Certbot 0.32.0 has just been released. The changelog for the release is:
0.32.0 - 2019-03-06
Added
- If possible, Certbot uses built-in support for OCSP from recent cryptography
versions instead of the OpenSSL binary: as a consequence Certbot does not need
the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.
Changed
- Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the
warnings described at https://github.com/certbot/josepy/issues/13. - Apache plugin now respects CERTBOT_DOCS environment variable when adding
command line defaults. - The running of manual plugin hooks is now always included in Certbot’s log
output. - Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
- An ACME CA server may return a “Retry-After” HTTP header on authorization polling, as
specified in the ACME protocol, to indicate when the next polling should occur. Certbot now
reads this header if set and respect its value. - The
acmemodule avoids sending thekeyAuthorizationfield in the JWS
payload when responding to a challenge as the field is not included in the
current ACME protocol. To ease the migration path for ACME CA servers,
Certbot and itsacmemodule will first try the request without the
keyAuthorizationfield but will temporarily retry the request with the
field included if amalformederror is received. This fallback will be
removed in version 0.34.0.
Despite us having broken lockstep, we are continuing to release new versions of
all Certbot components during releases for the time being, however, the only
package with changes other than its version number was:
- acme
- certbot
- certbot-apache
- certbot-nginx
More details about these changes can be found on our GitHub repo.