Certbot 5.1.0 Release

Client dev
1

Certbot 5.1.0 has just been released. The changelog for the release is:

5.1.0 - 2025-10-07

Changed

  • certbot-nginx no longer creates and uses self-signed certificates as an
    intermediate step when installing certificates. The certificates the user
    requested Certbot install are now always used instead.
    (#10465)
  • The function acme.crypto_util.make_self_signed_cert was deprecated and will
    be removed in a future release.
    (#10466)

Fixed

  • Fixed a bug in certbot-nginx that'd leave nginx configured with self-signed
    certificates if a user ran certbot enhance and they didn't have matching
    SSL server blocks. certbot enhance now requires the user to have a matching
    SSL server block to enable HSTS or OCSP stapling enhancements.
    (#10455)
10 Likes
2

Certbot is not staying up-to-date on FreeBSD, is this expected behavior?

root@fbsd:~ # uname -a
FreeBSD fbsd 14.3-RELEASE-p5 FreeBSD 14.3-RELEASE-p5 GENERIC amd64

root@fbsd:~ # certbot --version
certbot 4.2.0

Installed using these instructions https://certbot.eff.org/instructions?ws=nginx&os=freebsd

1 Like
3

And it seems on OpenBSD it is even older

# uname -a
OpenBSD aye5.my.domain 7.8 GENERIC.MP#54 amd64

# certbot --version
certbot 4.1.1
1 Like
4

@Bruce5051 AFAIK the Certbot devs are not in controle of those repositories ans their packages. Just like with the Debian/Ubuntu repos..

2 Likes
5

Fair enough @Osiris. But then maybe the https://certbot.eff.org/instructions should have a little asterisk note that "Install Certbot" might not be the most recent Certbot Release.

But it seem for

SNAP is an alternative (actually the preferred choice) is supplied for those supported platforms.

What is the better alternative for FreeBSD/OpenBSD supported platforms?

1 Like
6

Another client?

(I never really understood python packaging)

4 Likes
7

It's not Python, it's just how some repositories work or perhaps lack of interest of the packagers.

Gentoo for example already sports this latest release in testing: app-crypt/certbot – Gentoo Packages

1 Like
8

So are you saying the SNAP package developers are just on top of this most of the time?

1 Like
9

No, the Certbot team themselves can push the Certbot snap releases to the snapcraft repo, in contrast with distribution repositories.

2 Likes
10

Ok, so snapcraft repo is like an intermediate distribution for some linuxes?

1 Like
11

This is hardly the place to discuss this IMO, but it's a "third party" repository with the snap application handling most if not all aspects of it. It can co-exist next to the OS' repo.

1 Like