* Release 0.22.1
(cherry picked from commit 05c75e34e2)
* Bump version to 0.23.0
(cherry picked from commit 6fd3a57791)
* Release 0.22.2
(cherry picked from commit ea445ed11e)
* Bump version to 0.23.0
(cherry picked from commit cbe87d451c66931a084f4e513d899aae085a37d3)
* Allow _acme-challenge as a zone
Like described here:
https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
Not using this patch may be an issue if the parent zone has been (where a wildcard certificate has been requested.) signed by DNSSEC.
Please consider this also for inclusion before dns-01 will be allowed for wildcards.
* Update dns_rfc2136.py
forgot one domain_name reference
* Update dns_rfc2136.py
moved domain up & added assignment.
* Update dns_rfc2136_test.py
tests adjusted to new calls.
* Update dns_rfc2136_test.py
Forgot on DOMAIN...
* Update dns_rfc2136_test.py
* Update dns_rfc2136.py
pydoc updates.
* Update dns_rfc2136.py
* feat(nginx plugin): add HSTS enhancement
* chore(nginx): factor out block-splitting code from redirect & hsts enhancements!
* chore(nginx): merge fixes
* address comments
* fix linter: remove a space
* fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment
* chore(nginx-hsts): Move added SSL directives to a constant on Configurator class
* fix(nginx-hsts): rebase on wildcard cert changes
- Fix code to log separate error messages when either SSLCertificateFile or SSLCertificateKeyFile -
directives are not found.
- Update the section in install.rst where the relevant error is referenced.
- Edit a docstring where 'cert' previously referred to certificate.
- Edit test_deploy_cert_invalid_vhost in the test suite to cover changes.
Fixes#5525.
* Remove aauthzr instance variable
* If domain begins with fail, fail the challenge.
* test --allow-subset-of-names
* Fix renewal and add extra check
* test after hook checks
* Add rrset list fallback
* List dns.resourceRecordSets.list as required
* Handle list failures differently for add and del
* Quote record content
* disable not-callable for iter_entry_points
* List update permission
Fixes#5490.
There's a lot of possibilities discussed in #5490, but I'll try and explain what I actually did here as succinctly as I can. Unfortunately, there's a fair bit to explain. My goal was to break lockstep and give us tests to ensure the minimum specified versions are correct without taking the time now to refactor our whole test setup.
To handle specifying each package's minimum acme/certbot version, I added a requirements file to each package. This won't actually be included in the shipped package (because it's not in the MANIFEST).
After creating these files and modifying tools/pip_install.sh to use them, I created a separate tox env for most packages (I kept the DNS plugins together for convenience). The reason this is necessary is because we currently use a single environment for each plugin, but if we used this approach for these tests we'd hit issues due to different installed plugins requiring different versions of acme/certbot. There's a lot more discussion about this in #5490 if you're interested in this piece. I unfortunately wasted a lot of time trying to remove the boilerplate this approach causes in tox.ini, but to do this I think we need negations described at complex factor conditions which hasn't made it into a tox release yet.
The biggest missing piece here is how to make sure the oldest versions that are currently pinned to master get updated. Currently, they'll stay pinned that way without manual intervention and won't be properly testing the oldest version. I think we should solve this during the larger test/repo refactoring after the release because the tests are using the correct values now and I don't see a simple way around the problem.
Once this lands, I'm planning on updating the test-everything tests to do integration tests with the "oldest" versions here.
* break lockstep between packages
* Use per package requirements files
* add local oldest requirements files
* update tox.ini
* work with dev0 versions
* Install requirements in separate step.
* don't error when we don't have requirements
* install latest packages in editable mode
* Update .travis.yml
* Add reminder comments
* move dev to requirements
* request acme[dev]
* Update pip_install documentation
* support wildcards for deploy_cert
* support wildcards for enhance
* redirect enhance and some tests
* update tests
* add display_ops and display_repr
* update display_ops_test and errors found
* say server block
* match redirects properly
* functional code
* start adding tests and lint errors
* add configurator tests
* lint
* change message to be generic to installation and enhancement
* remove _wildcard_domain
* take selecting vhosts out of loop
* remove extra newline
* filter wildcard vhosts by port
* lint
* don't filter by domain
* [^.]+
* lint
* make vhost hashable
* one more tuple
* Use newer boulder config
* Use ACMEv2 endpoint if requested
* Add v2 integration tests
* Work with unset variables
* Add wildcard issuance test
* quote domains
In `deploy_cert()` and `enhance()`, the user will be presented with a dialog to choose from the VirtualHosts that can be covered by the wildcard domain name. The (multiple) selection result will then be handled in a similar way that we previously handled a single VirtualHost that was returned by the `_find_best_vhost()`.
Additionally the selected VirtualHosts are added to a dictionary that maps selections to a wildcard domain to be reused in the later `enhance()` call and not forcing the user to select the same VirtualHosts again.
* Apache plugin wildcard support
* Present dialog only once per domain, added tests
* Raise exception if no VHosts selected for wildcard domain
* Add is_wildcard_domain to certbot.util.
* Error with --allow-subset-of-names and wildcards.
* Fix issue preventing wildcard cert issuance.
* Kill assumption domain is unique in auth_handler
* fix typo and add test
* update comments
* Allow revoke to pass in a url
* Add revocation support to ACMEv2.
* Provide regr for account based revocation.
* Add revoke wrapper to BackwardsCompat client
