- DNSroboCert now leverages the new DNS zone name resolution introduced by Lexicon 3.17.0.
As a consequence, the
delegated_subdomainfield of theprofilesection is not used anymore, and will be removed in a future version.
- Upgrade to Lexicon 3.17.0
- Upgrade to Certbot 2.7.4
- Official support for Python 3.12
- Resolve CNAMEs using dedicated method provided by
dnspython
- Fix TXT record cleanup actions
- Fix compatibility issue with Python 3.8
- Upgrade to Lexicon 3.14.0 (new provider:
wedos, new functions to call Lexicon client)
- Drop Python 3.7 support
- Fix docker armv7l build
- Upgrade to Certbot 2.6.0
- Upgrade to Lexicon 3.12.0 (new providers:
duckdns,dnsservices,flexibleengine) - Official support for Python 3.11
- Fix community URL (#871)
- Fix various issues regarding dynamic configuration by calling
certbot certonlyfor all certbot actions (#970)
- Upgrade to Lexicon 3.11.6 (fix
hetznerprovider)
- Fix docker build
- Upgrade to Certbot 1.31.0
- Upgrade to Lexicon 3.11.5 (fix
yandexprovider)
- Upgrade to Lexicon 3.11.4 (new provider:
porkbun+ various fixes) - Upgrade to Certbot 1.29.0
- Upgrade to Lexicon 3.11.2 (various fixes)
- Upgrade to Certbot 1.27.0
- Upgrade to Lexicon 3.11.0 (new providers:
namecom+ various fixes)
- Upgrade to Certbot 1.26.0
- Upgrade to Lexicon 3.10.0 (new providers:
misaka,yandexcloud+ various fixes)
- Inject environment variables
DNSROBOCERT_CERTIFICATE_NAME,DNSROBOCERT_CERTIFICATE_PROFILEandDNSROBOCERT_CERTIFICATE_DOMAINSin hook scripts - Setup CI/CD with GitHub Actions
- Upgrade to Lexicon 3.9.4
- Upgrade to Certbot 1.23.0
- Fix error in Docker entrypoint timezone setting when
TIMEZONEis defined
- Remove Azure Pipelines
- Fix Docker builds by downgrading Python 3.10 to Python 3.9
- Add support for Python 3.10
- Link dynamically to Lexicon documentation for providers options
- Update Lexicon to 3.9.2 (fix
transipprovider)
- Drop support for Python 3.6
- Update Certbot to 1.22.0
- Update Lexicon to 3.8.5 (add ValueDomain provider)
- Fix some deprecated warnings and documentation
- Support ECDSA keys when creating new certificates with the
key_typestring parameter in the certificate section: set torsato use RSA keys (default if not set) orecdsato use ECDSA keys. Example:profiles: - name: dummy ... certificates: - domains: [example.org] profile: dummy key_type: ecdsa
- Makes DNSroboCert capable to restart Podman containers with the
autorestartfeature (#551)
- Update Certbot to 1.21.0
- Update Lexicon to 3.8.3
- Set the preferred chain to
ISRG Root X1when issuing or renewing a certificate
- Update Certbot to 1.20.0
- Update Lexicon to 3.8.0
- Fix docker build
- Fix docker python environment
- Drop Docker support on
armelarchitecture
- Fix docker installation in the docker image
- Add the
reuse_keyboolean parameter in certificate section: iftrue, the existing private key will be reused for the target certificate when renewed - Add the "one-shot" mode: using the
--one-shotflag, DNSroboCert will process only once the provided configuration, create/update/renew/delete certificates, then return immediately without setting up an automated renewal process or a configuration file watch
- Migrate the docker image from the Alpine base to the Debian base, in order to get better DNS support on Kubernetes, and benefit from pre-compiled wheels for cffi, lxml and cryptography
- Update Certbot to 1.18.0
- Update Lexicon to 3.7.0 (add
ociandvercelproviders)
- Drop Docker support on
ppc64learchitecture
- Avoid pipelines failures with MicroBadger
- Update Certbot to 1.17.0
- Update Lexicon to 3.6.1
- Fix docker builds
- Update Certbot to 1.16.0
- Update Lexicon to 3.6.0 (add DynDNS)
- Fix scheduled job run a midnight
- Use the recommended SafeLoader to parse YAML configuration files
- Update Lexicon to 3.5.5 (add Mythic Beasts and Infomaniak providers)
- Update Certbot to 1.13.0
- Update docker images to Python 3.9.2
- Use
poetry-coreto build DNSroboCert (#306) - Various fixes on the documentation (#291 #292)
- Stop using
--manual-public-ip-logging-okdeprecated flag on Certbot
- Remove s390x compilation
- Fix s390x compilation
- Improve CI/CD pipelines stability
- DNS challenges can now be done using the DNS alias mode, which consists in delegating
challenges to a different DNS zone different using CNAME records. To use it the
certificatenow includes thefollow_cnamesoption (defaultfalse). If set totrue, DNSroboCert will follow the CNAME records to find the actual TXT record name to create for a DNS-01 challenge.
- Upgrade Certbot to 1.10.1 (official Python 3.9 support)
- Upgrade Lexicon to 3.5.2 (various fixes)
- Upgrade Lexicon to 3.5.0 (add Joker provider, various fixes)
- Fix i686 docker image build
- Add Python 3.9 official support
- Upgrade Lexicon to 3.4.5 (various fixes on providers)
- Upgrade Lexicon to 3.4.4 (fix Gandi provider)
- Upgrade Certbot to 1.9.0
- Upgrade Lexicon to 3.4.3 (add Njalla provider)
- Upgrade Certbot to 1.8.0
- Upgrade Lexicon to 3.3.28
- Upgrade Certbot to 1.7.0
- Upgrade Docker base image to Alpine 3.12
- Modify dependencies versions pinning to fix the docker images builds
autocmd.commandnow accepts list of string. If a list of string is provided, the command will be executed outside of a shell. If a string is provided, it will be executed inside a shell. The list of string form should be used if you do not need the features of a shell since it allows a better control of the arguments passed to the command and avoid potential injections attacks.
- Upgrade Lexicon to 3.3.27 (support for Dynu.com provider)
- Upgrade Docker base image to Alpine 3.12
- DNS challenges are now all run before any wait or check happens. This is useful for certificates that
contains lot of domains, because DNSroboCert will wait only once the provided
sleep_time, instead of waiting after each challenge. This optimizations is also valid formax_checks.
- Improve log output from the auth and cleanup hooks.
- Improve documentation.
- Upgrade Lexicon to 3.3.26 (fix errors with Godaddy provider)
- Upgrade Lexicon to 3.3.24
- Upgrade Certbot to 1.5.0
- Allow environment variable injection in the configuration file
- Validate the directory URL with a regex
- Improve the regex check to email account for better compatibility
- Set the User-Agent comment for Let'sEncrypt statistics
- Update Lexicon to 3.3.22
- Search for
dnsrobocert.ymlconfig file in current directory when--configflag is not set.
- Update Lexicon to 3.3.21 (API tokens for Cloudflare)
- Update Certbot to 1.4.0
- DNSroboCert can now display logs in your current timezone if the
TIMEZONEenvironment variable is set (@a16bitsysop #104)
- Update Lexicon to 3.3.20 (rebranded Hetzner provider, support pagination on CloudFlare)
- Update runtime dependencies (including cryptography 2.9)
- Fix the
delegated_subdomainparameter in providers configuration that was not taken into account (@davidyuk #96) - Fix providers configuration link in the documentation (@davidyuk #95)
- Ensure a certificate name does not have wildcard characters when migrating from legacy config
(eg.
example.comfor domains[*.example.com,example.com]instead of*.example.com).
- Protect the auth hook from NXDOMAIN failures when checking if the TXT entry of a challenge has been propagated in the DNS zone.
- Improve logs during sub-command execution (flush the output)
acme.certs_permissions.userandacme.certs_permissions.groupcan know be defined as integer to set the uid or gid instead of the user name and group name owner of the certificates.
- More consistent output for sub-commands launched by DNSroboCert
- Add the
ttlparameter in the providers definition. It allows to control the TTL value in TXT entries inserted during the DNS-01 challenges. This value for environment variableLEXICON_TTLfrom legacy configuration is properly migrated.
- Build multi-arch Docker image (
amd64,i386,arm64,armv7,armv6,ppc64leands390x), with the help of @patrickpissurno and @a16bitsysop.
- Use Alpine as base image again (3.11)
- Update Lexicon to 3.3.19 (improvments for SafeDNS and DigitalOcean providers)
- Allow to define octal values of
acme.dirs_modeandacme.files_modeas strings (eg"0755") in the YAML configuration file
- Improve the User Guide (@Neejoh with #84)
- Add Docker CLI
- Update Lexicon to 3.3.18 (fix Hetzner provider)
- Complete refactoring of former
adferrand/letsencrypt-dnsinto DNSroboCert. Docker image is nowadferrand/dnsrobocerand is available in DockerHub. Standalone tool is installable through PyPI at https://pypi.org/project/dnsrobocert/. - DNSroboCert does not use environment variables +
domains.confanymore. If you come from theadferrand/letsencrypt-dnsDocker image, the corresponding YAML configuration file is dynamically generated at/etc/dnsrobocert/config.yml. Please see https://dnsrobocert.readthedocs.io/en/latest/miscellaneous.html#migration-from-docker-letsencrypt-dns for more details. - Complete CI/CD flow, with unit/integration tests, code quality, type checking and automated deployment.
- New features (configurable with
config.yml, not legacy configuration):- you can now define multiple DNS providers in one single instance of DNSroboCert
- the custom deploy scripts and PFX exports are defined per certificate
- force renew can be set for specific certificates
- Along with migration to DNSroboCert, all bash files are rewritten into Python.
- Certificate renewal is not handled automatically anymore by an external cron task, but by DNSroboCert directly.
- Configuration of certificate renewal frequency has been removed.
- Update Certbot to 1.3.0: automated handling for https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
- Update Lexicon to 3.3.17: support private domains and add Gransy provider, that generalize and replace Subreg.
- Update Certbot to 1.2.0: remove POST-as-GET fallback
- Update Lexicon to 3.3.14 (add EUServ)
- Update base image to Alpine 3.11 and Python 3.8
- Update Lexicon to 3.3.11 (add HostingDE, RcodeZero)
- Update Certbot to 1.0.0
- Update Lexicon to 3.3.8 (add HostingDE, RcodeZero)
- Update Certbot to 0.39.0
- Update Lexicon to 3.3.3 (add DirectAdmin provider)
- Update Certbot to 0.38.0 (forward support to Python 3.8)
- Create a docker-compose.yml template, that can be configured by environment variables (@mgh87 #41)
- Pre-generation of a
domain.confto avoid the creation of a directory whendomain.confis host mounted from a non existent path (@Akkarine #60)
- Update Lexicon to 3.3.2 that fixes Yandex provider
- Update Certbot to 0.37.2 (various fixes)
- Various corrections in
README.md(@Akkarine #60)
- Update Lexicon to 3.3.1 (add SafeDNS, Dreamhost, Dinahosting)
- Update Certbot to 0.36.0 (various fixes)
- Update base image to Alpine 3.10
- Update Lexicon to 3.2.7 (add Aliyun, Azure DNS and GratisDNS providers)
- Update Certbot to 0.35.1 (various fixes)
- Certbot's work dir and logs dir are now set to be in the config dir
/etc/letsencrypt(respectively underworkandlogs). This allows to persist both certbot backups and logs.
- First implementation of autorestart feature in a Docker cluster:
using environment variable
DOCKER_CLUSTER_PROVIDER (default: none), the container will use appropriate service restart command to restart the service name specified inautorestart-containers=...directive. For now, only Swarm is supported: support is triggered usingDOCKER_CLUSTER_PROVIDER=swarm.
- Python libraries uses now the pip option --no-cache-dir to reduce container footprints.
- The autorestart and autocmd directives are now triggered upon certificate renewal as before, but also upon first certificate issuance now.
- Environment variables
CRON_TIME_STRING (default: "12 01,13 * * *")andTZ (default: UTC)allow to control at which frequency, and on which timezone the renewal cron job will be executed. By default it is twice a day, at midday and midnight UTC.
- Update Lexicon to 3.2.5
- Update Certbot to 0.34.2
- Environment variable
DEPLOY_HOOK(default: empty) can be set to execute a shell command when a certificate is created or renewed. This deploy command can be used for instance to do some post-process formatting on the certificates before their deployment on a service requiring a specific certificate format.
- Update Lexicon to 3.2.4 (new providers: Netcup)
- Environment variable
LETSENCRYPT_SKIP_REGISTER(default:false) can be set totrueand avoid the container to try to register a new account against Let'sEncrypt servers: useful for instance if the container is already attached to a letsencrypt configuration folder with an existing account. - By modifying the
run.shscript, the container now responds to interruption signals and proceed to shutdown by itself, without the need from the Docker daemon to kill it.
- Update Lexicon to 3.2.1 (various fixes)
- Update Certbot to 0.33.1 (various fixes)
- Use
fullextra of Lexicon PyPI package to ensure all providers have their optional dependencies fulfilled.
- Update base image to Alpine 3.9
- Update Lexicon to 3.1.6 (new providers: Hover, Zilore)
- Update Certbot to 0.32.0
- Ignore README file in /etc/letsencrypt/live
- Update Lexicon to 3.0.8
- Update Certbot to 0.30.0
- Support new providers thanks to Lexicon update: Internet.bs, Hetzner
- Update Lexicon to 3.0.7
- Update Certbot to 0.29.1
- Support new providers thanks to Lexicon update: Auto (dns provider auto-resolution), ConoHa, NFSN, Easyname, LocalZone (bind9)
- Allow to configure the DNS API connection using YAML files, thanks to the new configuration system of Lexicon 3
- Update Lexicon to 3.0.2
- Update Certbot to 0.28.0
- README.md updated to refer to YAML files, update environment variable parsing
- Support new providers thanks to Lexicon update: Plesk, Inwx, Hurricane Electric
- Update Lexicon to 2.7.9
- Continuous integration/deployment is now handled by CircleCI to allow more advanced strategies and faster builds
- Add and configure Circus, an alternative to Supervisor, compatible with Python 3, with better control over environment variables propagation, and network sockets supervision (not used yet here)
- Update base image to Alpine 3.8
- Update Lexicon to 2.7.3
- Update Certbot to 0.27.1
- Docker Hub "Automated build" is disabled in favor of CircleCI
- Remove Supervisor and its configuration (in favor of Circus)
LEXICON_OPTIONSwas added to the cleanup script #29
- Avoid to mark
domains.confas edited on each watch loop
- Correct
domains.confparsing for particular cases (wildcard domains on the last line of the file)
- Upgrade Certbot to 0.26.1
- Upgrade Lexicon to 2.7.0, with extended security support for Subreg
- Correct certificate revocation for some formatting for
domains.conf
- Upgrade Certbot to 0.26.0
- Upgrade Lexicon to 2.6.0, including new DNS providers: ExoScale, Zeit, and Google Cloud DNS
- Upgrade Lexicon to 2.4.4, with support of Online.net provider
- Add Lexicon dependencies for Subreg provider
- Upgrade Certbot to 0.25.1
- Upgrade Lexicon to 2.4.3, with a lot of bugfixes for some providers (OVH, GoDaddy, Gandi), and support to the Gandi LiveDNS API
Add LEXICON_OPTIONS environment variable for specific lexicon options
- Upgrade Certbot to version 0.24.0
- Upgrade Lexicon to version 2.3.0: a lot of stability improvments, in particular for Namecheap provider, and added providers Constellix, Linode V4 and Subreg
- Correct
domains.confparsing when there is no newline on the end of the file - Improved documentation
- Removed unsused code
- Add
LEXICON_PROVIDER_OPTIONSenvironment variable to pass DNS provider authentication parameters directly to lexicon executable
- Update Certbot to 0.23.0
- Correct autocmd/autorestart behavior with wildcard certificates
- Correct wrongly revokation of wilcard certificates after their creation
- Connect to the ACME v2 servers, which allow wildcard certificates generation (eg. *.example.com)
- Allow use of old ACME v1 servers through
LEXICON_ACME_V1environment variable - Clean autocmd/autorestart jobs on the live container when needed
- Update Certbot to 0.22.2 to supports the ACME v2 servers
- Update Lexicon to 0.22.1 adding support for following DNS providers: AuroraDNS, Gehirn Infrastructure Service, OnApp and Sakura Cloud
- Correct deploy hook about files/directory permission fixation