Public bug reported: If a printer preferrably prints through ipps, Cups will store the printers (self signed) certificate in /etc/cups/ssl/
However, if this certificate becomes outdated or invalid, or if it changes, it will *not be removed* and Cups only complains that the "backend returned status 4", "No suitable destination host found by cups-browsed". Even removing the printer manually will not remove the old certificate, rendering the printer invalid for life: when te printer re-appears, the old, invalid certificate is still there, resulting in the printer still not working. Steps to reproduce: - use a printer that prefers ipps, let's call it printer_bob - let this printer appear in your printer list - make a test print - Now remove the printer and check that the certificate will survive: lpadmin -x printer_bob; ls -al /etc/cups/ssl/*bob*crt What happens: - certificate is still there What should happen: - a removed printer should not have a certificate left Now in this example, it's rather harmless because the certificate is probably still valid. But a printer update, rename or otherwise will render it invalid and printing will become impossible. You could simulate a name change for printers: mv /etc/cups/ssl/printer-carol.local.crt /etc/cups/ssl/printer-bob.local.crt Or simply mess up the certificate: sed -i '2s/./a/g' /etc/cups/ssl/printer-bob.local.crt After this, you will *not* be able to print to printer-bob, because bob has the wrong certificate (obviously). Removing printer-bob does not help. You will need to manually remove the certificate in order to make bob print again. /var/log/cups/error.log will only say that "no suitable destination host found", which is not true: there *is* a destination but the SSL certificate does not match and Cups will only try the first printing method, ipps. ** Affects: cups (Ubuntu) Importance: Undecided Status: New ** Summary changed: - Printer SSL certificates are added but never removed, resulting in non working printers + Printer SSL certificates are added but never removed, resulting in "no suitable destination host found by cups-browsed" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1984107 Title: Printer SSL certificates are added but never removed, resulting in "no suitable destination host found by cups-browsed" Status in cups package in Ubuntu: New Bug description: If a printer preferrably prints through ipps, Cups will store the printers (self signed) certificate in /etc/cups/ssl/ However, if this certificate becomes outdated or invalid, or if it changes, it will *not be removed* and Cups only complains that the "backend returned status 4", "No suitable destination host found by cups-browsed". Even removing the printer manually will not remove the old certificate, rendering the printer invalid for life: when te printer re-appears, the old, invalid certificate is still there, resulting in the printer still not working. Steps to reproduce: - use a printer that prefers ipps, let's call it printer_bob - let this printer appear in your printer list - make a test print - Now remove the printer and check that the certificate will survive: lpadmin -x printer_bob; ls -al /etc/cups/ssl/*bob*crt What happens: - certificate is still there What should happen: - a removed printer should not have a certificate left Now in this example, it's rather harmless because the certificate is probably still valid. But a printer update, rename or otherwise will render it invalid and printing will become impossible. You could simulate a name change for printers: mv /etc/cups/ssl/printer-carol.local.crt /etc/cups/ssl/printer-bob.local.crt Or simply mess up the certificate: sed -i '2s/./a/g' /etc/cups/ssl/printer-bob.local.crt After this, you will *not* be able to print to printer-bob, because bob has the wrong certificate (obviously). Removing printer-bob does not help. You will need to manually remove the certificate in order to make bob print again. /var/log/cups/error.log will only say that "no suitable destination host found", which is not true: there *is* a destination but the SSL certificate does not match and Cups will only try the first printing method, ipps. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1984107/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp