[Certbot-dev] Certbot 0.25.0 Release

Brad Warren bmw at eff.org
Wed Jun 6 16:00:11 PDT 2018


Certbot 0.25.0 has just been released. The changelog for the release is:

## 0.25.0 - 2018-06-06

### Added

* Support for the ready status type was added to acme. Without this change, Certbot and acme users will begin encountering errors when using Let's Encrypt's ACMEv2 API starting on June 19th for the staging environment and July 5th for production. See https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 for more information.
* Certbot now accepts the flag --reuse-key which will cause the same key to be used when the lineage is renewed rather than generating a new key. 
* You can now add multiple email addresses to your ACME account with Certbot by providing a comma separated list of emails to the --email flag.
* Support for Let's Encrypt's upcoming TLS-ALPN-01 challenge was added to acme.  For more information, see https://community.letsencrypt.org/t/tls-alpn-validation-method/63814/1.
* acme now supports specifying the source address to bind to when sending outgoing connections. You still cannot specify this address using Certbot.
* If you run Certbot against Let's Encrypt's ACMEv2 staging server but don't already have an account registered at that server URL, Certbot will automatically reuse your staging account from Let's Encrypt's ACMEv1 endpoint if it exists.
* Interfaces were added to Certbot allowing plugins to be called at additional points. The `GenericUpdater` interface allows plugins to perform actions every time `certbot renew` is run, regardless of whether any certificates are due for renewal, and the `RenewDeployer` interface allows plugins to perform actions when a certificate is renewed. See `certbot.interfaces` for more information.

### Changed

* When running Certbot with --dry-run and you don't already have a staging account, the created account does not contain an email address even if one was provided to avoid expiration emails from Let's Encrypt's staging server.
* certbot-nginx does a better job of automatically detecting the location of Nginx's configuration files when run on BSD based systems.
* acme now requires and uses pytest when running tests with setuptools with `python setup.py test`.
* `certbot config_changes` no longer waits for user input before exiting.

### Fixed

* Misleading log output that caused users to think that Certbot's standalone plugin failed to bind to a port when performing a challenge has been corrected.
* An issue where certbot-nginx would fail to enable HSTS if the server block already had an `add_header` directive has been resolved.
* certbot-nginx now does a better job detecting the server block to base the configuration for TLS-SNI challenges on.

Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only packages with functional changes were:

* acme 
* certbot
* certbot-apache
* certbot-nginx

More details about these changes can be found on our GitHub repo:
https://github.com/certbot/certbot/milestone/54?closed=1


More information about the Certbot-dev mailing list