I've prepared backports of the configuration parsing adjustment upstream commit that interprets the ACMEv1 LE endpoint as the ACMEv2 LE endpoint instead.
Erica, please could you help with a test case that reproduces the problem and can verify the fix? We could for example install python-certbot from Bionic as released (0.23.0-1), but how would we then test where the renewal attempt endpoint goes before and after applying this fix?
Brad, I'd appreciate your review wrt. your comment in https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/8 please. AIUI, I'm not breaking python-certbot-apache itself, just its tests, right? In other words, with my proposed fix I'm just moving a test failure from python-certbot to python-certbot-apache? If so I can look into fixing the python-certbot-apache tests too, though that'll only really help if we need to update that package in Focal in future, rather than impacting users today.
I've prepared backports of the configuration parsing adjustment upstream commit that interprets the ACMEv1 LE endpoint as the ACMEv2 LE endpoint instead.
For Focal, I also removed/altered the test that expects challenges.TLSSNI01 to exist, again cherry-picked from upstream, to fix the FTBFS (bug 1876933). This might impact python- certbot- apache' s test though (https:/ /bugs.launchpad .net/ubuntu/ +source/ python- certbot- nginx/+ bug/1875471/ comments/ 8).
Erica, please could you help with a test case that reproduces the problem and can verify the fix? We could for example install python-certbot from Bionic as released (0.23.0-1), but how would we then test where the renewal attempt endpoint goes before and after applying this fix?
Brad, I'd appreciate your review wrt. your comment in https:/ /bugs.launchpad .net/ubuntu/ +source/ python- certbot- nginx/+ bug/1875471/ comments/ 8 please. AIUI, I'm not breaking python- certbot- apache itself, just its tests, right? In other words, with my proposed fix I'm just moving a test failure from python-certbot to python- certbot- apache? If so I can look into fixing the python- certbot- apache tests too, though that'll only really help if we need to update that package in Focal in future, rather than impacting users today.