upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-05-28 04:34:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Release 4.2.0 (#10394)

Browse source
This commit is contained in:
Brad Warren 2025-08-05 12:32:36 -07:00 committed by GitHub
commit f55ea6e70f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
30 changed files with 63 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
acme/docs/jws-help.txt
View file

@ -3,6 +3,6 @@ usage: jws [-h] [--compact] {sign,verify} ...
positional arguments:
{sign,verify}
optional arguments:
options:
-h, --help show this help message and exit
--compact

2
acme/setup.py
View file

@ -1,7 +1,7 @@
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'cryptography>=43.0.0',

2
certbot-apache/setup.py
View file

@ -1,7 +1,7 @@
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
# We specify the minimum acme and certbot version as the current plugin

2
certbot-compatibility-test/setup.py
View file

@ -1,7 +1,7 @@
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'certbot',

2
certbot-dns-cloudflare/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
# for now, do not upgrade to cloudflare>=2.20 to avoid deprecation warnings and the breaking

2
certbot-dns-digitalocean/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'python-digitalocean>=1.11', # 1.15.0 or newer is recommended for TTL support

2
certbot-dns-dnsimple/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
# This version of lexicon is required to address the problem described in

2
certbot-dns-dnsmadeeasy/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-dns-gehirn/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-dns-google/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'google-api-python-client>=1.6.5',

2
certbot-dns-linode/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-dns-luadns/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-dns-nsone/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-dns-ovh/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.15.1',

2
certbot-dns-rfc2136/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
# This version was chosen because it is the version packaged in RHEL 9 and Debian unstable. It

2
certbot-dns-route53/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'boto3>=1.15.15',

2
certbot-dns-sakuracloud/setup.py
View file

@ -4,7 +4,7 @@ import sys
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
'dns-lexicon>=3.14.1',

2
certbot-nginx/setup.py
View file

@ -1,7 +1,7 @@
from setuptools import find_packages
from setuptools import setup
version = '4.2.0.dev0'
version = '5.0.0.dev0'
install_requires = [
# We specify the minimum acme and certbot version as the current plugin

39
certbot/CHANGELOG.md
View file

@ -3,6 +3,45 @@
Certbot adheres to [Semantic Versioning](https://semver.org/).
<!-- towncrier release notes start -->
## 4.2.0 - 2025-08-05
### Added
- Added `--eab-hmac-alg` parameter to support custom HMAC algorithm for
External Account Binding.
([#10281](https://github.com/certbot/certbot/issues/10281))
### Changed
- Catches and ignores errors during the directory fetch for ARI checking so
that these errors do not hinder the actual certificate issuance.
([#10342](https://github.com/certbot/certbot/issues/10342))
- Removed the dependency on `pytz`.
([#10350](https://github.com/certbot/certbot/issues/10350))
- Deprecated `acme.crypto_util.probe_sni`
([#10386](https://github.com/certbot/certbot/issues/10386))
- Support for Python 3.9 was deprecated and will be removed in our next planned
release. ([#10390](https://github.com/certbot/certbot/issues/10390))
### Fixed
- The Certbot snap no longer sets the environment variable PYTHONPATH stopping
it from picking up Python files in the current directory and polluting the
environment for Certbot hooks written in Python.
([#10176](https://github.com/certbot/certbot/issues/10176),
[#10257](https://github.com/certbot/certbot/issues/10257))
- Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env
variables for use by post-hooks when certificate renewals fail, but we were
not actually setting them. Now, we are.
([#10259](https://github.com/certbot/certbot/issues/10259))
- Certbot now always uses the server value from the renewal configuration file
for ARI checks instead of the server value from the current invocation of
Certbot. This helps prevent ARI requests from going to the wrong server if
the user changes CAs.
([#10339](https://github.com/certbot/certbot/issues/10339))
## 4.1.1 - 2025-06-12
### Fixed

7
certbot/docs/cli-help.txt
View file

@ -36,7 +36,7 @@ manage your account:
--agree-tos Agree to the ACME server's Subscriber Agreement
-m EMAIL Email address for important account notifications
optional arguments:
options:
-h, --help show this help message and exit
-c CONFIG_FILE, --config CONFIG_FILE
path to config file (default: /etc/letsencrypt/cli.ini
@ -72,6 +72,9 @@ optional arguments:
None)
--eab-hmac-key EAB_HMAC_KEY
HMAC key for External Account Binding (default: None)
--eab-hmac-alg EAB_HMAC_ALG
HMAC algorithm for External Account Binding (default:
HS256)
--cert-name CERTNAME Certificate name to apply. This name is used by
Certbot for housekeeping and in file paths; it doesn't
affect the content of the certificate itself.
@ -139,7 +142,7 @@ optional arguments:
case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to
"". (default: CertbotACMEClient/4.1.1 (certbot;
"". (default: CertbotACMEClient/4.2.0 (certbot;
OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY
(SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel).
The flags encoded in the user agent are: --duplicate,

2
certbot/src/certbot/__init__.py
View file

@ -3,7 +3,7 @@ import sys
import warnings
# version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '4.2.0.dev0'
__version__ = '5.0.0.dev0'
if sys.version_info[:2] == (3, 9):

1
newsfragments/10176.fixed
View file

@ -1 +0,0 @@
The Certbot snap no longer sets the environment variable PYTHONPATH stopping it from picking up Python files in the current directory and polluting the environment for Certbot hooks written in Python.

1
newsfragments/10257.fixed
View file

@ -1 +0,0 @@
The Certbot snap no longer sets the environment variable PYTHONPATH stopping it from picking up Python files in the current directory and polluting the environment for Certbot hooks written in Python.

1
newsfragments/10259.fixed
View file

@ -1 +0,0 @@
Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env variables for use by post-hooks when certificate renewals fail, but we were not actually setting them. Now, we are.

1
newsfragments/10281.added
View file

@ -1 +0,0 @@
Added `--eab-hmac-alg` parameter to support custom HMAC algorithm for External Account Binding.

1
newsfragments/10339.fixed
View file

@ -1 +0,0 @@
Certbot now always uses the server value from the renewal configuration file for ARI checks instead of the server value from the current invocation of Certbot. This helps prevent ARI requests from going to the wrong server if the user changes CAs.

1
newsfragments/10342.changed
View file

@ -1 +0,0 @@
Catches and ignores errors during the directory fetch for ARI checking so that these errors do not hinder the actual certificate issuance.

1
newsfragments/10350.changed
View file

@ -1 +0,0 @@
Removed the dependency on `pytz`.

1
newsfragments/10386.changed
View file

@ -1 +0,0 @@
Deprecated `acme.crypto_util.probe_sni`

1
newsfragments/10390.changed
View file

@ -1 +0,0 @@
Support for Python 3.9 was deprecated and will be removed in our next planned release.