I’m another upstream developer of Certbot.

Taking 0.21.1 into stable would be the most conservative update that would 
resolve this issue. The oldest version you could take is 0.21.0, but 0.21.1 was 
released 8 days later and as a result has been much more widely tested. Since 
0.21.1 was released back in January, it has been installed and run on over 
500,000 systems and been used to obtain over two million certificates from 
Let’s Encrypt. Alternatively, you could take 0.22.2 or 0.23.0 which would 
include other bug fixes (and features), but they both have been released for 
less than a month.

The switch to Python 3 would affect relatively few users, but it will affect 
some. There are around 200 installations maintaining certificates from Let’s 
Encrypt using the packages in stretch (or jessie-backports) with third party 
Certbot plugins. These plugins need to register themselves using Certbot’s 
Python interface so a change to Python 3 would likely break things for them.

There may also be Debian users using Certbot with a private CA or using 
Certbot’s Python interface in ways other than writing a plugin. We don’t have 
data on these users and the latter is not supported, however, I have seen a 
couple instances of both. I’m unsure if the people I’ve seen doing this were 
using Debian.

The certbot, python-acme, python-certbot, python-certbot-apache, and 
python-certbot-nginx would all need to be updated.

Please let me know if there’s anything else I can do to help get this resolved.

Reply via email to