Ubuntu
python-letsencrypt package

  1. Xenial (16.04)
  2. Bug #1640978
  3. Comment #124

Comment 124 for bug 1640978

Revision history for this message
Robie Basak (racb) wrote :

The Let's Encrypt packages in Ubuntu 16.04 will stop working on 13 March 2019. Updates to fix this problem are now ready for testing. Please help us test!

Certbot (formerly called Let's Encrypt) will stop working properly on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the Ubuntu 16.04 letsencrypt package effectively useless for many users. Newer Ubuntu releases package versions of Certbot that implement alternate validation methods and are not affected.

In Ubuntu 16.04 we are addressing this by backporting the existing Certbot packaging from Ubuntu 18.04. Proposed updates for 16.04 are now available and will be released to the usual update channels when they have received sufficient testing and validation.

Please help us test these packages on 16.04. Reports of both success and failure are appreciated. Please include details of how you tested, including the package versions used and any specifics of your environment to https://launchpad.net/bugs/1640978

To test:

To avoid upgrading wholesale to the proposed pocket (doing so may break your system), ensure that apt is pinned from doing so by making sure that a file exists in `/etc/apt/preferences.d/`, for example `/etc/apt/preferences.d/proposed-updates`, as follows:

    Package: *
    Pin: release a=xenial-proposed
    Pin-Priority: 400

Allow apt to upgrade all the packages provided in this Certbot update by creating `/etc/apt/preferences.d/certbot-proposed` as follows:

    Package: python-acme-doc python-acme python3-acme certbot letsencrypt python-certbot-doc python-certbot python-certbot-apache python-certbot-apache-doc python-josepy-doc python-josepy python3-josepy python-letsencrypt python-letsencrypt-apache
    Pin: release a=xenial-proposed
    Pin-Priority: 500

Make sure the following line exists in your `/etc/apt/sources.list` (or in a file in `/etc/apt/sources.list.d/`):

    deb http://archive.ubuntu.com/ubuntu/ xenial-proposed main universe

(other components such as `restricted` and `multiverse` may also be present).

Now you may simply `apt update` and `apt upgrade` as usual and apt will upgrade to this proposed update ready for testing.

Reports of both success and failure are appreciated. Please include details of how you tested, including the package versions used and any specifics of your environment. You can generate the status and versions of all the Certbot-related packages with the following command:

    dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${version}\n' python-acme-doc python-acme python3-acme certbot letsencrypt python-certbot-doc python-certbot python-certbot-apache python-certbot-apache-doc python-josepy-doc python-josepy python3-josepy python-letsencrypt python-letsencrypt-apache

Please add testing reports to the Launchpad tracking bug at: https://launchpad.net/bugs/1640978