Added
- Added
--eab-hmac-algparameter to support custom HMAC algorithm for
External Account Binding.
(#10281)
Changed
- Catches and ignores errors during the directory fetch for ARI checking so
that these errors do not hinder the actual certificate issuance.
(#10342) - Removed the dependency on
pytz.
(#10350) - Deprecated
acme.crypto_util.probe_sni
(#10386) - Support for Python 3.9 was deprecated and will be removed in our next planned
release. (#10390)
Fixed
- The Certbot snap no longer sets the environment variable PYTHONPATH stopping
it from picking up Python files in the current directory and polluting the
environment for Certbot hooks written in Python.
(#10176,
#10257) - Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env
variables for use by post-hooks when certificate renewals fail, but we were
not actually setting them. Now, we are.
(#10259) - Certbot now always uses the server value from the renewal configuration file
for ARI checks instead of the server value from the current invocation of
Certbot. This helps prevent ARI requests from going to the wrong server if
the user changes CAs.
(#10339)