Comment 23 for bug 1875471

This looks good. Thank you to everyone involved for working through such a complex issue. In particular, since python-certbot-nginx is believed to be completely broken in Focal at the moment, it is unlikely that we will regress it further and this is a nice minimal fix, so it seems unlikely that we will regret landing this. The actual upstream changes being adopted - particular the functional changes (one line!) - seem specific to one issue and minor in scope.

One minor comment:

> -ifdef (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
> +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))

I see this fix is not yet present in Groovy, but it is fixed in Debian VCS https://salsa.debian.org/letsencrypt-team/certbot/certbot-nginx/-/commit/72853775b81f04232d5d63ebeaa683003310dfbe (thank you!) and this won't cause a functional regression for users upgrading to Groovy, so I think this is acceptable for the SRU.