The NetBSD Project

CVS log for pkgsrc/security/py-acme/Makefile

[BACK] Up to [] / pkgsrc / security / py-acme

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jun 11 14:22:01 2019 UTC (6 days, 16 hours ago) by triaxx
Branch: MAIN
Changes since 1.18: +4 -8 lines
Diff to previous 1.18 (colored)

py-acme: update to 0.35.0
py-certbot: update to 0.35.0
py-certbot-apache: update to 0.35.0
py-certbot-dns-luadns: update to 0.35.0
py-certbot-dns-nsone: update to 0.35.0
py-certbot-dns-ovh: update to 0.35.0
py-certbot-dns-rfc2136: update to 0.35.0
py-certbot-dns-route53: update to 0.35.0
py-certbot-dns-sakuracloud: update to 0.35.0
py-certbot-nginx: update to 0.35.0

pkgsrc changes:
* Add py-certbot/Makefile.common to make version number coherent

upstream changes:
- Added
    o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS)

- Fixed
    o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform.
    o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses.
    o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde.

- Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was:
    o certbot
    o certbot-dns-rfc2136

Revision 1.18 / (download) - annotate - [select for diffs], Fri May 17 06:46:30 2019 UTC (4 weeks, 4 days ago) by adam
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

py-acme py-certbot*: updated to 0.34.2


certbot-auto no longer writes a script at the root of the filesystem.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.

Revision 1.17 / (download) - annotate - [select for diffs], Tue May 7 08:50:36 2019 UTC (5 weeks, 6 days ago) by adam
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)

py-acme,py-cerbot*: updated to 0.34.1


certbot-auto no longer prints a blank line when there are no permissions problems.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.

More details about these changes can be found on our GitHub repo.

Apache plugin now tries to restart httpd on Fedora using systemctl if a configuration test error is detected. This has to be done due to the way Fedora now generates the self signed certificate files upon first restart.
Updated Certbot and its plugins to improve the handling of file system permissions on Windows as a step towards adding proper Windows support to Certbot.
Updated urllib3 to 1.24.2 in certbot-auto.
Removed the fallback introduced with 0.32.0 in acme to retry a challenge response with a keyAuthorization if sending the response without this field caused a malformed error to be received from the ACME server.
Linode DNS plugin now supports api keys created from their new panel at
Adding a warning noting that future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.
certbot-auto now prints warnings when run as root with insecure file system permissions. If you see these messages, you should fix the problem by following the instructions at, however, these warnings can be disabled as necessary with the flag --no-permissions-check.
acme module uses now a POST-as-GET request to retrieve the registration from an ACME v2 server
Convert the tsig algorithm specified in the certbot_dns_rfc2136 configuration file to all uppercase letters before validating. This makes the value in the config case insensitive.

Revision 1.16 / (download) - annotate - [select for diffs], Mon Apr 8 15:48:30 2019 UTC (2 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

py-acme,py-certbot*: updated to 0.33.1


A bug causing certbot-auto to print warnings or crash on some RHEL based systems has been resolved.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.


Fedora 29+ is now supported by certbot-auto. Since Python 2.x is on a deprecation path in Fedora, certbot-auto will install and use Python 3.x on Fedora 29+.
CLI flag --https-port has been added for Nginx plugin exclusively, and replaces --tls-sni-01-port. It defines the HTTPS port the Nginx plugin will use while setting up a new SSL vhost. By default the HTTPS port is 443.

Support for TLS-SNI-01 has been removed from all official Certbot plugins.
Attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone modules are deprecated and will be removed soon.
CLI flags --tls-sni-01-port and --tls-sni-01-address are now no-op, will generate a deprecation warning if used, and will be removed soon.
Options tls-sni and tls-sni-01 in --preferred-challenges flag are now no-op, will generate a deprecation warning if used, and will be removed soon.
CLI flag --standalone-supported-challenges has been removed.

Certbot uses the Python library cryptography for OCSP when cryptography>=2.5 is installed. We fixed a bug in Certbot causing it to interpret timestamps in the OCSP response as being in the local timezone rather than UTC.
Issue causing the default CentOS 6 TLS configuration to ignore some of the HTTPS VirtualHosts created by Certbot. mod_ssl loading is now moved to main http.conf for this environment where possible.

Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 10 15:23:50 2019 UTC (3 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

py-certbot: updated to 0.32.0

If possible, Certbot uses built-in support for OCSP from recent cryptography versions instead of the OpenSSL binary: as a consequence Certbot does not need the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.

Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the warnings described at
Apache plugin now respects CERTBOT_DOCS environment variable when adding command line defaults.
The running of manual plugin hooks is now always included in Certbot's log output.
Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
An ACME CA server may return a "Retry-After" HTTP header on authorization polling, as specified in the ACME protocol, to indicate when the next polling should occur. Certbot now reads this header if set and respect its value.
The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0.

Revision 1.14 / (download) - annotate - [select for diffs], Tue Feb 12 12:56:31 2019 UTC (4 months ago) by adam
Branch: MAIN
Changes since 1.13: +12 -10 lines
Diff to previous 1.13 (colored)

py-acme,py-certbot*: updated to 0.31.0


Avoid reprocessing challenges that are already validated when a certificate is issued.
Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module.

Certbot's official Docker images are now based on Alpine Linux 3.9 rather than 3.7. The new version comes with OpenSSL 1.1.1.
Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on 2.x branch is maintained).
Apache plugin now attempts to configure all VirtualHosts matching requested domain name instead of only a single one when answering the HTTP-01 challenge.

Fixed accessing josepy contents through acme.jose when the full acme.jose path is used.
Clarify behavior for deleting certs as part of revocation.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was:

More details about these changes can be found on our GitHub repo.

Revision 1.13 / (download) - annotate - [select for diffs], Sat Dec 15 21:12:22 2018 UTC (6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

*: update email for fhajny

Revision 1.12 / (download) - annotate - [select for diffs], Thu Sep 6 12:25:26 2018 UTC (9 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.11: +1 -2 lines
Diff to previous 1.11 (colored)

py-{acme,certbot}: Update to 0.27.0.

## 0.27.0 - 2018-09-05

### Added

- The Apache plugin now accepts the parameter --apache-ctl which can
  be used to configure the path to the Apache control script.

### Changed

- When using `acme.client.ClientV2` (or
 `acme.client.BackwardsCompatibleClientV2` with an ACME server that
 supports a newer version of the ACME protocol), an
 `acme.errors.ConflictError` will be raised if you try to create
 an ACME account with a key that has already been used. Previously,
 a JSON parsing error was raised in this scenario when using the
 library with Let's Encrypt's ACMEv2 endpoint.

### Fixed

- When Apache is not installed, Certbot's Apache plugin no longer
  prints messages about being unable to find apachectl to the
  terminal when the plugin is not selected.
- If you're using the Apache plugin with the --apache-vhost-root flag
  set to a directory containing a disabled virtual host for the
  domain you're requesting a certificate for, the virtual host will
  now be temporarily enabled if necessary to pass the HTTP challenge.
- The documentation for the Certbot package can now be built using
  Sphinx 1.6+.
- You can now call `query_registration` without having to first call
  `new_account` on `acme.client.ClientV2` objects.
- The requirement of `setuptools>=1.0` has been removed from
- Names in certbot-dns-sakuracloud's tests have been updated to refer
  to Sakura Cloud rather than NS1 whose plugin certbot-dns-sakuracloud
  was based on.

## 0.26.1 - 2018-07-17

### Fixed

- Fix a bug that was triggered when users who had previously manually
  set `--server` to get ACMEv2 certs tried to renew ACMEv1 certs.

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 28 15:33:52 2018 UTC (11 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.10: +3 -1 lines
Diff to previous 1.10 (colored)

security/py-acme: add dependency to py-requests-toolbelt

py-acme requires requests-toolbelt, fixing runtime problem of cy-certbot.


Revision 1.10 / (download) - annotate - [select for diffs], Tue Mar 13 10:08:51 2018 UTC (15 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)

security/py-certbot: Update to 0.22.0

### Added

- Support for obtaining wildcard certificates and a newer version of the ACME
  protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2
  endpoint was added to Certbot and its ACME library. Certbot still works with
  older ACME versions and will automatically change the version of the protocol
  used based on the version the ACME CA implements.
- The Apache and Nginx plugins are now able to automatically install a wildcard
  certificate to multiple virtual hosts that you select from your server
- The `certbot install` command now accepts the `--cert-name` flag for
  selecting a certificate.
- `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library
  which automatically handles most of the differences between new and old ACME
  versions. `acme.client.ClientV2` is also available for people who only want
  to support one version of the protocol or want to handle the differences
  between versions themselves.
- certbot-auto now supports the flag --install-only which has the script
  install Certbot and its dependencies and exit without invoking Certbot.
- Support for issuing a single certificate for a wildcard and base domain was
  added to our Google Cloud DNS plugin. To do this, we now require your API
  credentials have additional permissions, however, your credentials will
  already have these permissions unless you defined a custom role with fewer
  permissions than the standard DNS administrator role provided by Google.
  These permissions are also only needed for the case described above so it
  will continue to work for existing users. For more information about the
  permissions changes, see the documentation in the plugin.

### Changed

- We have broken lockstep between our ACME library, Certbot, and its plugins.
  This means that the different components do not need to be the same version
  to work together like they did previously. This makes packaging easier
  because not every piece of Certbot needs to be repackaged to ship a change to
  a subset of its components.
- Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot,
  Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL
  6 based system, it will walk you through the process of installing Certbot
  with Python 3 and refuse to upgrade to a newer version of Certbot until you
  have done so.
- Certbot's components now work with older versions of setuptools to simplify
  packaging for EPEL 7.

### Fixed

- Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives
  has been resolved.
- A problem where Certbot's Apache plugin would add redundant include
  directives for the TLS configuration managed by Certbot has been fixed.
- Certbot's webroot plugin now properly deletes any directories it creates.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 22 13:37:25 2018 UTC (16 months, 3 weeks ago) by fhajny
Branch: MAIN
Changes since 1.8: +2 -8 lines
Diff to previous 1.8 (colored)

Update security/py-{acme,certbot} to 0.21.0.

### Added

- Support for the HTTP-01 challenge type was added to our Apache and Nginx
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server
  block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added
  allowing users to control whether the revoke subcommand also deletes the
  certificates it is revoking.

### Changed

- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME
- We split our implementation of JOSE (Javascript Object Signing and
  Encryption) out of our ACME library and into a separate package named josepy.
- We updated the ciphersuites used in Apache to the new values recommended by

### Fixed

- An issue with our Apache plugin on Gentoo due to differences in their
  apache2ctl command have been resolved.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Dec 9 16:39:03 2017 UTC (18 months, 1 week ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.

Revision 1.7 / (download) - annotate - [select for diffs], Thu May 11 08:23:35 2017 UTC (2 years, 1 month ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-
Changes since 1.6: +6 -4 lines
Diff to previous 1.6 (colored)

Update py-certbot and py-acme to 0.14.0.
Use ALTERNATIVES to handle different Python versions better.

0.14.0 - 2017-05-04


- Python 3.3+ support for all Certbot packages. certbot-auto still
  currently only supports Python 2, but the acme, certbot,
  certbot-apache, and certbot-nginx packages on PyPI now fully support
  Python 2.6, 2.7, and 3.3+.
- Certbot's Apache plugin now handles multiple virtual hosts per file.
- Lockfiles to prevent multiple versions of Certbot running


- When converting an HTTP virtual host to HTTPS in Apache, Certbot
  only copies the virtual host rather than the entire contents of the
  file it's contained in.
- The Nginx plugin now includes SSL/TLS directives in a separate file
  located in Certbot's configuration directory rather than copying the
  contents of the file into every modified server block.


- Ensure logging is configured before parts of Certbot attempt to log
  any messages.
- Support for the --quiet flag in certbot-auto.
- Reverted a change made in a previous release to make the acme and
  certbot packages always depend on argparse. This dependency is
  conditional again on the user's Python version.
- Small bugs in the Nginx plugin such as properly handling empty
  server blocks and setting server_names_hash_bucket_size during

Revision / (download) - annotate - [select for diffs], Sun Apr 16 15:28:16 2017 UTC (2 years, 2 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.4: +4 -3 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pullup ticket #5262 - requested by sevan
security/py-acme: build fix
security/py-certbot: build fix

Revisions pulled up:
- security/py-acme/Makefile                                     1.5-1.6
- security/py-certbot/Makefile                                  1.4

   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Mon Apr 10 10:29:38 UTC 2017

   Modified Files:
           pkgsrc/security/py-acme: Makefile
           pkgsrc/security/py-certbot: Makefile

   Log Message:
   Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++

   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Tue Apr 11 06:32:32 UTC 2017

   Modified Files:
           pkgsrc/security/py-acme: Makefile

   Log Message:
   Fix py-requests dependency version

Revision 1.6 / (download) - annotate - [select for diffs], Tue Apr 11 06:32:32 2017 UTC (2 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Fix py-requests dependency version

Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 10 10:29:38 2017 UTC (2 years, 2 months ago) by fhajny
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)

Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++

Revision 1.4 / (download) - annotate - [select for diffs], Wed Jan 25 12:34:07 2017 UTC (2 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.3: +5 -1 lines
Diff to previous 1.3 (colored)

Update py-acme and py-certbot to 0.10.1.

All py-certbot self tests pass.
39 self test failures in py-acme (running py.test), one core dump
in openssl (running make test).

Test bug fixes

Revision 1.3 / (download) - annotate - [select for diffs], Thu Jan 12 16:02:43 2017 UTC (2 years, 5 months ago) by fhajny
Branch: MAIN
Changes since 1.2: +1 -3 lines
Diff to previous 1.2 (colored)

Update security/py-{acme,certbot} to 0.10.0.

No changelog released, commits closed for 0.10.0:
- Stop IDisplay AssertionErrors
- Add update_symlinks to "--help manage"
- Hide rename command for 0.10.0
- Disable rename command for 0.10.0
- Break on failure to deploy cert
- Incorrect success condition in nginx
- certbot delete and rename evoke IDisplay
- Put update_symlinks in certbot --help manage
- Fix Error Message for invalid FQDNs
- pyopenssl inject workaround
- pyparsing.restOfLine is not a function, don't call it
- Add information on updating [certbot|letsencrypt]-auto
- Remove quotes so tilde is expanded
- Correctly report when we skip hooks during renewal
- Add line number to Augeas syntax error message
- Mention line in (Apache) conf file in case of Augeas parse/syntax
- Fixes #3954 and adds a test to prevent regressions
- Further OCSP improvements
- `-n` doesn't like `force_interactive`?
- Save allow_subset_of_names in renewal conf files
- I promise checklists are OK (fixes #3934)
- Return domains for _find_domains_or_certname
- --cert-name causes explosions when trying to use "run" as an installer
- Interactivity glitch in git master
- Document some particularities of the revoke subcommand
- test using os.path.sep not hardcoded /
- Save --pre and --post hooks in renewal conf files, and run them in a
  sophisticated way
- Don't add ServerAlias directives when the domain is already covered by
  a wildcard
- Mitigate problems for people who run without -n
- Use relative paths for livedir symlinks
- Implement delete command
- Use isatty checks before asking new questions
- Ensure apt-cache is always running in English if we're going to grep
- Sort the names by domain (then subdomain) before showing them
- Merge the manual and script plugins
- --allow-subset-of-names should probably be a renewalparam
- Fix certbox-nginx address equality check
- Implement our fancy new --help output
- Make renew command respect the --cert-name flag
- Error when using non-english locale on Debian
- Document defaults
- Improve simple --help output
- Add pyasn1 back to le-auto
- Mark Nginx vhosts as ssl when any vhost is on ssl at that address
- Fully check for Nginx address equality
- Preserve --must-staple in configuration for renewal (#3844)
- Git master certbot is making executable renewal conf files?
- Improve the "certbot certificates" output
- Renewal: Preserve 'OCSP Must Staple' (option --must-staple)
- Security enhancement cleanup
- Parallalelise nosetests from tox
- "certbot certificates" is API-like, so make it future-proof
- Fix LE_AUTO_SUDO usage
- Remove the sphinxcontrib.programout [docs]dependency
- No more relative path connection from live-crt to archive-crt files
- Ensure tests pass with openssl 1.1
- Output success message for revoke command
- acme module fails tests with openssl 1.1
- Pin pyopenssl 16.2.0 in certbot-auto
- Fixed output of `certbot-auto --version`(#3637).
- Take advantage of urllib3 pyopenssl rewrite
- Busybox support
- Fix --http-01-port typo at source
- Implement the --cert-name flag to select a lineage by its name.
- Fix reinstall message
- Changed plugin interface return types (#3748).
- Remove letshelp-letsencrypt
- Bump pyopenssl version
- Bump python-cryptography to 1.5.3
- Remove get_all_certs_keys() from Apache and Nginx
- Further merge --script-* with --*-hook
- Certbot opens curses sessions for informational notices, breaking
- Fix writing pem files with Python3
- Strange reinstallation errors
- Don't re-add redirects if one exists
- Use subprocess.Popen.terminate instead of os.killpg
- Generalize return types for plugin interfaces
- Don't re-append Nginx redirect directive
- Cli help is sometimes wrong about what the default for something is
- [certbot-auto] Bump cryptography version to 1.5.2
- python-cryptography build failure on sid
- Remove sphinxcontrib-programoutput dependency?
- Allow notification interface to not wrap text
- Fix non-ASCII domain check.
- Add renew_hook to options stored in the renewal config, #3394
- Where oh where has sphinxcontrib-programoutput gone?
- Remove some domain name checks.
- Allowing modification check to run using "tox"
- How to modify *-auto
- Don't crash when U-label IDN provided on command line
- Add README file to each live directory explaining its contents.
- Allow user to select all domains by typing empty string at checklist
- Fix issue with suggest_unsafe undeclared
- Update docs/contributing.rst to match display behavior during release.
- Referencing unbound variable in certbot.display.ops.get_email
- Add list-certs command
- Remove the curses dialog, thereby deprecating the --help and --dialog
  command line options
- Remove the curses dialog, thereby deprecating the --help and --dialog
  command line options
- Specify archive directory in renewal configuration file
- 0.9.1 fails in non-interactive use (pythondialog, error opening
- Allow certbot to get a cert for default_servers
- [nginx] Cert for two domains in one virtaulhost fails
- [nginx] --hsts and --uir flags not working?
- `certbot-auto --version` still says `letsencrypt 0.9.3` (should say
  `certbot 0.9.3`?)
- Add a cli option for "all domains my installer sees"
- Stop rejecting punycode domain names
- Standalone vs. Apache for available ports
- nginx-compatibility-weirdness
- Support requesting IDNA2008 Punycode domains
- Cert Management Improvement Project (C-MIP)
- Add --lineage command line option for nicer SAN management.
- Fix requirements.txt surgery in response to shipping certbot-nginx
- Use correct Content-Types in headers.
- Missing Content-Type 'application/json' in POST requests
- Script plugin
- Inconsistent error placement
- Server alias [revision requested]
- When getopts is called multiple time we need to reset OPTIND.
- certbot-auto: Print link to doc on debugging pip install error
  [revision requested]
- Update ACME error namespace to match the new draft.
- Update errors to match latest ACME version.
- Testing the output of against lea-source/lea
- Make return type of certbot.interfaces.IInstaller.get_all_keys_certs()
  an iterator
- Fix requirements file surgery for 0.10.0 release
- Update Where Are My Certs section.
- Hooks do not get stored in renewal config file
- Multiple vhosts
- Bind to IPv6, fix the problem of ipv6 site cannot generate / renew
  certificate [revision requested]
- Warning message for low memory servers
- Run simple certbot-auto tests with `tox`
- letsencrypt-auto-source/letsencrypt-auto should be the output of
- DialogError should come with --text instructions
- Support correct error namespace
- Verification URL after successful certificate configuration can't be
  opened from terminal
- Use appropriate caution when handling configurations that have complex
  rewrite logic
- `revoke` doesn't output any status
- adding -delete option to remove the cert files
- Stop using simple_verify in manual plugin
- Ways of specifying what to renew
- Allow removing SAN from multidomain certificate when renewing
- Dialog is sometimes ugly
- Allow user to override sudo as root authorization method [minor
  revision requested]
- Add a README file to each live directory explaining its contents
- ExecutableNotFound

Revision 1.2 / (download) - annotate - [select for diffs], Tue Oct 11 09:23:35 2016 UTC (2 years, 8 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

Update py-certbot and py-acme to 0.9.1.

No changelog available, issues closed since 0.8.1:

certbot 0.9.1
- Make --quiet reduce the logging level

certbot 0.9.0
- Allow tests to pass without dnspython
- Remove psutil dep
- Renew symlink safety
- Update Nginx redirect enhancement process to modify appropriate
- If lineages are in an inconsistent (non-deployed) state, deploy
- Restructure how Nginx parser re-finds vhosts, and disable
  creating new server blocks.
- Remove pointless question
- Tie Nginx OCSP stapling to enhancements system
- Nginx server block selection: Handle non-80/443 ports
- Include log retention count to 1000.
- Make add_server_directives documentation consistent
  with functionality
- Fix Nginx prompt
- Make Nginx error out if no matching server block is found
- Only suggest names LE will accept
- Implement Nginx server block selection
- should_autorenew ignores symlinks
- Fixes cffi errors in Travis during oldest tests
- DNS challenge support in the manual plugin and general purpose
  --preferred-challenges flag
- Fixed hash_bucket_size detection for nginx
- Support both invalidEmail and invalidContact errors
- Removes duplication between README.rst and resources.rst
- Psutil tests
- Allow tests to run when psutil isn't available
- Tests fail on Certbot package due to missing psutil dependency
- Hide the Nginx plugin
- Add the Nginx plugin to certbot-auto
- OCSP stapling in Nginx
- Nginx plugin selection
- Add certbot-nginx to certbot-auto
- Missing links in README
- clarify invalid email error in non-interactive
- Replace '-' with '_' before filtering plugin settings
- Fix extra or lack of spacing between words in help for renew
- Fix Travis tests
- Avoid importing conflicting security policy directives
- Change log rotation scheme
- Plugins with hyphens do not receive their args during renewal
- Handle dns01 challenge into the manual plugin [see #3466]
- Enable unit tests of certbot core on Python 3
- Add os-release ID_LIKE parsing if original distribution mapping
  not found in constants
- Fix README typo
- Nginx plugin domain selection
- Fix spacing of nginx redirect blocks
- Rationalise challenge and port selection flags
- Remove psutil from requirements.txt
- prevent Github commits from modifying certbot-auto and
- Gradually remove psutil dependency, bugfix [URGENT]
- psutil fails to install because hash is missing when running
- Failure to start Nginx after configuring redirect
- Prepare docs to turn off the wiki
- Certbot apache plugin fails with TypeError: 'NoneType' object
  has no attribute '__getitem__'
- Change fatal warning to a fatal message
- Fatal warnings
- Apache default default
- Deprecation fixes
- New docs structure and introduction
- Nginx charset_map and ${VARIABLE_SUBSTITUTION} parsing
- Unclear error about invalid email in non-interactive mode
- Use simple socket test for port availability if psutil not found
- Python 3 support for certonly
- Set dialog widgets to use autowidgetsize
- Errors when run without root
- Apache plugin PATH fallback
- Automatically enable EPEL after prompting users
- Multi-topic help listings
- Installer error
- Explain why Apache [appears] not to be installed
- ErrorHandler causing errors
- Update FreeBSD package name
- Comment out corresponding RewriteConds for filtered RewriteRule
- Permissive parsing of nginx map blocks
- add nginx round-trip tests to tox/travis
- Fix Unix signal handling in certbot.error_handler.ErrorHandler
- Resuming error handling functions after a signal
- Only write nginx config files if they've been modified
- If the user picks "cancel" from the Apache vhost selection menu,
  Certbot doesn't exit
- certbot removes http->https rules corrupts ruleset
- Fix typo
- Better document plugins and reversion
- Nginx parser apparently can't parse "map"
- Nginx plugin shouldn't write files it hasn't changed
- Fix Nginx reversion
- Merge Augeas fix for comment line continuations
- Remove warning about nginx options file
- Explain the most likely cause of a missing replay nonce error
- Bump pyca package versions
- Don't add wildcard listen if user has more specific
- Remove unused nosexcover dependency
- Cleanup dev setup
- Nginx space preservation
- Set dialog widgets to use autowidgetsize
- Printing pip output to terminal when -v is used
- Log new cert and cert renewal
- Log whether renewing or obtaining a new certificate
- Added the argument --quiet and -q so then when used with a
  regular user there is no output to the screen.
- certbot-auto not quiet when used with regular user
- Adding sensible UI logging for typical user
- Replace psutils dependency
- Display DialogError details correctly
- -v implies --text
- Fix FQDN checks, closes #3057 and #3056
- Bug in FQDN detection: installer wrongly interprets _
- Installer thinks bare TLD is not a valid FQDN
- Limiting tox envlist to really needed tests
- trouble with Listen directives in CentOS 7 / ssl.conf
- Remove dangling footnote
- certbot-apache fails to parse files with comma in the filename
- pip and verbosity
- Dialog error messages
- treat ESC as cancel
- More useful error when running as non-root?
- -v should imply --text
- Update tox/instructions
- Error that results when run without root is unclear
- Enable EPEL in RPM bootstrapper
- Add dns-01 challenge support to the ACME client
- Apache plugin fails to parse OWASP's ModSecurity ruleset
- Audit nginx plugin for guaranteed config reversion in case of
- NoInstallationError() from Apache plugin within renewal cron
  jobs due to /usr/sbin not being in the PATH
- nginx http redirect
- "No installers" error message not clear
- HelpfulArgumentParser should know about flags that are relevant
  to several topics
- Nginx configurator should preserve whitespace on output
- server blocks added to nginx.conf
- Nginx fails if ssl_session_cache already defined
- nginx leaves dirty/modified config files
- Sensible UI logging for typical user
- nginx plugin issue with server block containing multiple

Revision 1.1 / (download) - annotate - [select for diffs], Wed May 25 18:18:16 2016 UTC (3 years ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2

Import certbot 0.6.0 as security/py-certbot.

Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>