To avoid merge conflicts, we haven't been writing changelog entries for Certbot 2.0 PRs. We'll need to go back and do this retroactively before the 2.0 release. More info at #9354 (comment).

• The default key type for new certificates is now ECDSA secp256r1 (P-256). It was previously RSA 2048-bit. Existing certificates are not affected.

• Certbot no longer supports versions of ACME from before the RFC 8555 standard.

• acme and Certbot no longer support the old urn:acme:error: ACME error prefix.

• The Apache plugin no longer supports Apache 2.2.

• Removed the certbot-dns-cloudxns plugin.

• Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key while preserving --reuse-key.

• 3rd party plugins no longer support the dist_name:plugin_name format on the CLI and in configuration files. Use the shorter plugin_name format.

• acme.client.Client, acme.client.ClientBase, acme.client.BackwardsCompatibleClientV2, acme.mixins, acme.client.DER_CONTENT_TYPE, acme.fields.Resource, acme.fields.resource, acme.magic_typing, acme.messages.OLD_ERROR_PREFIX, acme.messages.Directory.register, acme.messages.Authorization.resolved_combinations, acme.messages.Authorization.combinations have been removed.

• acme.messages.Directory now only supports lookups by the exact resource name string in the ACME directory (e.g. directory['newOrder']).

• Removed the deprecated source_address argument for acme.client.ClientNetwork.

• The zope based interfaces in certbot.interfaces have been removed in favor of the abc based interfaces found in the same module.

• Certbot no longer depends on zope.

• Removed deprecated function certbot.util.get_strict_version.

• Removed deprecated functions certbot.crypto_util.init_save_csr, certbot.crypto_util.init_save_key,
  and certbot.compat.misc.execute_command

• The attributes FileDisplay, NoninteractiveDisplay, SIDE_FRAME, input_with_timeout, separate_list_input, summarize_domain_list, HELP, and ESC from certbot.display.util have been removed.

• Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now
  patch certbot.display.util themselves in their tests or use
  certbot.tests.util.patch_display_util as a temporary workaround.

• Certbot's test API under certbot.tests now uses unittest.mock instead of the 3rd party mock library.

This post may help with writing the changelog.

I've updated the top comment with changelog entries corresponding to the commits which have landed into the 2.0.x branch. I propose keeping this up to date and we can use it as our changelog before the 2.0 release.

Thanks for doing that Alex.

I think that works as long as we remember to keep it up-to-date or double check git history before the stable 2.0 release. If we want to try the former, I think we might want to call this out in Mattermost or the weekly meeting.

Depending on the outcome of #9427, we should include "IF YOU USED THE CERTBOT 2.0 BETA, DON'T FORGET TO CHANGE TO --stable" in the 2.0 CHANGELOG.

Completed by #9461.