We just released Certbot 0.21.0. The changelog for the release is:
0.21.0 - 2018-01-17
- Support for the HTTP-01 challenge type was added to our Apache and Nginx plugins. For those not aware, Let’s Encrypt disabled the TLS-SNI-01 challenge type which was what was previously being used by our Apache and Nginx plugins last week due to a security issue. For more information about Let’s Encrypt’s change, click here. Our Apache and Nginx plugins will automatically switch to use HTTP-01 so no changes need to be made to your Certbot configuration, however, you should make sure your server is accessible on port 80 and isn’t behind an external proxy doing things like redirecting all traffic from HTTP to HTTPS. HTTP to HTTPS redirects inside your Apache and Nginx configuration are fine.
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added allowing users to control whether the revoke subcommand also deletes the certificates it is revoking.
- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME library. Support for these versions of Python will be removed in the next major release of Certbot. If you are using certbot-auto on a RHEL 6 based system, it will guide you through the process of installing Python 3.
- We updated the ciphersuites used in Apache to the new values recommended by Mozilla. The major change here is adding ChaCha20 to the list of supported ciphersuites.
- An issue with our Apache plugin on Gentoo due to differences in their apache2ctl command have been resolved.
More details about these changes can be found on our GitHub repo: