Certbot 5.3.0 Release

Client dev
1

Certbot 5.3.0 has just been released. The changelog for the release is:

Added

  • A new command line flag, --ip-address, has been added. This requests certificates with IP address SANs when using the standalone or manual plugin. Note that for Let's Encrypt's implementation of IP address certificates, you'll also need to pass --preferred-profile shortlived. (#10495, #10544)

Changed

  • Deploy directory hooks are now also run when using certbot certonly or certbot run to get a new cert. This change was made for pre and post directory hooks in our 3.2.0 release so this change unifies Certbot's behavior here. (#9978)
  • A few largely unused functions/types have been deprecated in our effort to remove our pyOpenSSL dependency:
    * Deprecated: certbot.crypto_util.get_sans_from_cert
    * Deprecated: certbot.crypto_util.get_names_from_cert
    * Deprecated: certbot.crypto_util.get_names_from_req
    * Deprecated: certbot.crypto_util.import_csr_file (and replaced by certbot.crypto_util.read_csr_file)
    * Deprecated: acme.crypto_util.Format (#10433)
  • achallenges.KeyAuthorizationAnnotatedChallenge, achallenges.DNS, and achallenges.Other have a new field identifier, of type acme.messages.Identifier. This should be used in place of the domain field, which is now deprecated both as an attribute and during object creation. (#10491)
  • Authenticator.get_chall_pref's argument has been renamed from domain to identifier, and can now receive string-formatted IP addresses in addition to domain names. (#10495)
  • san.DNSName now calls util.enforce_domain_sanity to reduce code duplication (#10519)

Fixed

  • Removed the outdated email address from our Python packages' metadata. (#10533)
  • The HTTP01.uri method will now properly enclose IPv6 addresses in square brackets. (#10548)
9 Likes
2

Weird, this links to a PR which doesn't mention IP addresses at all? I thought these release note items were automatically generated based on the PRs in between releases?

Looks like in #10544 support for the manual plugin was added. Not sure where it was added for the standalone plugin.

In any case, can't wait for #10543 to land :partying_face:

2 Likes
3

Thanks for the catch; that's a typo. Should be #10495, which is where standalone support was added. We then just updated the comment to include manual, instead of duplicating it to get both links in there.

4 Likes