Skip to content
Tags give the ability to mark specific points in history as being important
  • v4.0 Release: v4.0
      * replace deprecated DNS library calls (requires dnspython >= 2.0)
      * needs python 3.9 to use the dictionary union operator
      * explicitly disable the DNS suffix search list
    Older versions of dnspython (<2.0) followed locally configured DNS suffix search list.
    Although, as the ACME server does not know this list, this feature could not be used before
    in practice. Normally, this breaking change should not impact users.
    I'd like to thank kinkie for the [pull request #7]( on
    Github which removed the deprecated DNS library calls.
      * tools: acme_account_deactivate add missing timeout for one post request
    Other changes:
      * update gitlab domain name for
      * gitlab-ci: remove Strech build and adds Bookworm one
      * update code style
      * tests: config_factory sets explicit encoding and disable the "using-with" recommendation
      * gitlab-ci: coverage only on Debian stable and use yaml multi-line style for scripts
      * gitlab-ci: replace stages for Debian oldoldstable by testing
  • v3.0
    9e965c81 · release 3.0 ·
    Release: v3.0
    Breaking and behavior changes:
    * Automatically resolve zone name and authoritative name servers
      * A new configuration file is required due to this new functionality:
        * DNS section is fully optional
        * DNS section only contains `Timeout` and `NameServer` options
        * Now acme-dns-tiny uses by default the system name server to query DNS resources
          (you can specify other with the  new `NameServer` option).
      * With the help of `SOA` and `NS` DNS resource records, `acme-dns-tiny` is able to
        automatically find the DNS authoritative server where to install ACME DNS-01 challenges.
        See [commit message](
        for more details.
    * Requests sent to ACME server and DNS server have a default timeout to 10 seconds
      * Before, acme-dns-tiny could hand forever waiting for a HTTP or DNS response
      * dnspython >= 1.16 is required due to this new functionality
      * use Python context manager to run `openssl` commands
    Continuous Integration:
      * add tests to keep coherent code style (linters for  YAML and python files)
      * run `check` stage with Debian Bullseye
      * git default branch is now `main` instead of `master`
  • v2.4.1 Release: v2.4.1
    Fix typos on log messages. Thanks [cpswan](
  • v2.4 Release: v2.4
    Feature fixed on v2.4:
      * correctly retrieve account information when it was already registred (afb7e988)
      * when DNS Host configuration is an IP address, use it correctly as name server (2776348a)
      * improve code stability by following hints from [pyright](
        (raises more explicit errors, fix function return type...)
    Continuous Integration:
      * Remove tests for Debian Jessie and add tests for Debian Bullseye (a745e655)
      * Validate all tests with the [pebble]( tiny ACME server
      * Move documentation from wiki to [`/documentations`](./documentations) directory so we can always synchronize it with code
  • v2.3 Release: Maintenance release v2.3
    Maintenance release v2.3
    Feature fixed on v2.3:
      * fix compatibility with dnspython 2.0 (#11)
      * fix issue when trying to apply DNS update on secondary server (thanks Sebastian Koechlin)
      * fix debug message when CNAME was not found
      * fix test chain assertion (a chain contains more than 1 certificate)
    Feature added:
      * skip already validated authorization challenge
    Continuous Integration improvement:
      * Debian Stretch tests were using Debian Jessie image
      * Enable Docker build uses [BUILDKIT](
        and the `overlay2` filesystem driver
      * the .gitignore file has been simplified
  • v2.2 Release: v2.2
    Some bug fixes, code style following pep8 and updated Continuous Integration stages
  • v2.1 Release: v2.1
    Compatibility with ACME v2 draft-16
  • v2.0 Release: v2.0
    This release is only compatible with Let's Encrypt V2 API which is based on the 9th draft of ACME RFC.
  • v1.5 Release: v1.5
    A bit of code rework to be more clear, simpler unit tests and support for Windows end of lines (not tested on this OS, feedbacks are welcome !)
  • v1.4 Release: v1.4
    * use Nonce received in latest ACME server response if available
    * Added a script to implement account key rollover
    * Moved aside the script used to delete account key
  • v1.3 Release: v1.3
  • v1.2 Release: v1.2
    * Add tests to cover more code
    * Clean a bit info messages
    * Fix typos
  • v1.1 Release: v1.1
    Update README links
  • v1.0 Release: v1.0
    First release of acme-dns-tiny.