Certbot 0.15.0 has been released

The changelog for this release is:


  • Plugins for performing DNS challenges for popular providers. Like the Apache and Nginx plugins, these plugins are packaged separately and not included in Certbot by default. So far, we have plugins for Amazon Route 53, Cloudflare, DigitalOcean, and Google Cloud which all work on Python 2.6, 2.7, and 3.3+. Additionally, we have plugins for CloudXNS, DNSimple, NS1 which work on Python 2.7 and 3.3+ (and not 2.6). Currently, there isn’t a good way to install these plugins when using certbot-auto, but that should change soon.
  • IPv6 support in the standalone plugin. When performing a challenge, the standalone plugin automatically handles listening for IPv4/IPv6 traffic based on the configuration of your system.
  • A mechanism for keeping your Apache and Nginx SSL/TLS configuration up to date. When the Apache or Nginx plugins are used, they place SSL/TLS configuration options in the root of Certbot’s config directory (/etc/letsencrypt by default). Now when a new version of these plugins run on your system, they will automatically update the file to the newest version if it is unmodified. If you manually modified the file, Certbot will display a warning giving you a path to the updated file which you can use as a reference to manually update your modified copy.
  • --http-01-address and --tls-sni-01-address flags for controlling the address Certbot listens on when using the standalone plugin.
  • The command certbot certificates that lists certificates managed by Certbot now performs additional validity checks to notify you if your files have become corrupted.


  • Messages custom hooks print to stdout are now displayed by Certbot when not running in --quiet mode.
  • jwk and alg fields in JWS objects have been moved into the protected header causing Certbot to more closely follow the latest version of the ACME spec.


  • A bug causing Certbot to display strange defaults in its help output when using Python <= 2.7.4 has been fixed.
  • Certbot now properly handles mixed case domain names found in custom CSRs.
  • A number of poorly worded prompts and error messages.


  • Support for OpenSSL 1.0.0 in certbot-auto has been removed as we now pin a newer version of cryptography which dropped support for this version.

More details about these changes can be found on our GitHub repo:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.