Hey everyone, we just released Certbot 3.0.0! Despite being a major version bump, the changelog is actually quite modest -- the biggest changes involve deprecating the recently EOL'd Python 3.8, and upgrading our snap to use Python 3.12.
Importantly, because the snap has moved to a newer Python version, it's possible that some snap plugins you use may no longer work! We announced this change at the beginning of October, and although many plugins have updated to be compatible with 3.0, some still haven't. If Certbot detects an outdated snap plugin, it will display this warning:
The following plugins are using an outdated python version and must be updated to be compatible with Certbot 3.0. Please see https://community.letsencrypt.org/t/certbot-3-0-could-have-potential-third-party-snap-breakages/226940 for more information:
* <some plugin>
If this happens, it means the maintainer of that plugin needs to update their code. Luckily, we've put together a handy checklist for doing this!
And now, your regularly scheduled changelog:
3.0.0 - main
Changed
The update_symlinks command was removed.
The csr_dir and key_dir attributes on certbot.configuration.NamespaceConfig were removed.
The --manual-public-ip-logging-ok command line flag was removed.
The --dns-route53-propagation-seconds command line flag was removed.
The certbot_dns_route53.authenticator module has been removed. This should
not affect any users of the plugin and instead would only affect developers
trying to develop on top of the old code.
Support for Python 3.8 was deprecated and will be removed in our next planned
release.
More details about these changes can be found on our GitHub repo.
the biggest changes involve moving from the recently EOL'd Python 3.8 to 3.12
Support for Python 3.8 was deprecated and will be removed in our next planned release.
It looks like 3.8 is still supported - as well as 3.9, 3,10, and 3.11. Are you planning to deprecate everything below 3.12 in the next release?
For a moment I thought you're saying that Certbot's snap package will be on core24 and python3.12 -- but py3.10 looks to be the default python version on that...
So I am just really confused by this announcement. Can you elaborate on the planned support and deprecation timelines for 3.8 - 3.12 ?
Oops you're totally right, my wording conflated two different changes:
Certbot 3.0's snap now uses Python 3.12, and so snap plugins which still use Python 3.8 won't be loaded anymore. This is the main backwards-compatibility breaking change of 3.0
We've deprecated support for Python 3.8 more generally throughout the codebase, and will indeed remove support for it in the next release, Certbot 3.1. For non-snap installations, Python 3.9-3.12 will continue to be supported.
Sorry for the confusion, I'll update the main post to better reflect this!
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:238:
CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.
if not response_ocsp.this_update:
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:240:
CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.
if response_ocsp.this_update > now + timedelta(minutes=5):
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:242:
CryptographyDeprecationWarning: Properties that return a naïve datetime object have
been deprecated. Please switch to next_update_utc.
if response_ocsp.next_update and response_ocsp.next_update < now -timedelta(minutes=5):
Only snap deployment is materially affected by this release.
The new snap deployment upgrades the snap core, which now uses Python 3.12. Snap maintains it's own version of Python, which is only used by snap and is sideloaded next to the System Python. The snap deployments are configured to use the snap Python installation and not the system python installation.
The system Python is entirely unaffected.
This is the same as how Python.org distributes binaries that install in /usr/local/lib/python/{version} or similar - while the OS packages are installed in /usr/lib/python/{version} or similar.