mirror of
https://github.com/certbot/certbot.git
synced 2026-01-26 07:41:33 +03:00
be3bf316c0
Based on my design [here](https://docs.google.com/document/d/1jGh_bZPnrhi96KzuIcyCJfnudl4m3pRPGkiK4fTo8e4/edit?usp=sharing). Fixes https://github.com/certbot/certbot/issues/4634 and https://github.com/certbot/certbot/issues/4635. - [x] Deprecate `NamespaceConfig.csr_dir`,`NamespaceConfig.key_dir`, ~~`constants.CSR_DIR` and `constants.KEY_DIR`~~. (`constants` is `_internal` so we can just delete it eventually). - [x] Update `certbot.crypto_util.generate_csr` and `.generate_key` to make `csr_dir` and `key_dir` optional, respectively. - [x] Change `certbot._internal.client.Client.obtain_certificate` to no longer include `csr_dir` and `key_dir` to the `.generate_csr` and `.generate_key` calls, respectively. - Automatically delete unwanted lineage items: - [x] In `certbot._internal.storage.RenewableCert`, add a function to truncate the lineage history according to the criteria (keep the current and the 5 prior certificates). - [x] Add a test suite for `truncate` - [x] In `certbot._internal.renewal.renew_cert`, call the lineage truncation function after the symlinks have been updated for the renewal. * Stop writing new files to /csr and /keys * storage: add lineage truncation * remove unused code * deprecate keys_dir and csr_dir * update CHANGELOG * just keep 5 prior certificates, dont be clever with expiry * docs: remove reference to /archive and /keys * filter {csr,key}_dir deprecations directly in tests
Nginx plugin for Certbot