commit python-certbot-dns-rfc2136 for openSUSE:Factory

Source-Sync Mon, 30 May 2022 03:45:49 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-certbot-dns-rfc2136 for 
openSUSE:Factory checked in at 2022-05-30 12:44:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-certbot-dns-rfc2136 (Old)
 and      /work/SRC/openSUSE:Factory/.python-certbot-dns-rfc2136.new.2254 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-certbot-dns-rfc2136"

Mon May 30 12:44:40 2022 rev:34 rq:979823 version:1.27.0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-certbot-dns-rfc2136/python-certbot-dns-rfc2136.changes
    2022-04-08 22:46:31.618600898 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-certbot-dns-rfc2136.new.2254/python-certbot-dns-rfc2136.changes
  2022-05-30 12:45:39.160526463 +0200
@@ -1,0 +2,6 @@
+Mon May 30 09:22:29 UTC 2022 - Mark??ta Machov?? <[email protected]>
+
+- update to version 1.27.0
+  * sync with the main certbot package
+
+-------------------------------------------------------------------

Old:
----
  certbot-dns-rfc2136-1.26.0.tar.gz

New:
----
  certbot-dns-rfc2136-1.27.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-certbot-dns-rfc2136.spec ++++++
--- /var/tmp/diff_new_pack.Rn3ZYD/_old  2022-05-30 12:45:39.716527203 +0200
+++ /var/tmp/diff_new_pack.Rn3ZYD/_new  2022-05-30 12:45:39.724527213 +0200
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define skip_python2 1
 Name:           python-certbot-dns-rfc2136
-Version:        1.26.0
+Version:        1.27.0
 Release:        0
 Summary:        RFC 2136 DNS Authenticator plugin for Certbot
 License:        Apache-2.0

++++++ certbot-dns-rfc2136-1.26.0.tar.gz -> certbot-dns-rfc2136-1.27.0.tar.gz 
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/certbot-dns-rfc2136-1.26.0/PKG-INFO 
new/certbot-dns-rfc2136-1.27.0/PKG-INFO
--- old/certbot-dns-rfc2136-1.26.0/PKG-INFO     2022-04-05 19:42:18.794939500 
+0200
+++ new/certbot-dns-rfc2136-1.27.0/PKG-INFO     2022-05-03 20:34:25.328533000 
+0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: certbot-dns-rfc2136
-Version: 1.26.0
+Version: 1.27.0
 Summary: RFC 2136 DNS Authenticator plugin for Certbot
 Home-page: https://github.com/certbot/certbot
 Author: Certbot Project
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136/__init__.py 
new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136/__init__.py
--- old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136/__init__.py      
2022-04-05 19:41:26.000000000 +0200
+++ new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136/__init__.py      
2022-05-03 20:33:10.000000000 +0200
@@ -65,6 +65,38 @@
 including for renewal, and cannot be silenced except by addressing the issue
 (e.g., by using a command like ``chmod 600`` to restrict access to the file).
 
+Examples
+--------
+
+.. code-block:: bash
+   :caption: To acquire a certificate for ``example.com``
+
+   certbot certonly \\
+     --dns-rfc2136 \\
+     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
+     -d example.com
+
+.. code-block:: bash
+   :caption: To acquire a single certificate for both ``example.com`` and
+             ``www.example.com``
+
+   certbot certonly \\
+     --dns-rfc2136 \\
+     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
+     -d example.com \\
+     -d www.example.com
+
+.. code-block:: bash
+   :caption: To acquire a certificate for ``example.com``, waiting 30 seconds
+             for DNS propagation
+
+   certbot certonly \\
+     --dns-rfc2136 \\
+     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
+     --dns-rfc2136-propagation-seconds 30 \\
+     -d example.com
+
+
 Sample BIND configuration
 '''''''''''''''''''''''''
 
@@ -108,35 +140,59 @@
    
<https://bind9.readthedocs.io/en/latest/reference.html#dynamic-update-policies>`_
    for details.
 
-Examples
---------
+Special considerations for multiple views in BIND
+'''''''''''''''''''''''''''''''''''''''''''''''''
 
-.. code-block:: bash
-   :caption: To acquire a certificate for ``example.com``
+If your BIND configuration leverages multiple views, Certbot may fail with an
+``Unable to determine base domain for _acme-challenge.example.com`` error.
+This error occurs when Certbot isn't able to communicate with an authorative
+nameserver for the zone, one that answers with the AA (Authorative Answer) flag
+set in the response.
+
+A common multiple view configuration with two views, external and internal,
+can cause this error.  If the zone is only present in the external view, and
+the credentials_ ``dns_rfc2136_server`` setting is set (e.g. 127.0.0.1) so the
+DNS server's ``match-clients`` view option causes the DNS server to route
+Certbot's query to the internal view; the internal view doesn't contain the
+zone, so the response won't have the AA flag set.
+
+One solution is to logically place the zone into the view Certbot is sending
+queries to, with an
+`in-view 
<https://bind9.readthedocs.io/en/latest/reference.html#multiple-views>`_
+zone option.  The zone will be then visible in both zones with exactly the 
same content.
 
-   certbot certonly \\
-     --dns-rfc2136 \\
-     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
-     -d example.com
+.. note::
+   Order matters in BIND views, the ``in-view`` zone option must refer to a
+   view defined preceeding it, it cannot refer to a view defined later in the 
configuration file.
 
-.. code-block:: bash
-   :caption: To acquire a single certificate for both ``example.com`` and
-             ``www.example.com``
+.. code-block:: none
+   :caption: Split-view BIND configuration
 
-   certbot certonly \\
-     --dns-rfc2136 \\
-     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
-     -d example.com \\
-     -d www.example.com
+   key "keyname." {
+     algorithm hmac-sha512;
+     secret "4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs \
+AmKd7ak51vWKgSl12ib86oQRPkpDjg==";
+   };
 
-.. code-block:: bash
-   :caption: To acquire a certificate for ``example.com``, waiting 30 seconds
-             for DNS propagation
+   // adjust internal-addresses to suit your needs
+   acl internal-address { 127.0.0.0/8; 10.0.0.0/8; 192.168.0.0/16; 
172.16.0.0/12; };
 
-   certbot certonly \\
-     --dns-rfc2136 \\
-     --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini \\
-     --dns-rfc2136-propagation-seconds 30 \\
-     -d example.com
+   view "external" {
+     match-clients { !internal-addresses; any; };
+
+     zone "example.com." IN {
+       type master;
+       file "named.example.com";
+       update-policy {
+         grant keyname. name _acme-challenge.example.com. txt;
+       };
+     };
+   };
+
+   view "internal" {
+     zone "example.com." IN {
+       in-view external;
+     };
+   };
 
 """
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136.egg-info/PKG-INFO 
new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136.egg-info/PKG-INFO
--- old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136.egg-info/PKG-INFO        
2022-04-05 19:42:18.000000000 +0200
+++ new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136.egg-info/PKG-INFO        
2022-05-03 20:34:24.000000000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: certbot-dns-rfc2136
-Version: 1.26.0
+Version: 1.27.0
 Summary: RFC 2136 DNS Authenticator plugin for Certbot
 Home-page: https://github.com/certbot/certbot
 Author: Certbot Project
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136.egg-info/requires.txt 
new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136.egg-info/requires.txt
--- old/certbot-dns-rfc2136-1.26.0/certbot_dns_rfc2136.egg-info/requires.txt    
2022-04-05 19:42:18.000000000 +0200
+++ new/certbot-dns-rfc2136-1.27.0/certbot_dns_rfc2136.egg-info/requires.txt    
2022-05-03 20:34:25.000000000 +0200
@@ -1,7 +1,7 @@
 dnspython>=1.15.0
 setuptools>=41.6.0
-acme>=1.26.0
-certbot>=1.26.0
+acme>=1.27.0
+certbot>=1.27.0
 
 [docs]
 Sphinx>=1.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/certbot-dns-rfc2136-1.26.0/setup.py 
new/certbot-dns-rfc2136-1.27.0/setup.py
--- old/certbot-dns-rfc2136-1.26.0/setup.py     2022-04-05 19:41:27.000000000 
+0200
+++ new/certbot-dns-rfc2136-1.27.0/setup.py     2022-05-03 20:33:11.000000000 
+0200
@@ -4,7 +4,7 @@
 from setuptools import find_packages
 from setuptools import setup
 
-version = '1.26.0'
+version = '1.27.0'
 
 install_requires = [
     'dnspython>=1.15.0',

commit python-certbot-dns-rfc2136 for openSUSE:Factory

Reply via email to