Version 0.9

Fixed the ACME response. Now it sends the base64 encoded SHA256 digest of the key authorization.

IMPORTANT: ACME server is upgraded to accept the new response. Please, note that older versions of acme_email WILL NOT WORK. Upgrade to 0.9 as soon as you can.

Version 0.8.4

Certbot upgraded to v1.18 and modified several core things:

• Authenticator and Installer classes now depend on ABCmeta.
• Display utility was moved to internal.
• Configuration was moved from internal to outside.

This release should fix all these issues.

Version 0.8.3

This version includes fix to support Certbot 1.17

Fixed

• Certbot v1.17 modified the keychain storage and now it returns three chains (cert, ca and full chain), which broke the client as it expected two.

Version 0.8.2

This version includes fix to support Certbot 1.1.

Fixed

• Certbot does not use set_displayer anymore. Moving ACME Email to the new displayer.

Version 0.8.1

This version includes a fix.

Fixed

• Fixed unable to use different credentials for SMTP and IMAP.

Version 0.8

This version includes some fixes and additional features.

Added

• Support for multiple email addresses in a single certificate.
• Support for v13 of draft specs in the Interactive authenticator.
• README updated with the newest features.

Fixed

• Fixed the name of the PKCS12 certificate.
• Fixed a S/MIME check.
• Some typos.

Version 0.7

This version includes some fixes and additional features.

Added

• Support for multiple keyUsage in the CSR. Draft specs v13 defines the keyUsage that can be used for generate only signing or only encryption certificate. Only 4 key usages are allowed. A CSR with other extensions will be rejected.

Changed

• Migrated from pyca/OpenSSL to pyca/cryptography, as it is recommended in its repository.
• emails are UTF-8 encoded, rather than ASCII encoded.
• README updated with the newest features.

Fixed

• Some typos.

Version 0.6

This version includes some fixes and additional features.

Added

• The new draft specs (v13) define two methods for proving the authenticity of ACME emails: 1) via DKIM protection and 2) via S/MIME signature. We added both checks depending on the headers. In the DKIM case, we ensure that the domain in the d tag matches with the domain of From header. In the latter case, we ensure that the From header matches with one of the subjAltNames present in the S/MIME certificate.
• The new draft specs also define a new field from in the challenge object. This new field enables the use of aliases in the email addresses at server side. Plus, it also adds an extra layer for validating the source. Now the challenge ensures that: 1) the from field is present and 2) the from field matches with the From header.
• DKIM checks. There is a minimum list of mandatory elements to be present in the h tag. The dkim=pass must be present in the Authentication-Results record.
• S/MIME checks. The S/MIME certificate must be embedded into the email's body. At this moment there is no signature hard validation, as it is not required by the draft specs.
• In-Reply-To header is added to response email.

Changed

• Moving to Python3 native EmailMessage class.

Version 0.5

This version includes some fixes and additional features.

New features

• Upgrade the entire system (ACME client and ACME server) to the newest version of the draft specifications: v13. This new version increases the entropy of token-part1 and token-part2 from 64 to 128 bits of entropy each.
• --dry-run now does not store any file (neither CSR nor key).

Fixes

• Some line ending missmatches.
• Some typos.
• A fix when --dry-run is called during the installation.

Version 0.4

This version includes some fixes and additional features.

New features

• Adding passphrase argument to specify the passphrase for PKCS12 export, instead of prompting to user.
• Adding no-passphrase argument to disable passphrase PKCS12 export. Use with CAUTION: the PKCS12 file contains the private key and it will not be passphrased protected.

Fixes

• Some typos.
• Final message does not require user interaction for pressing Enter.