After talking to kibi and jrtc27 on IRC, pushing up a new proposed diff with some tweaks to the control file and changelog.
For more background about how this happened and why the move to v9 fixes it (with many, many thanks to Michael Biebl who walked me through this earlier when I sent up a flare for help): In the unstable branch, we switched to using dh_installsystemd instead of dh_systemd_enable in between the version that was in stable and the version in unstable. When preparing the SRU for the update, I undid those changes and reduced the compat level down to match the version that was in stretch (v10) to reduce the diff that would occur in stable. Unbeknownst to me, there was a change to the behavior of dh_systemd_enable between v9 and v10 that causes problems on upgrade. In v9, dh_systemd_enable would stop timers in prerm and then start them in postinst. In v10, however, dh_systemd_enable switches to using try-restart, which will noop on stopped timers. This means when the SRU was installed, the timer was stopped (in the old v9 prerm) and never started (in the new v10 postinst). Changing back to use v9 will mean that the package will invoke the start on the timer regardless of its current status, fixing broken systems and preventing new problems. This problem doesn't occur on fresh installs because the postinst is called differently, and although I tested certbot extensively (and had upstream do the same), none of us were looking closely at the timer functionality because "it wasn't supposed to change" (because that's never caused bugs before, god knows.) Sincerely, -- Harlan Lieberman-Berg ~hlieberman
certbot-src.debdiff
Description: Binary data
