Certbot 0.10.0 released


#1

Certbot 0.10.0 has been uploaded to PyPI. This is one of the largest Certbot updates we’ve ever done including changes such as:

  • The ability to customize and automatically complete DNS and HTTP domain validation challenges with the manual plugin. The flags --manual-auth-hook and --manual-cleanup-hook can now be provided when using the manual plugin to execute commands provided by the user to perform and clean up challenges provided by the CA. This is best used in complicated setups where the DNS challenge must be used or Certbot’s existing plugins cannot be used to perform HTTP challenges. For more information on how this works, see certbot --help manual.
  • A --cert-name flag for specifying the name to use for the certificate in Certbot’s configuration directory. Using this flag in combination with -d/--domains, a user can easily request a new certificate with different domains and save it with the name provided by --cert-name. Additionally, --cert-name can be used to select a certificate with the certonly and run subcommands so a full list of domains in the certificate does not have to be provided.
  • The subcommand certificates for listing the certificates managed by Certbot and their properties.
  • A delete subcommand for removing certificates managed by Certbot from the configuration directory.
  • Support for requesting internationalized domain names (IDNs).
  • Removal of the ncurses interface. This change solves problems people were having on many systems, reduces the number of Certbot dependencies, and simplifies our code. Certbot’s only interface now is the text interface which was available by providing -t/--text to earlier versions of Certbot.
  • Hooks provided to Certbot are now saved to be reused during renewal. If you run Certbot with --pre-hook, --renew-hook, or --post-hook flags when obtaining a certificate, the provided commands will automatically be saved and executed again when renewing the certificate. A pre-hook and/or post-hook can also be given to the certbot renew command either on the command line or in a configuration file to run an additional command before/after any certificate is renewed. Hooks will only be run if a certificate is renewed.
  • Recategorized -h/--help output to improve documentation and discoverability.
  • Busybox support in certbot-auto.
  • Many small bug fixes.

For a complete list of changes in this release, please see our 0.10.0 milestone on GitHub:
https://github.com/certbot/certbot/issues?q=is%3Aissue milestone%3A0.10.0 is%3Aclosed


#2

Well done to the team on all the hard work. Certbot is making great strides !!!


#3

It sounds like all the pieces are in place, but since you haven’t explicitly said it: does this mean it’s now possible to fully automate renewals using the DNS challenge?


#4

@jmorahan: yes, it is now possible to fully automate renewals using the DNS challenge. The user has to provide a script capable of configuring their DNS, but Certbot will run that script during renewal and set environment variables with the values needed to complete the challenge. This functionality is in the manual plugin which you can learn more about by running certbot --help manual.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.