.1 to ensure a consistent behavior with OVH APIs. Fixed a bug where argument sources weren't correctly detected in abbreviated arguments, short arguments, and some other circumstances @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.79 2023/10/11 18:27:03 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.7.3 @ 1.79 log @py-acme py-certbot*: updated to 2.7.1 Certbot 2.7.1 Fixed a bug that broke the DNS plugin for DNSimple that was introduced in version 2.7.0 of the plugin. Correctly specified the new minimum version of the ConfigArgParse package that Certbot requires which is 1.5.3. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.78 2023/10/06 10:26:22 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.7.1 @ 1.78 log @py-acme py-certbot*: updated to 2.7.0 Certbot 2.7.0 Added Add certbot.util.LooseVersion class. Add a new base class certbot.plugins.dns_common_lexicon.LexiconDNSAuthenticator to implement a DNS authenticator plugin backed by Lexicon to communicate with the provider DNS API. This approach relies heavily on conventions to reduce the implementation complexity of a new plugin. Add a new test base class certbot.plugins.dns_test_common_lexicon.BaseLexiconDNSAuthenticatorTest to help testing DNS plugins implemented on top of LexiconDNSAuthenticator. Changed NamespaceConfig now tracks how its arguments were set via a dictionary, allowing us to remove a bunch of global state previously needed to inspect whether a user set an argument or not. Support for Python 3.7 was deprecated and will be removed in our next planned release. Added RENEWED_DOMAINS and FAILED_DOMAINS environment variables for consumption by post renewal hooks. Deprecates LexiconClient base class and build_lexicon_config function in certbot.plugins.dns_common_lexicon module in favor of LexiconDNSAuthenticator. Deprecates BaseLexiconAuthenticatorTest and BaseLexiconClientTest test base classes of certbot.plugins.dns_test_common_lexicon module in favor of BaseLexiconDNSAuthenticatorTest. Fixed Do not call deprecated datetime.utcnow() and datetime.utcfromtimestamp() Filter zones in certbot-dns-google to avoid usage of private DNS zones to create records @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.77 2023/05/12 09:17:14 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.7.0 @ 1.77 log @py-acme py-certbot*: updated to 2.6.0 Certbot 2.6.0 Added --dns-google-project optionally allows for specifying the project that the DNS zone(s) reside in, which allows for Certbot usage in scenarios where the auth credentials reside in a different project to the zone(s) that are being managed. There is now a new Other annotated challenge object to allow plugins to support entirely novel challenges. Changed Optionally sign the SOA query for dns-rfc2136, to help resolve problems with split-view DNS setups and hidden primary setups. Certbot versions prior to v1.32.0 did not sign queries with the specified TSIG key resulting in difficulty with split-horizon implementations. Certbot v1.32.0 through v2.5.0 signed queries by default, potentially causing incompatibility with hidden primary setups with allow-update-forwarding enabled if the secondary did not also have the TSIG key within its config. Certbot v2.6.0 and later no longer signs queries by default, but allows the user to optionally sign these queries by explicit configuration using the dns_rfc2136_sign_query option in the credentials .ini file. Lineage name validity is performed for new lineages. --cert-name may no longer contain filepath separators (i.e. / or \, depending on the platform). certbot-dns-google now loads credentials using the standard Application Default Credentials strategy, rather than explicitly requiring the Google Compute metadata server to be present if a service account is not provided using --dns-google-credentials. --dns-google-credentials now supports additional types of file-based credential, such as External Account Credentials created by Workload Identity Federation. All file-based credentials implemented by the Google Auth library are supported. Fixed certbot-dns-google no longer requires deprecated oauth2client library. Certbot will no longer try to invoke plugins which do not subclass from the proper certbot.interfaces.{Installer,Authenticator} interface (e.g. certbot -i standalone will now be ignored). See GH-9664. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.76 2023/04/17 09:22:04 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.6.0 d35 1 a35 1 cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX} tests @ 1.76 log @py-acme py-certbot*: updated to 2.5.0 Certbot 2.5.0 Added acme.messages.OrderResource now supports being round-tripped through JSON acme.client.ClientV2 now provides separate begin_finalization and poll_finalization methods, in addition to the existing finalize_order method. Changed --dns-route53-propagation-seconds is now deprecated. The Route53 plugin relies on the GetChange API to determine if a DNS update is complete. The flag has never had any effect and will be removed in a future version of Certbot. Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module. Fixed Fixed renew sometimes not preserving the key type of RSA certificates. Users who upgraded from Certbot =v2.0.0 may have had their RSA certificates inadvertently changed to ECDSA certificates. If desired, the key type may be changed back to RSA. See the User Guide. Deprecated flags were inadvertently not printing warnings since v1.16.0. This is now fixed. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.75 2023/03/08 10:11:46 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.5.0 @ 1.75 log @py-acme py-certbot*: updated to 2.4.0 Certbot 2.4.0 Added We deprecated support for the update_symlinks command. Support will be removed in a following version of Certbot. Changed Docker build and deploy scripts now generate multiarch manifests for non-architecture-specific tags, instead of defaulting to amd64 images. Fixed Reverted 9475 due to a performance regression in large nginx deployments. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.74 2023/02/21 06:51:51 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.4.0 @ 1.74 log @py-acme py-certbot*: updated to 2.3.0 Certbot 2.3.0 Added Allow a user to modify the configuration of a certificate without renewing it using the new reconfigure subcommand. See certbot help reconfigure for details. certbot show_account now displays the ACME Account Thumbprint. Changed Certbot will no longer save previous CSRs and certificate private keys to /etc/letsencrypt/csr and /etc/letsencrypt/keys, respectively. These directories may be safely deleted. Certbot will now only keep the current and 5 previous certificates in the /etc/letsencrypt/archive directory for each certificate lineage. Any prior certificates will be automatically deleted upon renewal. This number may be further lowered in future releases. As always, users should only reference the certificate files within /etc/letsencrypt/live and never use /etc/letsencrypt/archive directly. See Where are my certificates? in the Certbot User Guide. certbot.configuration.NamespaceConfig.key_dir and .csr_dir are now deprecated. All Certbot components now require pytest to run tests. Fixed Fixed a crash when registering an account with BuyPass' ACME server. Fixed a bug where Certbot would crash with AttributeError: can't set attribute on ACME server errors in Python 3.11. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.73 2023/01/15 21:11:06 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.3.0 @ 1.73 log @py-acme py-certbot*: updated to 2.2.0 Certbot 2.2.0 Changed Certbot will no longer respect very long challenge polling intervals, which may be suggested by some ACME servers. Certbot will continue to wait up to 90 seconds by default, or up to a total of 30 minutes if requested by the server via Retry-After. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.72 2022/12/12 10:02:30 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.2.0 @ 1.72 log @py-acme py-certbot*: updated to 2.1.0 Certbot 2.1.0 Fixed Interfaces which plugins register themselves as implementing without inheriting from them now show up in certbot plugins output. IPluginFactory, IPlugin, IAuthenticator and IInstaller have been re-added to certbot.interfaces. This is to fix compatibility with a number of third-party DNS plugins which may have started erroring with AttributeError in Certbot v2.0.0. Plugin authors can find more information about Certbot 2.x compatibility here. A bug causing our certbot-apache tests to crash on some systems has been resolved. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.71 2022/11/26 18:01:35 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.1.0 @ 1.71 log @py-acme py-certbot*: updated to 2.0.0 Certbot 2.0.0 Added Support for Python 3.11 was added to Certbot and all of its components. acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument which defaults to 30 that causes the verification request to timeout after that many seconds. Changed The default key type for new certificates is now ECDSA secp256r1 (P-256). It was previously RSA 2048-bit. Existing certificates are not affected. The Apache plugin no longer supports Apache 2.2. acme and Certbot no longer support versions of ACME from before the RFC 8555 standard. acme and Certbot no longer support the old urn:acme:error: ACME error prefix. Removed the deprecated certbot-dns-cloudxns plugin. Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key while preserving --reuse-key. 3rd party plugins no longer support the dist_name:plugin_name format on the CLI and in configuration files. Use the shorter plugin_name format. acme.client.Client, acme.client.ClientBase, acme.client.BackwardsCompatibleClientV2, acme.mixins, acme.client.DER_CONTENT_TYPE, acme.fields.Resource, acme.fields.resource, acme.magic_typing, acme.messages.OLD_ERROR_PREFIX, acme.messages.Directory.register, acme.messages.Authorization.resolved_combinations, acme.messages.Authorization.combinations have been removed. acme.messages.Directory now only supports lookups by the exact resource name string in the ACME directory (e.g. directory['newOrder']). Removed the deprecated source_address argument for acme.client.ClientNetwork. The zope based interfaces in certbot.interfaces have been removed in favor of the abc based interfaces found in the same module. Certbot no longer depends on zope. Removed deprecated function certbot.util.get_strict_version. Removed deprecated functions certbot.crypto_util.init_save_csr, certbot.crypto_util.init_save_key, and certbot.compat.misc.execute_command The attributes FileDisplay, NoninteractiveDisplay, SIDE_FRAME, input_with_timeout, separate_list_input, summarize_domain_list, HELP, and ESC from certbot.display.util have been removed. Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util as a temporary workaround. Certbot's test API under certbot.tests now uses unittest.mock instead of the 3rd party mock library. Fixed Fixes a bug where the certbot working directory has unusably restrictive permissions on systems with stricter default umasks. Requests to subscribe to the EFF mailing list now time out after 60 seconds. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.70 2022/11/09 08:37:24 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 2.0.0 @ 1.70 log @py-acme py-certbot*: updated to 1.32.0 1.32.0 - 2022-11-08 Changed * DNS RFC2136 module now uses the TSIG key to check for an authoritative SOA record. Helps the use of split-horizon and multiple views in BIND9 using the key in an ACL to determine which view to use. Fixed * CentOS 9 and other RHEL-derived OSes now correctly use httpd instead of apachectl for various Apache-related commands @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.69 2022/10/07 07:27:15 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.32.0 @ 1.69 log @py-acme py-certbot*: updated to 1.31.0 Certbot 1.31.0 Changed If Certbot exits before setting up its usual log files, the temporary directory created to save logging information will begin with the name certbot-log- rather than a generic name. This should not be considered a stable aspect of Certbot and may change again in the future. Fixed Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare library which was introduced in the Cloudflare library version 2.10.1. The library would raise an error if a token was specified in the Certbot --dns-cloudflare-credentials file as well as the cloudflare.cfg configuration file of the Cloudflare library. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.68 2022/09/08 15:12:55 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.31.0 @ 1.68 log @py-acme py-certbot*: updated to 1.30.0 Changes 1.30.0 acme.client.ClientBase, acme.messages.Authorization.resolved_combinations, acme.messages.Authorization.combinations, acme.mixins, acme.fields.resource, and acme.fields.Resource are deprecated and will be removed in a future release. acme.messages.OLD_ERROR_PREFIX (urn:acme:error:) is deprecated and support for the old ACME error prefix in Certbot will be removed in the next major release of Certbot. acme.messages.Directory.register is deprecated and will be removed in the next major release of Certbot. Furthermore, .Directory will only support lookups by the exact resource name string in the ACME directory (e.g. directory['newOrder']). The certbot-dns-cloudxns plugin is now deprecated and will be removed in the next major release of Certbot. The source_address argument for acme.client.ClientNetwork is deprecated and support for it will be removed in the next major release. Add UI text suggesting users create certs for multiple domains, when possible @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.67 2022/07/12 05:43:58 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.30.0 @ 1.67 log @py-acme py-certbot*: updated to 1.29.0 Certbot 1.29.0 Added Updated Windows installer to be signed and trusted in Windows Changed --allow-subset-of-names will now additionally retry in cases where domains are rejected while creating or finalizing orders. This requires subproblem support from the ACME server. Fixed The show_account subcommand now uses the "newAccount" ACME endpoint to fetch the account data, so it doesn't rely on the locally stored account URL. This fixes situations where Certbot would use old ACMEv1 registration info with non-functional account URLs. The generated Certificate Signing Requests are now generated as version 1 instead of version 3. This resolves situations in where strict enforcement of PKCS#10 meant that CSRs that were generated as version 3 were rejected. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.66 2022/06/08 12:00:00 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.29.0 @ 1.66 log @py-acme py-certbot*: updated to 1.28.0 1.28.0 Added Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org Changed A change to order finalization has been made to the acme module and Certbot: An order's certificate field will only be processed if the order's status is valid. An order's error field will only be processed if the order's status is invalid. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.65 2022/05/04 11:27:10 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.28.0 @ 1.65 log @py-acme py-certbot: updated to 1.27.0 Certbot 1.27.0 Added Added support for RFC8555 subproblems to our acme library. Changed The PGP key F2871B4152AE13C49519111F447BF683AA3B26C3 was added as an additional trusted key to sign our PyPI packages When certonly is run with an installer specified (e.g. --nginx), certonly will now also run restart for that installer @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.64 2022/04/08 18:00:27 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.27.0 @ 1.64 log @py-acme py-certbot*: updated to 1.26.0 Certbot 1.26.0 Added Added --new-key. When renewing or replacing a certificate that has --reuse-key set, it will force a new private key to be generated, one time. As before, --reuse-key and --no-reuse-key can be used to enable and disable key reuse. Changed The default propagation timeout for the OVH DNS plugin (--dns-ovh-propagation-seconds) has been increased from 30 seconds to 120 seconds, based on user feedback. Fixed Certbot for Windows has been upgraded to use Python 3.9.11, in response to https://www.openssl.org/news/secadv/20220315.txt. Previously, when Certbot was in the process of registering a new ACME account and the ACME server did not present any Terms of Service, the user was asked to agree with a non-existent Terms of Service ("None"). This bug is now fixed, so that if an ACME server does not provide any Terms of Service to agree with, the user is not asked to agree to a non-existent Terms of Service any longer. If account registration fails, Certbot did not relay the error from the ACME server back to the user. This is now fixed: the error message from the ACME server is now presented to the user when account registration fails. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.63 2022/03/17 12:23:31 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.26.0 @ 1.63 log @py-acme py-certbot: updated to 1.25.0 Certbot 1.25.0 Changed Dropped 32 bit support for the Windows beta installer Windows beta installer is now distributed as "certbot-beta-installer-win_amd64.exe". Users of the Windows beta should uninstall the old version before running this. Added a check whether OCSP stapling is supported by the installer when requesting a certificate with the run subcommand in combination with the --must-staple option. If the installer does not support OCSP and the --must-staple option is used, Certbot will raise an error and quit. Certbot and its acme module now depend on josepy>=1.13.0 due to better type annotation support. Fixed Updated dependencies to use new version of cryptography that uses OpenSSL 1.1.1n, in response to https://www.openssl.org/news/secadv/20220315.txt. Certbot 1.24.0 Added When the --debug-challenges option is used in combination with -v, Certbot now displays the challenge URLs (for http-01 challenges) or FQDNs (for dns-01 challenges) and their expected return values. Changed Support for Python 3.6 was removed. All Certbot components now require setuptools>=41.6.0. The acme library now requires requests>=2.20.0. Certbot and its acme library now require pytz>=2019.3. certbot-nginx now requires pyparsing>=2.2.1. certbot-dns-route53 now requires boto3>=1.15.15. Fixed Nginx plugin now checks included files for the singleton server_names_hash_bucket_size directive. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.62 2022/02/10 21:23:32 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.25.0 @ 1.62 log @py-acme py-certbot*: updated to 1.23.0 Certbot 1.23.0 Added Added show_account subcommand, which will fetch the account information from the ACME server and show the account details (account URL and, if applicable, email address or addresses) We deprecated support for Python 3.6 in Certbot and its ACME library. Support for Python 3.6 will be removed in the next major release of Certbot. Fixed GCP Permission list for certbot-dns-google in plugin documentation dns-digitalocean used the SOA TTL for newly created records, rather than 30 seconds. Revoking a certificate based on an ECDSA key can now be done with --key-path. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.61 2021/12/10 09:14:52 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.23.0 d28 2 @ 1.61 log @py-acme py-certbot*: updated to 1.22.0 Certbot 1.22.0 Added Support for Python 3.10 was added to Certbot and all of its components. The function certbot.util.parse_loose_version was added to parse version strings in the same way as the now deprecated distutils.version.LooseVersion class from the Python standard library. Added --issuance-timeout. This option specifies how long (in seconds) Certbot will wait for the server to issue a certificate. Changed The function certbot.util.get_strict_version was deprecated and will be removed in a future release. Fixed Fixed an issue on Windows where the web.config created by Certbot would sometimes conflict with preexisting configurations. Fixed an issue on Windows where the webroot plugin would crash when multiple domains had the same webroot. This affected Certbot 1.21.0. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.60 2021/11/13 17:30:26 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.22.0 @ 1.60 log @py-acme py-certbot*: updated to 1.21.0 Certbot 1.21.0 Added Certbot will generate a web.config file on Windows in the challenge path when the webroot plugin is used, if one does not exist. This web.config file lets IIS serve challenge files while they do not have an extension. Changed We changed the PGP key used to sign the packages we upload to PyPI. Going forward, releases will be signed with one of three different keys. All of these keys are available on major key servers and signed by our previous PGP key. The fingerprints of these new keys are: BF6BCFC89E90747B9A680FD7B6029E8500F7DB16 86379B4F0AF371B50CD9E5FF3402831161D1D280 20F201346BF8F3F455A73F9A780CC99432A28621 Fixed More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.59 2021/10/10 18:43:11 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.21.0 @ 1.59 log @py-acme py-certbot: updated to 1.20.0 1.20.0 Added * Added `--no-reuse-key`. This remains the default behavior, but the flag may be useful to unset the `--reuse-key` option on existing certificates. Fixed * The certbot-dns-rfc2136 plugin in Certbot 1.19.0 inadvertently had an implicit dependency on `dnspython>=2.0`. This has been relaxed to `dnspython>=1.15.0`. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.58 2021/09/15 12:05:15 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.20.0 @ 1.58 log @py-acme py-certbot*: updated to 1.19.0 Certbot 1.19.0 Added The certbot-dns-rfc2136 plugin always assumed the use of an IP address as the target server, but this was never checked. Until now. The plugin raises an error if the configured target server is not a valid IPv4 or IPv6 address. Our acme library now supports requesting certificates for IP addresses. This feature is still unsupported by Certbot and Let's Encrypt. Changed Several attributes in certbot.display.util module are deprecated and will be removed in a future release of Certbot. Any import of these attributes will emit a warning to prepare the transition for developers. zope based interfaces in certbot.interfaces module are deprecated and will be removed in a future release of Certbot. Any import of these interfaces will emit a warning to prepare the transition for developers. We removed the dependency on chardet from our acme library. Except for when downloading a certificate in an alternate format, our acme library now assumes all server responses are UTF-8 encoded which is required by RFC 8555. Fixed Fixed parsing of Defined values in the Apache plugin to allow for = in the value. Fixed a relatively harmless crash when issuing a certificate with --quiet/-q. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.57 2021/08/05 10:52:00 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.19.0 @ 1.57 log @py-acme py-certbot*: updated to 1.18.0 1.18.0 Added New functions that Certbot plugins can use to interact with the user have been added to certbot.display.util. We plan to deprecate using IDisplay with zope in favor of these new functions in the future. The Plugin, Authenticator and Installer classes are added to certbot.interfaces module as alternatives to Certbot's current zope based plugin interfaces. The API of these interfaces is identical, but they are based on Python's abc module instead of zope. Certbot will continue to detect plugins that implement either interface, but we plan to drop support for zope based interfaces in a future version of Certbot. The class certbot.configuration.NamespaceConfig is added to the Certbot's public API. Changed When self-validating HTTP-01 challenges using acme.challenges.HTTP01Response.simple_verify, we now assume that the response is composed of only ASCII characters. Previously we were relying on the default behavior of the requests library which tries to guess the encoding of the response which was error prone. acme: the .client.Client and .client.BackwardsCompatibleClientV2 classes are now deprecated in favor of .client.ClientV2. The certbot.tests.patch_get_utility* functions have been deprecated. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util as a temporary workaround. In order to simplify the transition to Certbot's new plugin interfaces, the classes Plugin and Installer in certbot.plugins.common module and certbot.plugins.dns_common.DNSAuthenticator now implement Certbot's new plugin interfaces. The Certbot plugins based on these classes are now automatically detected as implementing these interfaces. We added a dependency on chardet to our acme library so that it will be used over charset_normalizer in newer versions of requests. Fixed The Apache authenticator no longer crashes with "Unable to insert label" when encountering a completely empty vhost. This issue affected Certbot 1.17.0. Users of the Certbot snap on Debian 9 (Stretch) should no longer encounter an "access denied" error when installing DNS plugins. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.56 2021/07/23 07:26:43 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.18.0 @ 1.56 log @py-acme, py-certbot*: updated to 1.17.0 Certbot 1.17.0 Added Add Void Linux overrides for certbot-apache. Changed We changed how dependencies are specified between Certbot packages. For this and future releases, higher level Certbot components will require that lower level components are the same version or newer. More specifically, version X of the Certbot package will now always require acme>=X and version Y of a plugin package will always require acme>=Y and certbot=>Y. Specifying dependencies in this way simplifies testing and development. The Apache authenticator now always configures virtual hosts which do not have an explicit ServerName. This should make it work more reliably with the default Apache configuration in Debian-based environments. Fixed When we increased the logging level on our nginx "Could not parse file" message, it caused a previously-existing inability to parse empty files to become more visible. We have now added the ability to correctly parse empty files, so that message should only show for more significant errors. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.55 2021/06/14 12:15:39 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.17.0 @ 1.55 log @py-acme py-certbot*: updated to 1.16.0 Certbot 1.16.0 Changed DNS plugins based on lexicon now require dns-lexicon >= v3.1.0 Use UTF-8 encoding for renewal configuration files Windows installer now cleans up old Certbot dependency packages before installing the new ones to avoid version conflicts. This release contains a substantial command-line UX overhaul, based on previous user research. The main goal was to streamline and clarify output. If you would like to see more verbose output, use the -v or -vv flags. UX improvements are an iterative process and the Certbot team welcomes constructive feedback. Functions certbot.crypto_util.init_save_key and certbot.crypto_util.init_save_csr, whose behaviors rely on the global Certbot config singleton, are deprecated and will be removed in a future release. Please use certbot.crypto_util.generate_key and certbot.crypto_util.generate_csr instead. Fixed Fix TypeError due to incompatibility with lexicon >= v3.6.0 Installers (e.g. nginx, Apache) were being restarted unnecessarily after dry-run renewals. Colors and bold text should properly render in all supported versions of Windows. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.54 2021/05/14 08:24:06 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.16.0 @ 1.54 log @py-acme py-certbot*: updated to 1.15.0 1.15.0 - 2021-05-04 More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.53 2021/04/15 05:16:35 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.15.0 @ 1.53 log @py-acme py-certbot*: updated to 1.14.0 Certbot 1.14.0 Changed certbot-auto no longer checks for updates on any operating system. The module acme.magic_typing is deprecated and will be removed in a future release. Please use the built-in module typing instead. The DigitalOcean plugin now creates TXT records for the DNS-01 challenge with a lower 30s TTL. Fixed Don't output an empty line for a hidden certificate when certbot certificates is being used in combination with --cert-name or -d. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.52 2021/03/06 13:34:23 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.14.0 @ 1.52 log @py-acme py-certbot*: updated to 1.13.0 Certbot 1.13.0 Changed CLI flags --os-packages-only, --no-self-upgrade, --no-bootstrap and --no-permissions-check, which are related to certbot-auto, are deprecated and will be removed in a future release. Certbot no longer conditionally depends on an external mock module. Certbot's test API will continue to use it if it is available for backwards compatibility, however, this behavior has been deprecated and will be removed in a future release. The acme library no longer depends on the security extras from requests which was needed to support SNI in TLS requests when using old versions of Python 2. Certbot and all of its components no longer depend on the library six. The update of certbot-auto itself is now disabled on all RHEL-like systems. When revoking a certificate by --cert-name, it is no longer necessary to specify the --server if the certificate was obtained from a non-default ACME server. The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01 challenge. It is now compatible with external HTTPS redirection by a CDN or load balancer. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.51 2021/02/09 10:06:41 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.13.0 @ 1.51 log @py-acme py-certbot*: updated to 1.12.0 1.12.0 Changed The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. Support for Python 2 has been removed. In previous releases, we caused certbot-auto to stop updating its Certbot installation. In this release, we are beginning to disable updates to the certbot-auto script itself. This release includes Amazon Linux users, and all other systems that are not based on Debian or RHEL. We plan to make this change to the certbot-auto script for all users in the coming months. Fixed Fixed the apache component on openSUSE Tumbleweed which no longer provides an apache2ctl symlink and uses apachectl instead. Fixed a typo in certbot/crypto_util.py causing an error upon attempting secp521r1 key generation @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.50 2021/01/14 14:21:51 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.12.0 d30 1 a30 1 PYTHON_VERSIONS_INCOMPATIBLE= 27 # py-lexicon @ 1.50 log @py-acme py-certbot: updated to 1.11.0 Certbot 1.11.0 Changed We deprecated support for Python 2 in Certbot and its ACME library. Support for Python 2 will be removed in the next planned release of Certbot. certbot-auto was deprecated on all systems. For more information about this change, see https://community.letsencrypt.org/t/certbot-auto-no-longer-works-on-debian-based-systems/139702/7. We deprecated support for Apache 2.2 in the certbot-apache plugin and it will be removed in a future release of Certbot. Fixed The Certbot snap no longer loads packages installed via pip install --user. This was unintended and DNS plugins should be installed via snap instead. certbot-dns-google would sometimes crash with HTTP 409/412 errors when used with very large zones. certbot-dns-google would sometimes crash with an HTTP 412 error if preexisting records had an unexpected TTL, i.e.: different than Certbot's default TTL for this plugin. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.49 2020/12/09 12:31:35 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.11.0 d31 3 @ 1.49 log @py-acme py-certbot*: updated to 1.10.1 1.10.1 - 2020-12-03 Fixed Fixed a bug in certbot.util.add_deprecated_argument that caused the deprecated --manual-public-ip-logging-ok flag to crash Certbot in some scenarios. More details about these changes can be found on our GitHub repo. 1.10.0 - 2020-12-01 Added Added timeout to DNS query function calls for dns-rfc2136 plugin. Confirmation when deleting certificates CLI flag --key-type has been added to specify 'rsa' or 'ecdsa' (default 'rsa'). CLI flag --elliptic-curve has been added which takes an NIST/SECG elliptic curve. Any of secp256r1, secp384r1 and secp521r1 are accepted values. The command certbot certficates lists the which type of the private key that was used for the private key. Support for Python 3.9 was added to Certbot and all of its components. Changed certbot-auto was deprecated on Debian based systems. CLI flag --manual-public-ip-logging-ok is now a no-op, generates a deprecation warning, and will be removed in a future release. Fixed Fixed a Unicode-related crash in the nginx plugin when running under Python 2. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.48 2020/10/18 18:45:03 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.10.1 @ 1.48 log @py-acme py-certbot: updated to 1.9.0 Certbot 1.9.0 Added --preconfigured-renewal flag, for packager use only. See the packaging guide. Changed certbot-auto was deprecated on all systems except for those based on Debian or RHEL. Update the packaging instructions to promote usage of python -m pytest to test Certbot instead of the deprecated python setup.py test setuptools approach. Reduced CLI logging when reloading nginx, if it is not running. Reduced CLI logging when handling some kinds of errors. Fixed Fixed server_name case-sensitivity in the nginx plugin. The minimum version of the acme library required by Certbot was corrected. In the previous release, Certbot said it required acme>=1.6.0 when it actually required acme>=1.8.0 to properly support removing contact information from an ACME account. Upgraded the version of httplib2 used in our snaps and Docker images to add support for proxy environment variables and fix the plugin for Google Cloud DNS. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.47 2020/09/30 09:03:45 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.9.0 @ 1.47 log @py-acme py-certbot*: updated to 1.8.0 Certbot 1.8.0 Added Added the ability to remove email and phone contact information from an account using update_account --register-unsafely-without-email Changed Support for Python 3.5 has been removed. Fixed The problem causing the Apache plugin in the Certbot snap on ARM systems to fail to load the Augeas library it depends on has been fixed. The acme library can now tell the ACME server to clear contact information by passing an empty tuple to the contact field of a Registration message. Fixed the *** stack smashing detected *** error in the Certbot snap on some systems. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.46 2020/08/26 11:10:13 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.8.0 @ 1.46 log @py-acme py-certbot*: updated to 1.7.0 Certbot 1.7.0 Added Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name): this concerns the plugin name, CLI flags, and keys in credential files. The prefixed form is still supported but is deprecated, and will be removed in a future release. Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload. Changed The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200, due to https://www.linode.com/blog/linode/linode-turns-17/ We deprecated support for Python 3.5 in Certbot and its ACME library. Support for Python 3.5 will be removed in the next major release of Certbot. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.45 2020/07/10 10:24:21 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.7.0 d29 2 @ 1.45 log @py-acme,py-certbot: updated to 1.6.0 1.6.0 Added Certbot snaps are now available for the arm64 and armhf architectures. Add minimal code to run Nginx plugin on NetBSD. Make Certbot snap find externally snapped plugins Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask implementing umask for both UNIX and Windows systems. Support for alternative certificate chains in the acme module. Added --preferred-chain . If a CA offers multiple certificate chains, it may be used to indicate to Certbot which chain should be preferred. e.g. --preferred-chain "DST Root CA X3" Changed Allow session tickets to be disabled in Apache when mod_ssl is statically linked. Generalize UI warning message on renewal rate limits Certbot behaves similarly on Windows to on UNIX systems regarding umask, and the umask 022 is applied by default: all files/directories are not writable by anyone other than the user running Certbot and the system/admin users. Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare for impending acmev1 deprecation. Fixed Cloudflare API Tokens may now be restricted to individual zones. Don't use StrictVersion, but LooseVersion to check version requirements with setuptools, to fix some packaging issues with libraries respecting PEP404 for version string, with doesn't match StrictVersion requirements. Certbot output doesn't refer to SSL Labs due to confusing scoring behavior. Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx plugins on, e.g., CentOS 7. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.44 2020/06/08 15:53:29 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.6.0 @ 1.44 log @py-acme py-certbot: updated to 1.5.0 Certbot 1.5.0 Added Require explicit confirmation of snap plugin permissions before connecting. Changed Improved error message in apache installer when mod_ssl is not available. Fixed Add support for OCSP responses which use a public key hash ResponderID, fixing interoperability with Sectigo CAs. Fix TLS-ALPN test that fails when run with newer versions of OpenSSL. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.43 2020/05/07 10:53:44 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.5.0 @ 1.43 log @py-acme/py-certbot*: updated to 1.4.0 1.4.0: Added * Turn off session tickets for apache plugin by default when appropriate. * Added serial number of certificate to the output of `certbot certificates` * Expose two new environment variables in the authenticator and cleanup scripts used by the `manual` plugin: `CERTBOT_REMAINING_CHALLENGES` is equal to the number of challenges remaining after the current challenge, `CERTBOT_ALL_DOMAINS` is a comma-separated list of all domains challenged for the current certificate. * Added TLS-ALPN-01 challenge support in the `acme` library. Support of this challenge in the Certbot client is planned to be added in a future release. * Added minimal proxy support for OCSP verification. * On Windows, hooks are now executed in a Powershell shell instead of a CMD shell, allowing both `*.ps1` and `*.bat` as valid scripts for Certbot. Changed * Reorganized error message when a user entered an invalid email address. * Stop asking interactively if the user would like to add a redirect. * `mock` dependency is now conditional on Python 2 in all of our packages. * Deprecate certbot-auto on Gentoo, macOS, and FreeBSD. Fixed * When using an RFC 8555 compliant endpoint, the `acme` library no longer sends the `resource` field in any requests or the `type` field when responding to challenges. * Fix nginx plugin crash when non-ASCII configuration file is being read (instead, the user will be warned that UTF-8 must be used). * Fix hanging OCSP queries during revocation checking - added a 10 second timeout. * Standalone servers now have a default socket timeout of 30 seconds, fixing cases where an idle connection can cause the standalone plugin to hang. * Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line endings. This should fix interoperability with Buypass' services. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.42 2020/03/23 18:43:45 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.4.0 @ 1.42 log @py-acme py-certbot: updated to 1.3.0 Certbot 1.3.0 Added Added certbot.ocsp Certbot's API. The certbot.ocsp module can be used to determine the OCSP status of certificates. Don't verify the existing certificate in HTTP01Response.simple_verify, for compatibility with the real-world ACME challenge checks. Changed Certbot will now renew certificates early if they have been revoked according to OCSP. Fix acme module warnings when response Content-Type includes params (e.g. charset). Fixed issue where webroot plugin would incorrectly raise Read-only file system error when creating challenge directories @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.41 2020/02/16 20:23:26 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.3.0 @ 1.41 log @py-acme py-certbot: updated to 1.2.0 1.2.0: Added Added support for Cloudflare's limited-scope API Tokens Added support for $hostname in nginx server_name directive Changed Add directory field to error message when field is missing. If MD5 hasher is not available, try it in non-security mode (fix for FIPS systems) Disable old SSL versions and ciphersuites and remove SSLCompression off setting to follow Mozilla recommendations in Apache. Remove ECDHE-RSA-AES128-SHA from NGINX ciphers list now that Windows 2008 R2 and Windows 7 are EOLed Support for Python 3.4 has been removed. Fixed Fix collections.abc imports for Python 3.9. More details about these changes can be found on our GitHub repo. 1.1.0: Changed Removed the fallback introduced with 0.34.0 in acme to retry a POST-as-GET request as a GET request when the targeted ACME CA server seems to not support POST-as-GET requests. certbot-auto no longer supports architectures other than x86_64 on RHEL 6 based systems. Existing certbot-auto installations affected by this will continue to work, but they will no longer receive updates. To install a newer version of Certbot on these systems, you should update your OS. Support for Python 3.4 in Certbot and its ACME library is deprecated and will be removed in the next release of Certbot. certbot-auto users on x86_64 systems running RHEL 6 or derivatives will be asked to enable Software Collections (SCL) repository so Python 3.6 can be installed. certbot-auto can enable the SCL repo for you on CentOS 6 while users on other RHEL 6 based systems will be asked to do this manually. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.40 2019/12/30 19:43:56 triaxx Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.2.0 @ 1.40 log @py-cerbot: add py-certbot-dns-digitalocean in comments @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.39 2019/12/15 09:48:37 adam Exp $ d19 1 a19 1 CERTBOT_VERSION= 1.0.0 @ 1.39 log @py-acme/py-cerbot-*: updated to 1.0.0 Certbot 1.0.0 Removed: * The docs extras for the certbot-apache and certbot-nginx packages have been removed. Changed: * certbot-auto has deprecated support for systems using OpenSSL 1.0.1 that are not running on x86-64. This primarily affects RHEL 6 based systems. * Certbot's config_changes subcommand has been removed * certbot.plugins.common.TLSSNI01 has been removed. * Deprecated attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone have been removed. * The functions certbot.client.view_config_changes, certbot.main.config_changes, certbot.plugins.common.Installer.view_config_changes, certbot.reverter.Reverter.view_config_changes, and certbot.util.get_systemd_os_info have been removed * Certbot's register --update-registration subcommand has been removed * When possible, default to automatically configuring the webserver so all requests redirect to secure HTTPS access. This is mostly relevant when running Certbot in non-interactive mode. Previously, the default was to not redirect all requests. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.38 2019/11/14 18:28:17 adam Exp $ d5 1 @ 1.38 log @py-certbot: updated to 0.40.1 0.40.1: Changed Added back support for Python 3.4 to Certbot components and certbot-auto due to a bug when requiring Python 2.7 or 3.5+ on RHEL 6 based systems. More details about these changes can be found on our GitHub repo. 0.40.0: Changed We deprecated support for Python 3.4 in Certbot and its ACME library. Support for Python 3.4 will be removed in the next major release of Certbot. certbot-auto users on RHEL 6 based systems will be asked to enable Software Collections (SCL) repository so Python 3.6 can be installed. certbot-auto can enable the SCL repo for you on CentOS 6 while users on other RHEL 6 based systems will be asked to do this manually. --server may now be combined with --dry-run. Certbot will, as before, use the staging server instead of the live server when --dry-run is used. --dry-run now requests fresh authorizations every time, fixing the issue where it was prone to falsely reporting success. Updated certbot-dns-google to depend on newer versions of google-api-python-client and oauth2client. The OS detection logic again uses distro library for Linux OSes certbot.plugins.common.TLSSNI01 has been deprecated and will be removed in a future release. CLI flags --tls-sni-01-port and --tls-sni-01-address have been removed. The values tls-sni and tls-sni-01 for the --preferred-challenges flag are no longer accepted. Removed the flags: --agree-dev-preview, --dialog, and --apache-init-script acme.standalone.BaseRequestHandlerWithLogging and acme.standalone.simple_tls_sni_01_server have been deprecated and will be removed in a future release of the library. certbot-dns-rfc2136 now use TCP to query SOA records. Fixed More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.37 2019/10/02 17:36:43 adam Exp $ d18 1 a18 1 CERTBOT_VERSION= 0.40.1 @ 1.37 log @py-acme/py-certbot: updated to 0.39.0 0.39.0: Added Support for Python 3.8 was added to Certbot and all of its components. Support for CentOS 8 was added to certbot-auto. Changed Don't send OCSP requests for expired certificates Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 Updated the Nginx plugin's TLS configuration to keep support for some versions of IE11. Fixed Fixed OS detection in the Apache plugin on RHEL 6. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.36 2019/09/12 15:08:53 adam Exp $ d18 1 a18 1 CERTBOT_VERSION= 0.39.0 @ 1.36 log @py-acme py-certbot*: updated to 0.38.0 0.38.0: Added Disable session tickets for Nginx users when appropriate. Changed If Certbot fails to rollback your server configuration, the error message links to the Let's Encrypt forum. Change the link to the Help category now that the Server category has been closed. Replace platform.linux_distribution with distro.linux_distribution as a step towards Python 3.8 support in Certbot. Fixed Fixed OS detection in the Apache plugin on Scientific Linux. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.35 2019/08/23 09:57:49 adam Exp $ d18 1 a18 2 CERTBOT_VERSION= 0.38.0 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} d20 1 d23 1 @ 1.35 log @py-certbot: updated to 0.37.2 0.37.2: Stop disabling TLS session tickets in Nginx as it caused TLS failures on some systems. 0.37.1: Fixed Stop disabling TLS session tickets in Apache as it caused TLS failures on some systems. 0.37.0: Added Turn off session tickets for apache plugin by default acme: Authz deactivation added to acme module. Changed Follow updated Mozilla recommendations for Nginx ssl_protocols, ssl_ciphers, and ssl_prefer_server_ciphers Fixed Fix certbot-auto failures on RHEL 8. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.34 2019/07/15 12:52:54 adam Exp $ d18 1 a18 1 CERTBOT_VERSION= 0.37.2 @ 1.34 log @py-certbot: updated to 0.36.0 0.36.0: Added ----- Turn off session tickets for nginx plugin by default Added missing error types from RFC8555 to acme Changed ------- Support for Ubuntu 14.04 Trusty has been removed. Update the 'manage your account' help to be more generic. The error message when Certbot's Apache plugin is unable to modify your Apache configuration has been improved. Certbot's config_changes subcommand has been deprecated and will be removed in a future release. certbot config_changes no longer accepts a --num parameter. The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release. Fixed ----- Replace some unnecessary platform-specific line separation. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.33 2019/06/12 10:27:37 adam Exp $ d18 1 a18 1 CERTBOT_VERSION= 0.36.0 @ 1.33 log @py-acme,py-certbot*: updated to 0.35.1 0.35.1: Fixed Support for specifying an authoritative base domain in our dns-rfc2136 plugin has been removed. This feature was added in our last release but had a bug which caused the plugin to fail so the feature has been removed until it can be added properly. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: certbot-dns-rfc2136 @ text @d1 1 a1 1 # $NetBSD$ d18 1 a18 1 CERTBOT_VERSION= 0.35.1 @ 1.32 log @py-acme: update to 0.35.0 py-certbot: update to 0.35.0 py-certbot-apache: update to 0.35.0 py-certbot-dns-luadns: update to 0.35.0 py-certbot-dns-nsone: update to 0.35.0 py-certbot-dns-ovh: update to 0.35.0 py-certbot-dns-rfc2136: update to 0.35.0 py-certbot-dns-route53: update to 0.35.0 py-certbot-dns-sakuracloud: update to 0.35.0 py-certbot-nginx: update to 0.35.0 pkgsrc changes: --------------- * Add py-certbot/Makefile.common to make version number coherent upstream changes: ----------------- - Added o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS) - Fixed o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform. o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses. o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde. - Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: o certbot o certbot-dns-rfc2136 @ text @d1 1 a1 1 # $Netbsd: $ d3 1 d5 5 d18 1 a18 1 CERTBOT_VERSION= 0.35.0 @ 1.31 log @py-acme,py-certbot*: updated to 0.31.0 0.31.0: Added Avoid reprocessing challenges that are already validated when a certificate is issued. Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module. Changed Certbot's official Docker images are now based on Alpine Linux 3.9 rather than 3.7. The new version comes with OpenSSL 1.1.1. Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on 2.x branch is maintained). Apache plugin now attempts to configure all VirtualHosts matching requested domain name instead of only a single one when answering the HTTP-01 challenge. Fixed Fixed accessing josepy contents through acme.jose when the full acme.jose path is used. Clarify behavior for deleting certs as part of revocation. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: acme certbot certbot-apache certbot-dns-cloudxns certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-gehirn certbot-dns-linode certbot-dns-luadns certbot-dns-nsone certbot-dns-ovh certbot-dns-sakuracloud More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 2 # $NetBSD: Makefile.common,v 1.30 2019/01/15 12:07:25 triaxx Exp $ # d3 3 a5 1 # used by security/py-certbot/Makefile d12 2 a13 2 DISTNAME= certbot-0.30.0 MASTER_SITES= ${MASTER_SITE_GITHUB:=certbot/} d15 1 a15 1 HOMEPAGE= https://letsencrypt.org/ d17 2 a18 2 GITHUB_PROJECT= certbot GITHUB_TAG= v${PKGVERSION_NOREV} d20 1 a20 5 EXTRACT_USING= bsdtar USE_TOOLS+= bsdtar DISTINFO_FILE= ${PKGDIR}/../../security/py-certbot/distinfo #PATCHDIR= ${PKGDIR}/../../security/py-certbot/patches @ 1.30 log @py-certbot: add ovh, sakura cloud and nginx plugins @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.29 2019/01/15 09:32:11 triaxx Exp $ @ 1.29 log @py-certbot: update to 0.30.0 Upstream changes: ================================================================================ ## 0.30.0 - 2019-01-02 ### Added * Added the `update_account` subcommand for account management commands. ### Changed * Copied account management functionality from the `register` subcommand to the `update_account` subcommand. * Marked usage `register --update-registration` for deprecation and removal in a future release. ### Fixed * Older modules in the josepy library can now be accessed through acme.jose like it could in previous versions of acme. This is only done to preserve backwards compatibility and support for doing this with new modules in josepy will not be added. Users of the acme library should switch to using josepy directly if they haven't done so already. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme More details about these changes can be found on our GitHub repo. ## 0.29.1 - 2018-12-05 ### Added * ### Changed * ### Fixed * The default work and log directories have been changed back to /var/lib/letsencrypt and /var/log/letsencrypt respectively. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * certbot More details about these changes can be found on our GitHub repo. ## 0.29.0 - 2018-12-05 ### Added * Noninteractive renewals with `certbot renew` (those not started from a terminal) now randomly sleep 1-480 seconds before beginning work in order to spread out load spikes on the server side. * Added External Account Binding support in cli and acme library. Command line arguments --eab-kid and --eab-hmac-key added. ### Changed * Private key permissioning changes: Renewal preserves existing group mode & gid of previous private key material. Private keys for new lineages (i.e. new certs, not renewed) default to 0o600. ### Fixed * Update code and dependencies to clean up Resource and Deprecation Warnings. * Only depend on imgconverter extension for Sphinx >= 1.6 Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme * certbot * certbot-apache * certbot-dns-cloudflare * certbot-dns-digitalocean * certbot-dns-google * certbot-nginx More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/62?closed=1 ## 0.28.0 - 2018-11-7 ### Added * `revoke` accepts `--cert-name`, and doesn't accept both `--cert-name` and `--cert-path`. * Use the ACMEv2 newNonce endpoint when a new nonce is needed, and newNonce is available in the directory. ### Changed * Removed documentation mentions of `#letsencrypt` IRC on Freenode. * Write README to the base of (config-dir)/live directory * `--manual` will explicitly warn users that earlier challenges should remain in place when setting up subsequent challenges. * Warn when using deprecated acme.challenges.TLSSNI01 * Log warning about TLS-SNI deprecation in Certbot * Stop preferring TLS-SNI in the Apache, Nginx, and standalone plugins * OVH DNS plugin now relies on Lexicon>=2.7.14 to support HTTP proxies * Default time the Linode plugin waits for DNS changes to propogate is now 1200 seconds. ### Fixed * Match Nginx parser update in allowing variable names to start with `${`. * Fix ranking of vhosts in Nginx so that all port-matching vhosts come first * Correct OVH integration tests on machines without internet access. * Stop caching the results of ipv6_info in http01.py * Test fix for Route53 plugin to prevent boto3 making outgoing connections. * The grammar used by Augeas parser in Apache plugin was updated to fix various parsing errors. * The CloudXNS, DNSimple, DNS Made Easy, Gehirn, Linode, LuaDNS, NS1, OVH, and Sakura Cloud DNS plugins are now compatible with Lexicon 3.0+. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme * certbot * certbot-apache * certbot-dns-cloudxns * certbot-dns-dnsimple * certbot-dns-dnsmadeeasy * certbot-dns-gehirn * certbot-dns-linode * certbot-dns-luadns * certbot-dns-nsone * certbot-dns-ovh * certbot-dns-route53 * certbot-dns-sakuracloud * certbot-nginx More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/59?closed=1 ## 0.27.1 - 2018-09-06 ### Fixed * Fixed parameter name in OpenSUSE overrides for default parameters in the Apache plugin. Certbot on OpenSUSE works again. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * certbot-apache More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/60?closed=1 @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.28 2018/09/06 12:25:26 fhajny Exp $ d5 1 d8 2 @ 1.28 log @py-{acme,certbot}: Update to 0.27.0. ## 0.27.0 - 2018-09-05 ### Added - The Apache plugin now accepts the parameter --apache-ctl which can be used to configure the path to the Apache control script. ### Changed - When using `acme.client.ClientV2` (or `acme.client.BackwardsCompatibleClientV2` with an ACME server that supports a newer version of the ACME protocol), an `acme.errors.ConflictError` will be raised if you try to create an ACME account with a key that has already been used. Previously, a JSON parsing error was raised in this scenario when using the library with Let's Encrypt's ACMEv2 endpoint. ### Fixed - When Apache is not installed, Certbot's Apache plugin no longer prints messages about being unable to find apachectl to the terminal when the plugin is not selected. - If you're using the Apache plugin with the --apache-vhost-root flag set to a directory containing a disabled virtual host for the domain you're requesting a certificate for, the virtual host will now be temporarily enabled if necessary to pass the HTTP challenge. - The documentation for the Certbot package can now be built using Sphinx 1.6+. - You can now call `query_registration` without having to first call `new_account` on `acme.client.ClientV2` objects. - The requirement of `setuptools>=1.0` has been removed from `certbot-dns-ovh`. - Names in certbot-dns-sakuracloud's tests have been updated to refer to Sakura Cloud rather than NS1 whose plugin certbot-dns-sakuracloud was based on. ## 0.26.1 - 2018-07-17 ### Fixed - Fix a bug that was triggered when users who had previously manually set `--server` to get ACMEv2 certs tried to renew ACMEv1 certs. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.27 2018/07/24 09:24:11 triaxx Exp $ d6 1 d8 1 a8 1 DISTNAME= certbot-0.27.0 @ 1.28.4.1 log @Pullup ticket #5901 - requested by taca security/py-acme: update (stop using TLS-SNI-01) security/py-certbot: update (stop using TLS-SNI-01) Revisions pulled up: - security/py-acme/PLIST 1.11 - security/py-certbot/Makefile.common 1.29 - security/py-certbot/PLIST 1.14 - security/py-certbot/distinfo 1.28 --- Module Name: pkgsrc Committed By: triaxx Date: Tue Jan 15 09:32:11 UTC 2019 Modified Files: pkgsrc/security/py-certbot: Makefile.common PLIST distinfo Log Message: py-certbot: update to 0.30.0 Upstream changes: ================================================================================ ## 0.30.0 - 2019-01-02 ### Added * Added the `update_account` subcommand for account management commands. ### Changed * Copied account management functionality from the `register` subcommand to the `update_account` subcommand. * Marked usage `register --update-registration` for deprecation and removal in a future release. ### Fixed * Older modules in the josepy library can now be accessed through acme.jose like it could in previous versions of acme. This is only done to preserve backwards compatibility and support for doing this with new modules in josepy will not be added. Users of the acme library should switch to using josepy directly if they haven't done so already. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme More details about these changes can be found on our GitHub repo. ## 0.29.1 - 2018-12-05 ### Added * ### Changed * ### Fixed * The default work and log directories have been changed back to /var/lib/letsencrypt and /var/log/letsencrypt respectively. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * certbot More details about these changes can be found on our GitHub repo. ## 0.29.0 - 2018-12-05 ### Added * Noninteractive renewals with `certbot renew` (those not started from a terminal) now randomly sleep 1-480 seconds before beginning work in order to spread out load spikes on the server side. * Added External Account Binding support in cli and acme library. Command line arguments --eab-kid and --eab-hmac-key added. ### Changed * Private key permissioning changes: Renewal preserves existing group mode & gid of previous private key material. Private keys for new lineages (i.e. new certs, not renewed) default to 0o600. ### Fixedxed * Update code and dependencies to clean up Resource and Deprecation Warnings. * Only depend on imgconverter extension for Sphinx >= 1.6 Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme * certbot * certbot-apache * certbot-dns-cloudflare * certbot-dns-digitalocean * certbot-dns-google * certbot-nginx More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/62?closed=1 ## 0.28.0 - 2018-11-7 ### Added * `revoke` accepts `--cert-name`, and doesn't accept both `--cert-name` and `--cert-path`. * Use the ACMEv2 newNonce endpoint when a new nonce is needed, and newNonce is available in the directory. ### Changed * Removed documentation mentions of `#letsencrypt` IRC on Freenode. * Write README to the base of (config-dir)/live directory * `--manual` will explicitly warn users that earlier challenges should remain in place when setting up subsequent challenges. * Warn when using deprecated acme.challenges.TLSSNI01 * Log warning about TLS-SNI deprecation in Certbot * Stop preferring TLS-SNI in the Apache, Nginx, and standalone plugins * OVH DNS plugin now relies on Lexicon>=2.7.14 to support HTTP proxies * Default time the Linode plugin waits for DNS changes to propogate is now 1200 seconds. ### Fixed * Match Nginx parser update in allowing variable names to start with `${`. * Fix ranking of vhosts in Nginx so that all port-matching vhosts come first * Correct OVH integration tests on machines without internet access. * Stop caching the results of ipv6_info in http01.py * Test fix for Route53 plugin to prevent boto3 making outgoing connections. * The grammar used by Augeas parser in Apache plugin was updated to fix various parsing errors. * The CloudXNS, DNSimple, DNS Made Easy, Gehirn, Linode, LuaDNS, NS1, OVH, and Sakura Cloud DNS plugins are now compatible with Lexicon 3.0+. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * acme * certbot * certbot-apache * certbot-dns-cloudxns * certbot-dns-dnsimple * certbot-dns-dnsmadeeasy * certbot-dns-gehirn * certbot-dns-linode * certbot-dns-luadns * certbot-dns-nsone * certbot-dns-ovh * certbot-dns-route53 * certbot-dns-sakuracloud * certbot-nginx More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/59?closed=1 ## 0.27.1 - 2018-09-06 ### Fixed * Fixed parameter name in OpenSUSE overrides for default parameters in the Apache plugin. Certbot on OpenSUSE works again. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: * certbot-apache More details about these changes can be found on our GitHub repo: https://github.com/certbot/certbot/milestone/60?closed=1 --- Module Name: pkgsrc Committed By: triaxx Date: Tue Jan 15 09:34:10 UTC 2019 Modified Files: pkgsrc/security/py-acme: PLIST Log Message: py-acme: update to 0.30.0 @ text @d1 1 a1 1 # $NetBSD$ a5 1 # used by security/py-certbot-dns-route53/Makefile d7 1 a7 1 DISTNAME= certbot-0.30.0 @ 1.27 log @Add used by comment for py-certbot-dns-rfc2136. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.26 2018/07/17 16:32:16 fhajny Exp $ d7 1 a7 1 DISTNAME= certbot-0.26.0 @ 1.26 log @net/py-{acme,certbot}: Update to 0.26.0. ### Added - A new security enhancement which we're calling AutoHSTS has been added to Certbot's Apache plugin. This enhancement configures your webserver to send a HTTP Strict Transport Security header with a low max-age value that is slowly increased over time. The max-age value is not increased to a large value until you've successfully managed to renew your certificate. This enhancement can be requested with the --auto-hsts flag. - New official DNS plugins have been created for Gehirn Infrastracture Service, Linode, OVH, and Sakura Cloud. These plugins can be found on our Docker Hub page at https://hub.docker.com/u/certbot and on PyPI. - The ability to reuse ACME accounts from Let's Encrypt's ACMEv1 endpoint on Let's Encrypt's ACMEv2 endpoint has been added. - Certbot and its components now support Python 3.7. - Certbot's install subcommand now allows you to interactively choose which certificate to install from the list of certificates managed by Certbot. - Certbot now accepts the flag `--no-autorenew` which causes any obtained certificates to not be automatically renewed when it approaches expiration. - Support for parsing the TLS-ALPN-01 challenge has been added back to the acme library. ### Changed - Certbot's default ACME server has been changed to Let's Encrypt's ACMEv2 endpoint. By default, this server will now be used for both new certificate lineages and renewals. - The Nginx plugin is no longer marked labeled as an "Alpha" version. - The `prepare` method of Certbot's plugins is no longer called before running "Updater" enhancements that are run on every invocation of `certbot renew`. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.25 2018/06/12 09:22:35 fhajny Exp $ d5 1 @ 1.25 log @security/py-{acme,certbot}: Update to 0.25.0. ### Added - Support for the ready status type was added to acme. Without this change, Certbot and acme users will begin encountering errors when using Let's Encrypt's ACMEv2 API starting on June 19th for the staging environment and July 5th for production. See https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 for more information. - Certbot now accepts the flag --reuse-key which will cause the same key to be used in the certificate when the lineage is renewed rather than generating a new key. - You can now add multiple email addresses to your ACME account with Certbot by providing a comma separated list of emails to the --email flag. - Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme. For more information, see https://community.letsencrypt.org/t/tls-alpn-validation-method/63814/1. - acme now supports specifying the source address to bind to when sending outgoing connections. You still cannot specify this address using Certbot. - If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't already have an account registered at that server URL, Certbot will automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint if it exists. - Interfaces were added to Certbot allowing plugins to be called at additional points. The `GenericUpdater` interface allows plugins to perform actions every time `certbot renew` is run, regardless of whether any certificates are due for renewal, and the `RenewDeployer` interface allows plugins to perform actions when a certificate is renewed. See `certbot.interfaces` for more information. ### Changed - When running Certbot with --dry-run and you don't already have a staging account, the created account does not contain an email address even if one was provided to avoid expiration emails from Let's Encrypt's staging server. - certbot-nginx does a better job of automatically detecting the location of Nginx's configuration files when run on BSD based systems. - acme now requires and uses pytest when running tests with setuptools with `python setup.py test`. - `certbot config_changes` no longer waits for user input before exiting. ### Fixed - Misleading log output that caused users to think that Certbot's standalone plugin failed to bind to a port when performing a challenge has been corrected. - An issue where certbot-nginx would fail to enable HSTS if the server block already had an `add_header` directive has been resolved. - certbot-nginx now does a better job detecting the server block to base the configuration for TLS-SNI challenges on. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.24 2018/05/16 15:09:42 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.25.0 @ 1.24 log @security/py-{acme,certbot}: Update to 0.24.0. ### Added - certbot now has an enhance subcommand which allows you to configure security enhancements like HTTP to HTTPS redirects, OCSP stapling, and HSTS without reinstalling a certificate. - certbot-dns-rfc2136 now allows the user to specify the port to use to reach the DNS server in its credentials file. - acme now parses the wildcard field included in authorizations so it can be used by users of the library. ### Changed - certbot-dns-route53 used to wait for each DNS update to propagate before sending the next one, but now it sends all updates before waiting which speeds up issuance for multiple domains dramatically. - We've doubled the time Certbot will spend polling authorizations before timing out. - The level of the message logged when Certbot is being used with non-standard paths warning that crontabs for renewal included in Certbot packages from OS package managers may not work has been reduced. This stops the message from being written to stderr every time `certbot renew` runs. ### Fixed - certbot-auto now works with Python 3.6. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.23 2018/04/13 08:14:28 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.24.0 @ 1.23 log @security/py-certbot: Update to 0.23.0. ### Added - Support for OpenResty was added to the Nginx plugin. ### Changed - The timestamps in Certbot's logfiles now use the system's local time zone rather than UTC. - Certbot's DNS plugins that use Lexicon now rely on Lexicon>=2.2.1 to be able to create and delete multiple TXT records on a single domain. - certbot-dns-google's test suite now works without an internet connection. ### Fixed - Removed a small window that if during which an error occurred, Certbot wouldn't clean up performed challenges. - The parameters `default` and `ipv6only` are now removed from `listen` directives when creating a new server block in the Nginx plugin. - `server_name` directives enclosed in quotation marks in Nginx are now properly supported. - Resolved an issue preventing the Apache plugin from starting Apache when it's not currently running on RHEL and Gentoo based systems. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.22 2018/03/23 14:37:08 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.23.0 @ 1.22 log @security/py-certbot: Update to 0.22.2. 0.22.2 - A type error introduced in 0.22.1 that would occur during challenge cleanup when a Certbot plugin raises an exception while trying to complete the challenge was fixed. 0.22.1 - The ACME server used with Certbot's --dry-run and --staging flags is now Let's Encrypt's ACMEv2 staging server which allows people to also test ACMEv2 features with these flags. - The HTTP Content-Type header is now set to the correct value during certificate revocation with new versions of the ACME protocol. - When using Certbot with Let's Encrypt's ACMEv2 server, it would add a blank line to the top of chain.pem and between the certificates in fullchain.pem for each lineage. These blank lines have been removed. - Resolved a bug that caused Certbot's --allow-subset-of-names flag not to work. - Fixed a regression in acme.client.Client that caused the class to not work when it was initialized without a ClientNetwork which is done by some of the other projects using our ACME library. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.21 2018/03/13 10:08:51 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.22.2 @ 1.21 log @security/py-certbot: Update to 0.22.0 ### Added - Support for obtaining wildcard certificates and a newer version of the ACME protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2 endpoint was added to Certbot and its ACME library. Certbot still works with older ACME versions and will automatically change the version of the protocol used based on the version the ACME CA implements. - The Apache and Nginx plugins are now able to automatically install a wildcard certificate to multiple virtual hosts that you select from your server configuration. - The `certbot install` command now accepts the `--cert-name` flag for selecting a certificate. - `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library which automatically handles most of the differences between new and old ACME versions. `acme.client.ClientV2` is also available for people who only want to support one version of the protocol or want to handle the differences between versions themselves. - certbot-auto now supports the flag --install-only which has the script install Certbot and its dependencies and exit without invoking Certbot. - Support for issuing a single certificate for a wildcard and base domain was added to our Google Cloud DNS plugin. To do this, we now require your API credentials have additional permissions, however, your credentials will already have these permissions unless you defined a custom role with fewer permissions than the standard DNS administrator role provided by Google. These permissions are also only needed for the case described above so it will continue to work for existing users. For more information about the permissions changes, see the documentation in the plugin. ### Changed - We have broken lockstep between our ACME library, Certbot, and its plugins. This means that the different components do not need to be the same version to work together like they did previously. This makes packaging easier because not every piece of Certbot needs to be repackaged to ship a change to a subset of its components. - Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot, Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL 6 based system, it will walk you through the process of installing Certbot with Python 3 and refuse to upgrade to a newer version of Certbot until you have done so. - Certbot's components now work with older versions of setuptools to simplify packaging for EPEL 7. ### Fixed - Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives has been resolved. - A problem where Certbot's Apache plugin would add redundant include directives for the TLS configuration managed by Certbot has been fixed. - Certbot's webroot plugin now properly deletes any directories it creates. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.20 2018/02/02 15:36:08 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.22.0 @ 1.20 log @Update security/py-{acme,certbot} to 0.21.1. - When creating an HTTP to HTTPS redirect in Nginx, we now ensure the Host header of the request is set to an expected value before redirecting users to the domain found in the header. The previous way Certbot configured Nginx redirects was a potential security issue - Fixed a problem where Certbot's Apache plugin could fail HTTP-01 challenges if basic authentication is configured for the domain you request a certificate for. - certbot-auto --no-bootstrap now properly tries to use Python 3.4 on RHEL 6 based systems rather than Python 2.6. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.19 2018/01/22 13:37:25 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.21.1 @ 1.19 log @Update security/py-{acme,certbot} to 0.21.0. ### Added - Support for the HTTP-01 challenge type was added to our Apache and Nginx plugins. - IPv6 support was added to the Nginx plugin. - Support for automatically creating server blocks based on the default server block was added to the Nginx plugin. - The flags --delete-after-revoke and --no-delete-after-revoke were added allowing users to control whether the revoke subcommand also deletes the certificates it is revoking. ### Changed - We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME library. - We split our implementation of JOSE (Javascript Object Signing and Encryption) out of our ACME library and into a separate package named josepy. - We updated the ciphersuites used in Apache to the new values recommended by Mozilla ### Fixed - An issue with our Apache plugin on Gentoo due to differences in their apache2ctl command have been resolved. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.18 2017/12/09 16:39:03 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.21.0 @ 1.18 log @Update security/py-{acme,certbot} to 0.20.0. 0.20.0 - 2017-12-06 - Certbot's ACME library now recognizes URL fields in challenge objects in preparation for Let's Encrypt's new ACME endpoint. - The Apache plugin now parses some distro specific Apache configuration files on non-Debian systems allowing it to get a clearer picture on the running configuration. - Certbot better reports network failures by removing information about connection retries from the error output. - An unnecessary question when using Certbot's webroot plugin interactively has been removed. - Certbot's NGINX plugin no longer sometimes incorrectly reports that it was unable to deploy a HTTP->HTTPS redirect when requesting Certbot to enable a redirect for multiple domains. - Problems where the Apache plugin was failing to find directives and duplicating existing directives on openSUSE have been resolved. - An issue running the test shipped with Certbot and some our DNS plugins with older versions of mock have been resolved. - On some systems, users reported strangely interleaved output depending on when stdout and stderr were flushed. 0.19.0 - 2017-10-04 - Certbot now has renewal hook directories where executable files can be placed for Certbot to run with the renew subcommand. - After revoking a certificate with the revoke subcommand, Certbot will offer to delete the lineage associated with the certificate. - When using Certbot's Google Cloud DNS plugin on Google Compute Engine, you no longer have to provide a credential file to Certbot if you have configured sufficient permissions for the instance which Certbot can automatically obtain using Google's metadata service. - When deleting certificates interactively using the delete subcommand, Certbot will now allow you to select multiple lineages to be deleted at once. - Certbot's Apache plugin no longer always parses Apache's sites-available on Debian based systems and instead only parses virtual hosts included in your Apache configuration. - The plugins subcommand can now be run without root access. - certbot-auto now includes a timeout when updating itself so it no longer hangs indefinitely when it is unable to connect to the external server. - An issue where Certbot's Apache plugin would sometimes fail to deploy a certificate on Debian based systems if mod_ssl wasn't already enabled has been resolved. - A bug in our Docker image where the certificates subcommand could not report if certificates maintained by Certbot had been revoked has been fixed. - Certbot's RFC 2136 DNS plugin (for use with software like BIND) now properly performs DNS challenges when the domain being verified contains a CNAME record. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.17 2017/09/27 12:44:39 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.20.0 @ 1.17 log @Update security/py-certbot to 0.18.2. - An issue where Certbot's ACME module would raise an AttributeError trying to create self-signed certificates when used with pyOpenSSL 17.3.0 has been resolved. For Certbot users with this version of pyOpenSSL, this caused Certbot to crash when performing a TLS SNI challenge or when the Nginx plugin tried to create an SSL server block. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.16 2017/09/13 10:28:42 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.18.2 @ 1.16 log @Update security/py-certbot to 0.18.1. - The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman parameters. - certbot-auto now installs Certbot in directories under /opt/eff.org. - The Nginx plugin can now be selected in Certbot's interactive output. - Output verbosity of renewal failures when running with --quiet has been reduced. - The default revocation reason shown in Certbot help output now is a human readable string instead of a numerical code. - Plugin selection is now included in normal terminal output. - A newer version of ConfigArgParse is now installed when using certbot-auto causing values set to false in a Certbot INI configuration file to be handled intuitively. - New naming conventions preventing certbot-auto from installing OS dependencies on Fedora 26 have been resolved. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.15 2017/09/07 09:12:23 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.18.1 @ 1.15 log @Update security/py-certbot to 0.18.0. ### Added - The Nginx plugin now configures Nginx to use 2048-bit Diffie-Hellman parameters. ### Changed - certbot-auto now installs Certbot in directories under `/opt/eff.org`. - The Nginx plugin can now be selected in Certbot's interactive output. - Output verbosity of renewal failures when running with `--quiet` has been reduced. - The default revocation reason shown in Certbot help output now is a human readable string instead of a numerical code. - Plugin selection is now included in normal terminal output. ### Fixed - A newer version of ConfigArgParse is now installed when using certbot-auto causing values set to false in a Certbot INI configuration file to be handled intuitively. - New naming conventions preventing certbot-auto from installing OS dependencies on Fedora 26 have been resolved. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.14 2017/08/03 22:12:17 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.18.0 @ 1.14 log @Update security/py-certbot and security/py-acme to 0.17.0. ### Added - Support in our nginx plugin for modifying SSL server blocks that do not contain certificate or key directives. - A `--max-log-backups` flag to allow users to configure or even completely disable Certbot's built in log rotation. - A `--user-agent-comment` flag to allow people who build tools around Certbot to differentiate their user agent string by adding a comment to its default value. ### Changed - Due to some awesome work by cryptography project, compilation can now be avoided on most systems when using certbot-auto. - The `--renew-hook` flag has been hidden in favor of `--deploy-hook`. - We have started printing deprecation warnings in certbot-auto for experimentally supported systems with OS packages available. - A certificate lineage's name is included in error messages during renewal. ### Fixed - Encoding errors that could occur when parsing error messages from the ACME server containing Unicode have been resolved. - certbot-auto no longer prints misleading messages about there being a newer pip version available when installation fails. - Certbot's ACME library now properly extracts domains from critical SAN extensions. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.13 2017/08/02 20:31:29 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.17.0 @ 1.13 log @Update security/py-certbot to 0.16.0. Added - A plugin for performing DNS challenges using dynamic DNS updates as defined in RFC 2316 (available separately). - Plugins for performing DNS challenges for the providers DNS Made Easy and LuaDNS (available separately). - Support for performing TLS-SNI-01 challenges when using the manual plugin. - Automatic detection of Arch Linux in the Apache plugin providing better default settings for the plugin. Changed - The text of the interactive question about whether a redirect from HTTP to HTTPS should be added by Certbot has been rewritten to better explain the choices to the user. - Simplified HTTP challenge instructions in the manual plugin. Fixed - Problems performing a dry run when using the Nginx plugin have been fixed. - Resolved an issue where certbot-dns-digitalocean's test suite would sometimes fail when ran using Python 3. - On some systems, previous versions of certbot-auto would error out with a message about a missing hash for setuptools. - A bug where Certbot would sometimes not print a space at the end of an interactive prompt has been resolved. - Nonfatal tracebacks are no longer shown in rare cases where Certbot encounters an exception trying to close its TCP connection with the ACME server. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.12 2017/06/14 13:16:08 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.16.0 @ 1.12 log @Update security/py-certbot and security/py-acme to 0.15.0 Added - Plugins for performing DNS challenges for popular providers - IPv6 support in the standalone plugin. - A mechanism for keeping your Apache and Nginx SSL/TLS configuration up to date. - --http-01-address and --tls-sni-01-address flags for controlling the address Certbot listens on when using the standalone plugin. - The command certbot certificates that lists certificates managed by Certbot now performs additional validity checks to notify you if your files have become corrupted. Changed - Messages custom hooks print to stdout are now displayed by Certbot when not running in --quiet mode. - jwk and alg fields in JWS objects have been moved into the protected header causing Certbot to more closely follow the latest version of the ACME spec. Fixed - Permissions on renewal configuration files are now properly preserved when they are updated. - A bug causing Certbot to display strange defaults in its help output when using Python <= 2.7.4 has been fixed. - Certbot now properly handles mixed case domain names found in custom CSRs. - A number of poorly worded prompts and error messages. Removed - Support for OpenSSL 1.0.0 in certbot-auto has been removed as we now pin a newer version of cryptography which dropped support for this version. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.11 2017/05/30 14:28:52 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.15.0 @ 1.11 log @Update security/py-certbot to 0.14.2. 0.14.2 - Certbot 0.14.0 included a bug where Certbot would create a temporary log file (usually in /tmp) if the program exited during argument parsing. 0.14.1 - Certbot now works with configargparse 0.12.0. - Issues with the Apache plugin and Augeas 1.7+ have been resolved. - A problem where the Nginx plugin would fail to install certificates on systems that had the plugin's SSL/TLS options file from 7+ months ago has been fixed. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.10 2017/05/11 08:23:35 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.14.2 @ 1.10 log @Update py-certbot and py-acme to 0.14.0. Use ALTERNATIVES to handle different Python versions better. 0.14.0 - 2017-05-04 Added - Python 3.3+ support for all Certbot packages. certbot-auto still currently only supports Python 2, but the acme, certbot, certbot-apache, and certbot-nginx packages on PyPI now fully support Python 2.6, 2.7, and 3.3+. - Certbot's Apache plugin now handles multiple virtual hosts per file. - Lockfiles to prevent multiple versions of Certbot running simultaneously. Changed - When converting an HTTP virtual host to HTTPS in Apache, Certbot only copies the virtual host rather than the entire contents of the file it's contained in. - The Nginx plugin now includes SSL/TLS directives in a separate file located in Certbot's configuration directory rather than copying the contents of the file into every modified server block. Fixed - Ensure logging is configured before parts of Certbot attempt to log any messages. - Support for the --quiet flag in certbot-auto. - Reverted a change made in a previous release to make the acme and certbot packages always depend on argparse. This dependency is conditional again on the user's Python version. - Small bugs in the Nginx plugin such as properly handling empty server blocks and setting server_names_hash_bucket_size during challenges. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.9 2017/04/06 19:51:15 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.14.0 @ 1.9 log @Update security/py-certbot and security/py-acme to 0.13.0. 0.13.0 - 2017-04-06 Added - --debug-challenges pauses Certbot after setting up challenges for debugging. - The Nginx parser can handle all valid directives in configuration files. - Nginx ciphersuites changed to Mozilla Intermediate. - certbot-auto --no-bootstrap won't install OS dependencies. Fixed - --register-unsafely-without-email respects --quiet. - Hyphenated renewalparams are now saved in renewal config files. - --dry-run no longer persists keys and csrs. - No longer hangs when trying to start Nginx in Arch Linux. - Apache rewrite rules no longer double-encode characters. 0.12.0 - 2017-03-02 Added - Allow non-camelcase Apache VirtualHost names - Allow more log messages to be silenced Fixed - Fix a regression around using --cert-name when getting new certificates @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.8 2017/02/07 14:03:58 wiz Exp $ d6 1 a6 1 DISTNAME= certbot-0.13.0 @ 1.8 log @Updated py-certbot to 0.11.1. No concise changelog found. ~30 bugs/issues fixed. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.7 2017/01/25 12:34:07 wiz Exp $ d6 1 a6 1 DISTNAME= certbot-0.11.1 @ 1.7 log @Update py-acme and py-certbot to 0.10.1. All py-certbot self tests pass. 39 self test failures in py-acme (running py.test), one core dump in openssl (running make test). Changes: Test bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.6 2017/01/12 16:02:44 fhajny Exp $ d6 1 a6 1 DISTNAME= certbot-0.10.1 @ 1.6 log @Update security/py-{acme,certbot} to 0.10.0. No changelog released, commits closed for 0.10.0: - Stop IDisplay AssertionErrors - Add update_symlinks to "--help manage" - Hide rename command for 0.10.0 - Disable rename command for 0.10.0 - Break on failure to deploy cert - Incorrect success condition in nginx - certbot delete and rename evoke IDisplay - Put update_symlinks in certbot --help manage - Fix Error Message for invalid FQDNs - pyopenssl inject workaround - pyparsing.restOfLine is not a function, don't call it - Add information on updating [certbot|letsencrypt]-auto - Remove quotes so tilde is expanded - Correctly report when we skip hooks during renewal - Add line number to Augeas syntax error message - Mention line in (Apache) conf file in case of Augeas parse/syntax error - Fixes #3954 and adds a test to prevent regressions - Further OCSP improvements - `-n` doesn't like `force_interactive`? - Save allow_subset_of_names in renewal conf files - I promise checklists are OK (fixes #3934) - Return domains for _find_domains_or_certname - --cert-name causes explosions when trying to use "run" as an installer - Interactivity glitch in git master - Document some particularities of the revoke subcommand - test using os.path.sep not hardcoded / - Save --pre and --post hooks in renewal conf files, and run them in a sophisticated way - Don't add ServerAlias directives when the domain is already covered by a wildcard - Mitigate problems for people who run without -n - Use relative paths for livedir symlinks - Implement delete command - Use isatty checks before asking new questions - Ensure apt-cache is always running in English if we're going to grep - Sort the names by domain (then subdomain) before showing them - Merge the manual and script plugins - --allow-subset-of-names should probably be a renewalparam - Fix certbox-nginx address equality check - Implement our fancy new --help output - Make renew command respect the --cert-name flag - Error when using non-english locale on Debian - Document defaults - Improve simple --help output - Add pyasn1 back to le-auto - Mark Nginx vhosts as ssl when any vhost is on ssl at that address - Fully check for Nginx address equality - Preserve --must-staple in configuration for renewal (#3844) - Git master certbot is making executable renewal conf files? - Improve the "certbot certificates" output - Renewal: Preserve 'OCSP Must Staple' (option --must-staple) - Security enhancement cleanup - Parallalelise nosetests from tox - "certbot certificates" is API-like, so make it future-proof - Fix LE_AUTO_SUDO usage - Remove the sphinxcontrib.programout [docs]dependency - No more relative path connection from live-crt to archive-crt files - Ensure tests pass with openssl 1.1 - Output success message for revoke command - acme module fails tests with openssl 1.1 - Pin pyopenssl 16.2.0 in certbot-auto - Fixed output of `certbot-auto --version`(#3637). - Take advantage of urllib3 pyopenssl rewrite - Busybox support - Fix --http-01-port typo at source - Implement the --cert-name flag to select a lineage by its name. - Fix reinstall message - Changed plugin interface return types (#3748). - Remove letshelp-letsencrypt - Bump pyopenssl version - Bump python-cryptography to 1.5.3 - Remove get_all_certs_keys() from Apache and Nginx - Further merge --script-* with --*-hook - Certbot opens curses sessions for informational notices, breaking automation - Fix writing pem files with Python3 - Strange reinstallation errors - Don't re-add redirects if one exists - Use subprocess.Popen.terminate instead of os.killpg - Generalize return types for plugin interfaces - Don't re-append Nginx redirect directive - Cli help is sometimes wrong about what the default for something is - [certbot-auto] Bump cryptography version to 1.5.2 - python-cryptography build failure on sid - Remove sphinxcontrib-programoutput dependency? - Allow notification interface to not wrap text - Fix non-ASCII domain check. - Add renew_hook to options stored in the renewal config, #3394 - Where oh where has sphinxcontrib-programoutput gone? - Remove some domain name checks. - Allowing modification check to run using "tox" - How to modify *-auto - Don't crash when U-label IDN provided on command line - Add README file to each live directory explaining its contents. - Allow user to select all domains by typing empty string at checklist - Fix issue with suggest_unsafe undeclared - Update docs/contributing.rst to match display behavior during release. - Referencing unbound variable in certbot.display.ops.get_email - Add list-certs command - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Specify archive directory in renewal configuration file - 0.9.1 fails in non-interactive use (pythondialog, error opening terminal) - Allow certbot to get a cert for default_servers - [nginx] Cert for two domains in one virtaulhost fails - [nginx] --hsts and --uir flags not working? - `certbot-auto --version` still says `letsencrypt 0.9.3` (should say `certbot 0.9.3`?) - Add a cli option for "all domains my installer sees" - Stop rejecting punycode domain names - Standalone vs. Apache for available ports - nginx-compatibility-weirdness - Support requesting IDNA2008 Punycode domains - Cert Management Improvement Project (C-MIP) - Add --lineage command line option for nicer SAN management. - Fix requirements.txt surgery in response to shipping certbot-nginx - Use correct Content-Types in headers. - Missing Content-Type 'application/json' in POST requests - Script plugin - Inconsistent error placement - Server alias [revision requested] - When getopts is called multiple time we need to reset OPTIND. - certbot-auto: Print link to doc on debugging pip install error [revision requested] - Update ACME error namespace to match the new draft. - Update errors to match latest ACME version. - Testing the output of build.py against lea-source/lea - Make return type of certbot.interfaces.IInstaller.get_all_keys_certs() an iterator - Fix requirements file surgery for 0.10.0 release - Update Where Are My Certs section. - Hooks do not get stored in renewal config file - Multiple vhosts - Bind to IPv6, fix the problem of ipv6 site cannot generate / renew certificate [revision requested] - Warning message for low memory servers - Run simple certbot-auto tests with `tox` - letsencrypt-auto-source/letsencrypt-auto should be the output of build.py - DialogError should come with --text instructions - Support correct error namespace - Verification URL after successful certificate configuration can't be opened from terminal - Use appropriate caution when handling configurations that have complex rewrite logic - `revoke` doesn't output any status - adding -delete option to remove the cert files - Stop using simple_verify in manual plugin - Ways of specifying what to renew - Allow removing SAN from multidomain certificate when renewing - Dialog is sometimes ugly - Allow user to override sudo as root authorization method [minor revision requested] - Add a README file to each live directory explaining its contents - ExecutableNotFound @ text @d1 2 a2 1 # $NetBSD: Makefile.common,v 1.5 2016/10/19 13:45:54 wiz Exp $ d6 1 a6 1 DISTNAME= certbot-0.10.0 @ 1.5 log @Update py-certbot and py-acme to 0.9.3. Changelog not found. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.4 2016/10/11 09:23:35 fhajny Exp $ d5 1 a5 1 DISTNAME= certbot-0.9.3 @ 1.4 log @Update py-certbot and py-acme to 0.9.1. No changelog available, issues closed since 0.8.1: certbot 0.9.1 - Make --quiet reduce the logging level certbot 0.9.0 - Allow tests to pass without dnspython - Remove psutil dep - Renew symlink safety - Update Nginx redirect enhancement process to modify appropriate blocks - If lineages are in an inconsistent (non-deployed) state, deploy them - Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. - Remove pointless question - Tie Nginx OCSP stapling to enhancements system - Nginx server block selection: Handle non-80/443 ports - Include log retention count to 1000. - Make parser.py: add_server_directives documentation consistent with functionality - Fix Nginx prompt - Make Nginx error out if no matching server block is found - Only suggest names LE will accept - Implement Nginx server block selection - should_autorenew ignores symlinks - Fixes cffi errors in Travis during oldest tests - DNS challenge support in the manual plugin and general purpose --preferred-challenges flag - Fixed hash_bucket_size detection for nginx - Support both invalidEmail and invalidContact errors - Removes duplication between README.rst and resources.rst - Psutil tests - Allow tests to run when psutil isn't available - Tests fail on Certbot package due to missing psutil dependency - Hide the Nginx plugin - Add the Nginx plugin to certbot-auto - OCSP stapling in Nginx - Nginx plugin selection - Add certbot-nginx to certbot-auto - Missing links in README - clarify invalid email error in non-interactive - Replace '-' with '_' before filtering plugin settings - Fix extra or lack of spacing between words in help for renew flags - Fix Travis tests - Avoid importing conflicting security policy directives - Change log rotation scheme - Plugins with hyphens do not receive their args during renewal - Handle dns01 challenge into the manual plugin [see #3466] - Enable unit tests of certbot core on Python 3 - Add os-release ID_LIKE parsing if original distribution mapping not found in constants - Fix README typo - Nginx plugin domain selection - Fix spacing of nginx redirect blocks - Rationalise challenge and port selection flags - Remove psutil from requirements.txt - prevent Github commits from modifying certbot-auto and letsencrypt-auto - Gradually remove psutil dependency, bugfix [URGENT] - psutil fails to install because hash is missing when running certbot-auto - Failure to start Nginx after configuring redirect - Prepare docs to turn off the wiki - Certbot apache plugin fails with TypeError: 'NoneType' object has no attribute '__getitem__' - Change fatal warning to a fatal message - Fatal warnings - Apache default default - Deprecation fixes - New docs structure and introduction - Nginx charset_map and ${VARIABLE_SUBSTITUTION} parsing - Unclear error about invalid email in non-interactive mode - Use simple socket test for port availability if psutil not found - Python 3 support for certonly - Set dialog widgets to use autowidgetsize - Errors when run without root - Apache plugin PATH fallback - Automatically enable EPEL after prompting users - Multi-topic help listings - Installer error - Explain why Apache [appears] not to be installed - ErrorHandler causing errors - Update FreeBSD package name - Comment out corresponding RewriteConds for filtered RewriteRule - Permissive parsing of nginx map blocks - add nginx round-trip tests to tox/travis - Fix Unix signal handling in certbot.error_handler.ErrorHandler - Resuming error handling functions after a signal - Only write nginx config files if they've been modified - If the user picks "cancel" from the Apache vhost selection menu, Certbot doesn't exit - certbot removes http->https rules corrupts ruleset - Fix typo - Better document plugins and reversion - Nginx parser apparently can't parse "map" - Nginx plugin shouldn't write files it hasn't changed - Fix Nginx reversion - Merge Augeas fix for comment line continuations - Remove warning about nginx options file - Explain the most likely cause of a missing replay nonce error - Bump pyca package versions - Don't add wildcard listen if user has more specific configuration - Remove unused nosexcover dependency - Cleanup dev setup - Nginx space preservation - Set dialog widgets to use autowidgetsize - Printing pip output to terminal when -v is used - Log new cert and cert renewal - Log whether renewing or obtaining a new certificate - Added the argument --quiet and -q so then when used with a regular user there is no output to the screen. - certbot-auto not quiet when used with regular user - Adding sensible UI logging for typical user - Replace psutils dependency - Display DialogError details correctly - -v implies --text - Fix FQDN checks, closes #3057 and #3056 - Bug in FQDN detection: installer wrongly interprets _ - Installer thinks bare TLD is not a valid FQDN - Limiting tox envlist to really needed tests - trouble with Listen directives in CentOS 7 / ssl.conf - Remove dangling footnote - certbot-apache fails to parse files with comma in the filename - pip and verbosity - Dialog error messages - NcursesDisplay.menu: treat ESC as cancel - More useful error when running as non-root? - -v should imply --text - Update tox/instructions - Error that results when run without root is unclear - Enable EPEL in RPM bootstrapper - Add dns-01 challenge support to the ACME client - Apache plugin fails to parse OWASP's ModSecurity ruleset - Audit nginx plugin for guaranteed config reversion in case of error - NoInstallationError() from Apache plugin within renewal cron jobs due to /usr/sbin not being in the PATH - nginx http redirect - "No installers" error message not clear - HelpfulArgumentParser should know about flags that are relevant to several topics - Nginx configurator should preserve whitespace on output - server blocks added to nginx.conf - Nginx fails if ssl_session_cache already defined - nginx leaves dirty/modified config files - Sensible UI logging for typical user - nginx plugin issue with server block containing multiple servernames @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.3 2016/06/15 19:59:43 fhajny Exp $ d5 1 a5 1 DISTNAME= certbot-0.9.1 @ 1.3 log @Update security/py-certbot (and security/py-acme) to 0.8.1. No changelog provided, Github issues touched: - Update the autos in response to 0.8.1 release - Fix default detection - Provide nonroot guidance when logging gets EACCES. - Add additional warning with actual exception message during renewal - Interactive webroot values not stored in renewal config file - Preserve common name during renewal - Mageia Bootstrap - Initialize Augeas in a different method to be able to react to ImportError - Renew changes common name - Update letsencrypt-auto in response to Arch package rename - On Mac OSX: "ValueError: Invalid header value" - Strip "\n" from end of OS version string for OS X. - Revert "Use --force-reinstall to fix bad virtualenv package" - Exit if cannot bootstrap in certbot-auto - Add --disable-hook-validation - --post-hook validation too strict - letsencrypt-auto gives "sudo" is not available - mageia bootstrap [needs revision] - Install/compile fails of letsencrypt-auto on Smartos/Illumos @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.2 2016/06/03 11:30:14 fhajny Exp $ d5 1 a5 1 DISTNAME= certbot-0.8.1 @ 1.2 log @Update security/py-certbot to 0.8.0. Changes in 0.8.0 - The main new feature in this release is the register subcommand which can be used to register an account with the Let's Encrypt CA. Additionally, you can run certbot register --update-registration to change the e-mail address associated with your registration. Full commit log since 0.7.0: https://github.com/certbot/certbot/compare/v0.7.0...v0.8.0 Changes in 0.7.0: - --must-staple to request certificates from Let's Encrypt with the OCSP must staple extension - automatic configuration of OSCP stapling for Apache - requesting certificates for domains found in the common name of a custom CSR - a number of bug fixes Full commit log since 0.6.0 https://github.com/certbot/certbot/compare/v0.6.0...v0.7.0 @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.1 2016/05/25 18:18:16 fhajny Exp $ d5 1 a5 1 DISTNAME= certbot-0.8.0 @ 1.1 log @Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. @ text @d1 1 a1 1 # $NetBSD$ d5 1 a5 1 DISTNAME= certbot-0.6.0 @