Certbot 0.32.0 Release

Certbot 0.32.0 has just been released. The changelog for the release is:

0.32.0 - 2019-03-06

Added

  • If possible, Certbot uses built-in support for OCSP from recent cryptography
    versions instead of the OpenSSL binary: as a consequence Certbot does not need
    the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.

Changed

  • Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the
    warnings described at https://github.com/certbot/josepy/issues/13.
  • Apache plugin now respects CERTBOT_DOCS environment variable when adding
    command line defaults.
  • The running of manual plugin hooks is now always included in Certbot’s log
    output.
  • Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
  • An ACME CA server may return a “Retry-After” HTTP header on authorization polling, as
    specified in the ACME protocol, to indicate when the next polling should occur. Certbot now
    reads this header if set and respect its value.
  • The acme module avoids sending the keyAuthorization field in the JWS
    payload when responding to a challenge as the field is not included in the
    current ACME protocol. To ease the migration path for ACME CA servers,
    Certbot and its acme module will first try the request without the
    keyAuthorization field but will temporarily retry the request with the
    field included if a malformed error is received. This fallback will be
    removed in version 0.34.0.

Despite us having broken lockstep, we are continuing to release new versions of
all Certbot components during releases for the time being, however, the only
package with changes other than its version number was:

  • acme
  • certbot
  • certbot-apache
  • certbot-nginx

More details about these changes can be found on our GitHub repo.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.