certbot-nginx 4.0.0

Certbot 4.0.0

on Python PyPI

Added

• The --preferred-profile and --required-profile flags allow requesting a profile.
  https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/

Changed

• Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime left,
  if the lifetime is shorter than 10 days). This is a change from a hardcoded
  renewal at 30 days before expiration. The config field renew_before_expiry
  still overrides this default.

• removed acme.crypto_util._pyopenssl_cert_or_req_all_names

• removed acme.crypto_util._pyopenssl_cert_or_req_san

• removed acme.crypto_util.dump_pyopenssl_chain

• removed acme.crypto_util.gen_ss_cert

• removed certbot.crypto_util.dump_pyopenssl_chain

• removed certbot.crypto_util.pyopenssl_load_certificate

Fixed

• Moved RewriteEngine on directive added during apache http01 authentication
  to the end of the virtual host, so that it overwrites any RewriteEngine off
  directives that already exist and allows redirection to the challenge URL.

More details about these changes can be found on our GitHub repo.