Certbot 0.40.0 Release

Certbot 0.40.0 has just been released. The changelog for the release is:

0.40.0 - 2019-11-05


  • We deprecated support for Python 3.4 in Certbot and its ACME library. Support
    for Python 3.4 will be removed in the next major release of Certbot.
    certbot-auto users on RHEL 6 based systems will be asked to enable Software
    Collections (SCL) repository so Python 3.6 can be installed. certbot-auto can
    enable the SCL repo for you on CentOS 6 while users on other RHEL 6 based
    systems will be asked to do this manually.
  • --server may now be combined with --dry-run. Certbot will, as before, use the
    staging server instead of the live server when --dry-run is used.
  • --dry-run now requests fresh authorizations every time, fixing the issue
    where it was prone to falsely reporting success.
  • Updated certbot-dns-google to depend on newer versions of
    google-api-python-client and oauth2client.
  • The OS detection logic again uses distro library for Linux OSes
  • certbot.plugins.common.TLSSNI01 has been deprecated and will be removed in a
    future release.
  • CLI flags --tls-sni-01-port and --tls-sni-01-address have been removed.
  • The values tls-sni and tls-sni-01 for the --preferred-challenges flag are no
    longer accepted.
  • Removed the flags: --agree-dev-preview, --dialog, and --apache-init-script
  • acme.standalone.BaseRequestHandlerWithLogging and
    acme.standalone.simple_tls_sni_01_server have been deprecated and will be
    removed in a future release of the library.

More details about these changes can be found on our GitHub repo.


Out of curiosity, how does this work under the hood? Like, is there a way to ask Boulder not to use cached authorizations? Or is it just creating a new account?

Never mind. Figured it out from looking at the PR. Didn’t realize it was possible to explicitly deactivate authorizations.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.