Comment 14 for bug 2018252

Hello Steve,

I was able to verify the fix in both Focal and Jammy:

* For both distributions, I verified the test-plan as above.
* For Focal, I tested 1.1.0-1 vs. 1.1.0-1ubuntu0.1.
* For Jammy, I tested 1.21.0-1 vs. 1.21.0-1ubuntu0.1.

Additionally, for both distributions, I tested certbot in a Docker image to validate that the old version indeed triggers the bug, and updating to the new version in proposed indeed fixes the issue. I used the procedure described in my own cryptography-based ACMEv2 implementation[1] (with a minor modification to use the appropriate distribution) to run the full certificate validation and issuance processes using certbot. In both cases, this looked like this (note that certbot is configured to use the local ACMEv2 server via configuration file, output trimmed for brievety):

  root@certbot:~# dpkg-query --showformat='${Version}\n' --show python3-acme
  1.1.0-1
  root@certbot:~# certbot register
  ...
  root@certbot:~# django-ca-test-validation.sh http http-01.example.com
  + certbot certonly --standalone --preferred-challenges http -d http-01.example.com
  ...
  An unexpected error occurred:
  The CSR is unacceptable (e.g., due to a short key) :: Invalid CSR version.

  # add -proposed as described in the docs

  root@certbot:~# dpkg-query --showformat='${Version}\n' --show python3-acme
  1.1.0-1ubuntu0.1

  root@certbot:~# django-ca-test-validation.sh http http-01.example.com
  + certbot certonly --standalone --preferred-challenges http -d http-01.example.com
  ...
  Waiting for verification...
  Cleaning up challenges

  IMPORTANT NOTES:
   - Congratulations! Your certificate and chain have been saved at:
  ...

I hope this properly confirms the fix and this is speedily released.

kr, Mat

[1] https://django-ca.readthedocs.io/en/latest/dev/acme.html