Package: certbot Version: 0.31.0-1 Severity: normal Yesterday I started getting certificate validation errors on one domain in the DAVx5 client on Android and in Evolution 3.38 running on Debian testing. The error here was that the issuer of the certificate is unknown. I noticed that certbot had renewed the certificate yesterday.
The new certificate is now issued by C=US, O=Let's Encrypt, CN=R3, while the previous one was issued by C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 This change is documented here: https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 They mention that some ACME clients might have a problem with this change, and in that case the new certificate can fail to validate. I updated the certbot package to 1.10.1 from Testing, and renewed the certificate for the problematic domain. The certificate validation error went away in both DAVx5 and Evolution. So it appears that the old certbot version in Stable is suffering from this problem. -- System Information: Debian Release: 10.7 APT prefers stable APT policy: (700, 'stable'), (650, 'proposed-updates'), (600, 'oldstable'), (500, 'oldoldstable'), (500, 'testing'), (200, 'unstable'), (160, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages certbot depends on: ii python3 3.7.3-1 ii python3-certbot 0.31.0-1 certbot recommends no packages. Versions of packages certbot suggests: pn python-certbot-doc <none> pn python3-certbot-apache <none> pn python3-certbot-nginx <none> -- Configuration Files: /etc/cron.d/certbot [Errno 2] No such file or directory: '/etc/cron.d/certbot' -- no debconf information
