Package: certbot
Version: 0.31.0-1
Severity: normal
Yesterday I started getting certificate validation errors on one domain
in the DAVx5 client on Android and in Evolution 3.38 running on Debian
testing. The error here was that the issuer of the certificate is
unknown. I noticed that certbot had renewed the certificate yesterday.
The new certificate is now issued by C=US, O=Let's Encrypt, CN=R3, while
the previous one was issued by C=US, O=Let's Encrypt, CN=Let's Encrypt
Authority X3
This change is documented here:
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
They mention that some ACME clients might have a problem with this change,
and in that case the new certificate can fail to validate. I updated the
certbot package to 1.10.1 from Testing, and renewed the certificate for
the problematic domain. The certificate validation error went away in
both DAVx5 and Evolution. So it appears that the old certbot version in
Stable is suffering from this problem.
-- System Information:
Debian Release: 10.7
APT prefers stable
APT policy: (700, 'stable'), (650, 'proposed-updates'), (600, 'oldstable'),
(500, 'oldoldstable'), (500, 'testing'), (200, 'unstable'), (160,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages certbot depends on:
ii python3 3.7.3-1
ii python3-certbot 0.31.0-1
certbot recommends no packages.
Versions of packages certbot suggests:
pn python-certbot-doc
pn python3-certbot-apache
pn python3-certbot-nginx
-- Configuration Files:
/etc/cron.d/certbot [Errno 2] No such file or directory: '/etc/cron.d/certbot'
-- no debconf information