Certbot 1.29.0 has just been released! The changelog for the release is:
- Updated Windows installer to be signed and trusted in Windows
--allow-subset-of-nameswill now additionally retry in cases where domains are rejected while creating or finalizing orders. This requires subproblem support from the ACME server.
show_accountsubcommand now uses the "newAccount" ACME endpoint to fetch the account
data, so it doesn't rely on the locally stored account URL. This fixes situations where Certbot
would use old ACMEv1 registration info with non-functional account URLs.
The generated Certificate Signing Requests are now generated as version 1 instead of version 3. This resolves situations in where strict enforcement of PKCS#10 meant that CSRs that were generated as version 3 were rejected.
More details about these changes can be found on our GitHub repo.