Certbot 0.33.0 Release

Certbot 0.33.0 has just been released. The changelog for the release is:

0.33.0 - 2019-04-03

Added

  • Fedora 29+ is now supported by certbot-auto. Since Python 2.x is on a deprecation
    path in Fedora, certbot-auto will install and use Python 3.x on Fedora 29+.
  • CLI flag --https-port has been added for Nginx plugin exclusively, and replaces
    --tls-sni-01-port. It defines the HTTPS port the Nginx plugin will use while
    setting up a new SSL vhost. By default the HTTPS port is 443.

Changed

  • Support for TLS-SNI-01 has been removed from all official Certbot plugins.
  • Attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone
    modules are deprecated and will be removed soon.
  • CLI flags --tls-sni-01-port and --tls-sni-01-address are now no-op, will
    generate a deprecation warning if used, and will be removed soon.
  • Options tls-sni and tls-sni-01 in --preferred-challenges flag are now no-op,
    will generate a deprecation warning if used, and will be removed soon.
  • CLI flag --standalone-supported-challenges has been removed.

Fixed

  • Certbot uses the Python library cryptography for OCSP when cryptography>=2.5
    is installed. We fixed a bug in Certbot causing it to interpret timestamps in
    the OCSP response as being in the local timezone rather than UTC.
  • Issue causing the default CentOS 6 TLS configuration to ignore some of the
    HTTPS VirtualHosts created by Certbot. mod_ssl loading is now moved to main
    http.conf for this environment where possible.

Despite us having broken lockstep, we are continuing to release new versions of
all Certbot components during releases for the time being, however, the only
package with changes other than its version number was:

  • acme
  • certbot
  • certbot-apache
  • certbot-nginx

More details about these changes can be found on our GitHub repo.

4 Likes

shouldn’t --standalone-supported-challenges flag stay for when tls-alpn challenge enabled on certbot?

No. You can use --preferred-challenges instead.

--standalone-supported-challenges had been deprecated for a long time and does the same thing as --preferred-challenges except the latter works with all of Certbot’s plugins while the former just worked with standalone.

That’s a typo of --https-port, right?

Edit: Fix typo in my post. :smile:

1 Like

Yep. Thanks for pointing that out. I fixed it in the initial post.

I have 0.32 and trying to upgrade to 0.33 on macOS Mojave,
When I try brew upgrade certbot, I get 0.32 already installed.
Any help?

Hi @Plentipeppa,

The Homebrew formula for Certbot is maintained by Homebrew volunteers, not by us, so there can be a delay between the time that a new package is released “upstream” (by us) and when it’s available through that packaging system.

If you need the newest version right away, you could consider using our certbot-auto script, which automatically updates itself to the newest version, but if you can wait, it’s usually preferable to use the packaged version where possible.

Thanks Man,
Will try again tonight or tomorrow again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.