[Certbot-dev] Certbot 0.21.0 Release

Brad Warren bmw at eff.org
Wed Jan 17 17:50:23 PST 2018 

We just released Certbot 0.21.0. The changelog for the release is:

## 0.21.0 - 2018-01-17

### Added

* Support for the HTTP-01 challenge type was added to our Apache and
Nginx plugins. For those not aware, Let's Encrypt disabled the
TLS-SNI-01 challenge type which was what was previously being used by
our Apache and Nginx plugins last week due to a security issue. For more
information about Let's Encrypt's change, click
[here](https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188). 
Our Apache and Nginx plugins will automatically switch to use HTTP-01 so
no changes need to be made to your Certbot configuration, however, you
should make sure your server is accessible on port 80 and isn't behind
an external proxy doing things like redirecting all traffic from HTTP to
HTTPS. HTTP to HTTPS redirects inside your Apache and Nginx
configuration are fine.
* IPv6 support was added to the Nginx plugin.
* Support for automatically creating server blocks based on the default
server block was added to the Nginx plugin.
* The flags --delete-after-revoke and --no-delete-after-revoke were
added allowing users to control whether the revoke subcommand also
deletes the certificates it is revoking.

### Changed

* We deprecated support for Python 2.6 and Python 3.3 in Certbot and its
ACME library. Support for these versions of Python will be removed in
the next major release of Certbot. If you are using certbot-auto on a
RHEL 6 based system, it will guide you through the process of installing
Python 3.
* We split our implementation of JOSE (Javascript Object Signing and
Encryption) out of our ACME library and into a separate package named
josepy.  This package is available on
[PyPI](https://pypi.python.org/pypi/josepy) and on
[GitHub](https://github.com/certbot/josepy).
* We updated the ciphersuites used in Apache to the new [values
recommended by
Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29). 
The major change here is adding ChaCha20 to the list of supported
ciphersuites.

### Fixed

* An issue with our Apache plugin on Gentoo due to differences in their
apache2ctl command have been resolved.

More details about these changes can be found on our GitHub repo:
https://github.com/certbot/certbot/milestone/47?closed=1

More information about the Certbot-dev mailing list