Django-ca

* Update for compatibility with cryptography 3.4.
* Add support for Alpine 3.13.
* Due to cryptography requiring a relatively new version of Rust, support for Alpine<3.12 is dropped.

* Bugfix release for 1.17.0 to address packaging issues for wheels (when installed with pip install).
* Include acme submodule (fixes 67).
* Relax dependencies for josepy (fixes 68).
* Add tests in Dockerfile to make sure that these issues cannot happen again.

* New [CA_DEFAUT_CA](https://django-ca.readthedocs.io/en/1.17.0/settings.html#settings-ca-default-ca) setting to consistently configure the CA used by default.
* Fix the `--issuer-alt-name` option for the init_ca/edit_ca management commands.
* Correctly handle IDNA domain names in URLs and certificates.
* **Preliminary** [ACMEv2 support](https://django-ca.readthedocs.io/en/1.17.0/acme.html) (disabled by default).
* CAs have new fields `caa_identity`, `website` and `terms_of_service`, which are used by ACME.
* Add support for Python 3.9.
* Add support for cryptography 3.1, 3.2 and 3.3.
* Start linting code with [pylint](https://www.pylint.org/).
* Secure CSRF and session cookies using Djangos `SESSION_COOKIE_SECURE`, `CSRF_COOKIE_HTTPONLY` and `CSRF_COOKIE_SECURE` settings.

Docker (Compose)

* Add thorough [Quickstart with docker-compose](https://django-ca.readthedocs.io/en/1.17.0/quickstart_docker_compose.html).
* Collect static files on startup instead of during build. The latter causes problems with image updates.
* Make `manage.py` available as the `manage` shortcut.
* Add several security related headers to the admin interface (CSP, etc).
* Include a template for a complete TLS configuration.

Backwards incompatible changes

* Drop support for Python 3.5.
* Drop support for cryptography 2.7.
* Drop support for Celery 4.2.
* Drop support for idna 2.8.

Deprecation notices

* This is the last release to support Celery 4.3 and 4.4.
* This is the last release to support cryptography 2.8 and 2.9.
* This is the last release to support Django 3.0 (2.2 LTS will still be supported).
* This is the last release to support idna 2.9.
* This is the last release to support Alpine 3.10.

* This is a bugfix release for 1.16.0 that mostly addresses CRL validation issues.
* Add support for cryptography 3.1.
* Fix OCSP, Issuer and CRL URLs for intermediate CAs that are not a *direct* child of a root CA.
* Fix AuthorityKeyIdentifier in CRLs for intermediate CAs (see 65).
* Properly handle CommonNames which are not parseable as SubjectAlternativeName in admin interface (see 62).
* Minor documentation updates (see 63)
* Fix error in ``manage.py notify_expiring_certs`` in non-timezone aware setups.
* Override terminal size when running test cases, otherwise the output of argparse depends on the terminal size, leading to test failures on large terminals.

* Add support for cryptography 2.9 and 3.0.
* Add support for Django 3.1.
* The docker image is now based on Alpine Linux 3.12.
* Update `redis` to version 6 and nginx version 18 when using docker-compose
* Finally update Sphinx since [numpydoc215](https://github.com/numpy/numpydoc/issues/215) is finally fixed.
* The profile used to generate the certificate is now stored in the database.
* It is no longer optional to select a profile in the admin interface when creating a certificate.
* Certificates have a new `autogenerated` boolean flag, which is `True` for automatically generated OCSP certificates.
* The admin interface will list only valid and non-autogenerated certificates by default.

Backwards incompatible changes

* Drop support for Django 1.11 and 2.1.
* Drop support for Celery 4.0 and 4.1.
* Drop support for OpenSSL 1.1.0f and earlier. This affects Debian oldoldstable (jessie), Ubuntu 16.04 and Alpine 3.8.
* `Certificate.objects.init()` and `profiles.get_cert_profile_kwargs()` were removed. Use [Certificate.objects.create_cert()](https://django-ca.readthedocs.io/en/1.16.0/python) instead.

Deprecation notices

* This is the last release to support Python 3.5.
* This is the last release to support cryptography 2.7.
* This is the last release to support Celery 4.2.
* This is the last release to support idna 2.8.
* The Django project included in this git repository will stop loading `localsetttings.py` files in `django-ca>=1.18.0`.
* The format for the `CA_PROFILES` setting has changed in [1.14.0](https://django-ca.readthedocs.io/en/1.16.0/changelog.html#changelog-1-14-0). Support for the old format will be removed in `django-ca==1.17.0`. Please see the [migration instructions](https://django-ca.readthedocs.io/en/1.16.0/profiles.html#profiles-pre-114-migration) for what to change.

* Add support for Django 3.0.
* The docker image is now based on Alpine Linux 3.11.
* The default project now supports configuring django-ca using YAML configuration files. Configuration using `localsettings.py` is now deprecated and will be removed in `django-ca>=1.18.0`.
* Start supporting Celery tasks to allow running tasks in a distributed, asynchronous task queue. Some tasks will automatically be run with Celery if it is enabled. Celery is used automatically if installed, but can always be disabled by setting `CA_USE_CELERY=False`.
* Drop dependency `six` (since we no longer support Python 2.7).
* Allow caching of CRLs via `manage.py cache_crls`.
* The `manage.py init_ca` command will now automatically cache CRLs and generate OCSP keys for the new CA.
* Support `POSTGRES_*` and `MYSQL_*` environment variables to configure database access credentials in the same way as the Docker images for PostgreSQL and MySQL do.
* There now are [setuptools extras](https://packaging.python.org/tutorials/installing-packages/#installing-setuptools-extras) for `redis` and `celery`, so you can install all required dependencies at once.
* Add `CA_PASSWORDS` setting to allow you to set the passwords for CAs with encrypted private keys. This is required for automated tasks where the private key is required.
* Add `CA_CRL_PROFILES` setting to configure automatically generated CRLs. Note that this setting will likely be moved to a more general setting for automatic tasks in future releases.
* `django_ca.extensions.AuthorityKeyIdentifier` now also supports issuers and serials.
* `django_ca.utils.parse_general_name()` now returns a `cryptography.x509.GeneralName` unchanged, but throws an error if the name isn't a `str` otherwise.
* New class `django_ca.utils.GeneralNameList` for extensions that store a list of general names.
* Add support for the `django_ca.extensions.FreshestCRL` extension.
* Store CA private keys in the `ca/` subdirectory by default, the directory can be configured using `manage.py init_ca --path=...`.

Backwards incompatible changes

* Drop support for Python 2.7.
* Drop support for cryptography 2.5 and 2.6.
* Drop support for Alpine 3.8 (because PostgreSQL and MySQL depend on libressl).
* Removed the `manage.py migrate_ca` command. If you upgrade from before [1.12.0](https://django-ca.readthedocs.io/en/latest/changelog.html#changelog-1-12-0), upgrade to [1.14.0](https://django-ca.readthedocs.io/en/latest/changelog.html#changelog-1-14-0) first and [update file storage](https://django-ca.readthedocs.io/en/latest/update.html#update-file-storage).
* Removed the `ca_crl` setting in `django_ca.views.CertificateRevocationListView`, use `scope` instead.

Docker

* Add a [docker-compose.yml](https://django-ca.readthedocs.io/en/latest/docker.html#docker-compose) file to quickly launch a complete service stack.
* Add support for Celery, MySQL, PostgreSQL and Redis.
* Change the working directory to `/usr/src/django-ca/ca`, so manage.py can now be invoked using `python manage.py` instead of `python ca/manage.py`.
* Add a Celery startup script (`./celery.sh`).
* Add a nginx configuration template at `nginx/default.template`.
* Static files are now included in a "collected" form, so they don't have to collected on startup.
* Generate OCSP keys and cache CRLs on startup.
* Use [BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/) to massively speed up the Docker image build.

Bugfixes

* Fix generation of CRLs and OCSP keys for CAs with a DSA private key.
* Fix storing an empty list of CRL URLs in some corner cases (when the function receives an empty list).
* Fix naming CAs via serial on the command line if the serial starts with a zero.
* Consistently style serials in a monospace font in admin interface.
* The `ocsp` profile used for OCSP keys no longer copies the CommonName (which is the same as in the CA) to to the SubjectAlternativeName extension. The CommonName is frequently a human-readable name in CAs.

Deprecation notices

* This is the last release to support Django 1.11 and 2.1.
* The Django project included in this git repository will stop loading `localsetttings.py` files in `django-ca>=1.18.0`.
* `Certificate.objects.init()` and `django_ca.profiles.get_cert_profile_kwargs` were deprecated in [1.14.0](https://django-ca.readthedocs.io/en/latest/changelog.html#changelog-1-14-0) and will be removed in `django-ca==1.16.0`. Use `Certificate.objects.create_cert()` instead.
* The format for the `CA_PROFILES` setting has changed in [1.14.0](https://django-ca.readthedocs.io/en/latest/changelog.html#changelog-1-14-0). Support for the old format will be removed in `django-ca==1.17.0`. Please see the [migration instructions](https://django-ca.readthedocs.io/en/latest/profiles.html#profiles-pre-114-migration) for what to change.