Certbot 0.25.0 has just been released. The changelog for the release is:
0.25.0 - 2018-06-06
- Support for the ready status type was added to acme. Without this change, Certbot and acme users will begin encountering errors when using Let’s Encrypt’s ACMEv2 API starting on June 19th for the staging environment and July 5th for production. See ACMEv2 Order “ready” Status for more information.
- Certbot now accepts the flag --reuse-key which will cause the same key to be used when the lineage is renewed rather than generating a new key.
- You can now add multiple email addresses to your ACME account with Certbot by providing a comma separated list of emails to the --email flag.
- Support for Let’s Encrypt’s upcoming TLS-ALPN-01 challenge was added to acme. For more information, see TLS-ALPN validation method.
- acme now supports specifying the source address to bind to when sending outgoing connections. You still cannot specify this address using Certbot.
- If you run Certbot against Let’s Encrypt’s ACMEv2 staging server but don’t already have an account registered at that server URL, Certbot will automatically reuse your staging account from Let’s Encrypt’s ACMEv1 endpoint if it exists.
- Interfaces were added to Certbot allowing plugins to be called at additional points. The
GenericUpdaterinterface allows plugins to perform actions every time
certbot renewis run, regardless of whether any certificates are due for renewal, and the
RenewDeployerinterface allows plugins to perform actions when a certificate is renewed. See
certbot.interfacesfor more information.
- When running Certbot with --dry-run and you don’t already have a staging account, the created account does not contain an email address even if one was provided to avoid expiration emails from Let’s Encrypt’s staging server.
- certbot-nginx does a better job of automatically detecting the location of Nginx’s configuration files when run on BSD based systems.
- acme now requires and uses pytest when running tests with setuptools with
python setup.py test.
certbot config_changesno longer waits for user input before exiting.
- Misleading log output that caused users to think that Certbot’s standalone plugin failed to bind to a port when performing a challenge has been corrected.
- An issue where certbot-nginx would fail to enable HSTS if the server block already had an
add_headerdirective has been resolved.
- certbot-nginx now does a better job detecting the server block to base the configuration for TLS-SNI challenges on.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only packages with functional changes were:
More details about these changes can be found on our GitHub repo: