Packaging Guide


We release packages and upload them to PyPI (wheels and source tarballs).

The following scripts are used in the process:

We use git tags to identify releases, using Semantic Versioning. For example: v0.11.1.

Notes for package maintainers

  1. Please use our tagged releases, not master!
  2. Do not package certbot-compatibility-test or letshelp-certbot - it’s only used internally.
  3. If you’d like to include automated renewal in your package certbot renew -q should be added to crontab or systemd timer. Additionally you should include a random per-machine time offset to avoid having a large number of your clients hit Let’s Encrypt’s servers simultaneously.
  4. jws is an internal script for acme module and it doesn’t have to be packaged - it’s mostly for debugging: you can use it as echo foo | jws sign | jws verify.
  5. Do get in touch with us. We are happy to make any changes that will make packaging easier. If you need to apply some patches don’t do it downstream - make a PR here.