Certbot 0.28.0 has just been released.
The big change in this release is that support for the TLS-SNI-01 challenge has been deprecated which you can read more about at Upcoming TLS-SNI Deprecation in Certbot.
The full changelog for the release is:
0.28.0 - 2018-11-7
--cert-name, and doesn’t accept both
- Use the ACMEv2 newNonce endpoint when a new nonce is needed, and newNonce is available in the directory.
- Removed documentation mentions of
#letsencryptIRC on Freenode.
- Write README to the base of (config-dir)/live directory
--manualwill explicitly warn users that earlier challenges should remain in place when setting up subsequent challenges.
- Warn when using deprecated acme.challenges.TLSSNI01
- Log warning about TLS-SNI deprecation in Certbot
- Stop preferring TLS-SNI in the Apache, Nginx, and standalone plugins
- OVH DNS plugin now relies on Lexicon>=2.7.14 to support HTTP proxies
- Default time the Linode plugin waits for DNS changes to propogate is now 1200 seconds.
- Match Nginx parser update in allowing variable names to start with
- Fix ranking of vhosts in Nginx so that all port-matching vhosts come first
- Correct OVH integration tests on machines without internet access.
- Stop caching the results of ipv6_info in http01.py
- Test fix for Route53 plugin to prevent boto3 making outgoing connections.
- The grammar used by Augeas parser in Apache plugin was updated to fix various parsing errors.
- The CloudXNS, DNSimple, DNS Made Easy, Gehirn, Linode, LuaDNS, NS1, OVH, and
Sakura Cloud DNS plugins are now compatible with Lexicon 3.0+.
Despite us having broken lockstep, we are continuing to release new versions of
all Certbot components during releases for the time being, however, the only
package with changes other than its version number was:
More details about these changes can be found on our GitHub repo: