[Certbot-dev] Certbot 0.34.0 Release

Erica Portnoy erica at eff.org
Wed May 1 15:40:59 PDT 2019 

Certbot 0.34.0 was just released. The changelog for the release is:

## 0.34.0 - 2019-05-01

### Changed

* Apache plugin now tries to restart httpd on Fedora using systemctl if a
  configuration test error is detected. This has to be done due to the way
  Fedora now generates the self signed certificate files upon first
  restart.
* Updated Certbot and its plugins to improve the handling of file system
permissions
  on Windows as a step towards adding proper Windows support to Certbot.
* Updated urllib3 to 1.24.2 in certbot-auto.
* Removed the fallback introduced with 0.32.0 in `acme` to retry a
challenge response
  with a `keyAuthorization` if sending the response without this field
caused a
  `malformed` error to be received from the ACME server.
* Linode DNS plugin now supports api keys created from their new panel
  at [cloud.linode.com](https://cloud.linode.com)
* Adding a warning noting that future versions of Certbot will
automatically configure the
  webserver so that all requests redirect to secure HTTPS access. You
can control this
  behavior and disable this warning with the --redirect and
--no-redirect flags.
* certbot-auto now prints warnings when run as root with insecure file
system
  permissions. If you see these messages, you should fix the problem by
  following the instructions at
 
https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/,
  however, these warnings can be disabled as necessary with the flag
  --no-permissions-check.
* `acme` module uses now a POST-as-GET request to retrieve the registration
  from an ACME v2 server
* Convert the tsig algorithm specified in the certbot_dns_rfc2136
configuration file to
  all uppercase letters before validating. This makes the value in the
config case
  insensitive.

Despite us having broken lockstep, we are continuing to release new
versions of
all Certbot components during releases for the time being, however, the only
package with changes other than its version number was:

* acme
* certbot
* certbot-apache
* certbot-dns-cloudflare
* certbot-dns-cloudxns
* certbot-dns-digitalocean
* certbot-dns-dnsimple
* certbot-dns-dnsmadeeasy
* certbot-dns-gehirn
* certbot-dns-google
* certbot-dns-linode
* certbot-dns-luadns
* certbot-dns-nsone
* certbot-dns-ovh
* certbot-dns-rfc2136
* certbot-dns-route53
* certbot-dns-sakuracloud
* certbot-nginx

More details about these changes can be found on our GitHub repo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/certbot-dev/attachments/20190501/d6d5ea41/attachment.html>

More information about the Certbot-dev mailing list