dehydrated: Missing ID field for new registrations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dehydrated (Debian) |
Fix Released
|
Unknown
|
|||
dehydrated (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Mattia Rizzolo | ||
Disco |
Fix Released
|
High
|
Mattia Rizzolo |
Bug Description
[ Inpact ]
https:/
https:/
Changes in the Let's Encrypt API caused several issues due to a non-RFC compliant handling of the account ID.
Furthermore, I want to take this occasion to also introduce a few fixes for some upcoming changes in November.
The simplest (and imho more safe) way to fix all of these is to take the version in Debian stable 0.6.2-2+deb10u1.
[ Test Case ]
I can't quite generate a trivial test case, as afaik this requires actually running the program to get a certificate.
If you do, you get a "400 Bad Request" with 0.6.1-2 up to 0.6.5-1.
[ Regression Potential ]
This update has been widely tested on several production setup. The very same package is not used on Debian stable as well, just with a different version.
Compared to the current version 0.6.1-2, there are not many non-bugfix change (the only relevant one being a new hook deploy_ocsp), and those should not affect any production environment.
Changed in dehydrated (Ubuntu Bionic): | |
importance: | Undecided → High |
assignee: | nobody → Mattia Rizzolo (mapreri) |
status: | New → Triaged |
Changed in dehydrated (Ubuntu): | |
status: | New → Fix Released |
description: | updated |
Changed in dehydrated (Ubuntu Bionic): | |
status: | Triaged → In Progress |
Changed in dehydrated (Ubuntu Disco): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Mattia Rizzolo (mapreri) |
Changed in dehydrated (Debian): | |
status: | Unknown → Fix Released |
tags: |
added: verification-done-bionic removed: verification-needed verification-needed-bionic verification-needed-disco |
tags: | added: verification-needed-disco |
both uploaded.