In preparation for the release of version 0.4.0 of the python client, we are transitioning to a new version of the letsencrypt-auto script. As most of you know, letsencrypt-auto is available as an alternative for OS packaging, on those operating systems that do not yet have backported packages. The new version of the script includes a number of important improvements:
- A reproducible set of python package dependencies, enforced by version pinning and hash verification. (Previously, we trusted an HTTPS connection to PyPI for authenticity.)
- The script now updates itself as well as the underlying python client. If you don’t want this behavior, you can turn it off with
--no-self-upgrade(which turns off both client andletsencrypt-autoupdates). - A git clone operation is no longer required; you can now download the script as a single file and run it.
- Much faster execution on the second and subsequent times it is run, especially on slower network connections. (The script no longer checks for updates to each python dependency in turn nor auto-updates to the latest versions.)
As this post goes live, you will find the new script in the root of the GitHub client repo. If you want to keep using the old one, it will always be available at the root of the v0.3.0 release tag.
Thanks to @ErikRose for amazing work building the new letsencrypt-auto and to the community forum members who helped us test it.