group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1745227] Re: TLS SNI 01 authentication removed, must upgrade to 0.21.0 to renew

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Fri, 19 Apr 2019 05:59:11 -0000
Reply-to: Bug 1745227 <1745227@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

python-certbot (0.23.0-1~ubuntu16.04.1) xenial; urgency=medium

  [ Robie Basak ]
  * This update is part of the set of major updates moving Let's
    Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to
    continue working following the general shutdown of TLS-SNI-01
    validation (LP: #1640978).
  * This new source package takes over the function of
    the previous source package python-letsencrypt, with binary packages
    certbot, python-certbot and python-certbot-doc taking over
    respectively.
  * The following two functional changes are additionally made:
    - Log rotation is switched to logrotate via
      /etc/logrotate.d/certbot, and /etc/letsencrypt/cli.ini is
      introduced to disable internal log rotation to avoid collision.
    - Automatic renewal is enabled via the certbot.timer and
      certbot.service systemd units.

  [ Michael Casadevall ]
  * Backport to Xenial

 -- Robie Basak <robie.basak@xxxxxxxxxx>  Fri, 22 Feb 2019 12:41:51
+0000

** Changed in: python-certbot (Ubuntu Artful)
       Status: Triaged => Won't Fix

** Changed in: python-certbot (Ubuntu Xenial)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1745227

Title:
  TLS SNI 01 authentication removed, must upgrade to 0.21.0 to renew

Status in python-certbot package in Ubuntu:
  Fix Released
Status in python-certbot source package in Xenial:
  Fix Released
Status in python-certbot source package in Artful:
  Won't Fix

Bug description:
  https://github.com/certbot/certbot/issues/5405#issuecomment-358524100

  TLS-SNI-01 had a CA security issue in shared hosts, as such the
  letsencrypt CA blocked the auth method. The update is in 0.21.0, until
  it's pushed out renewing will be more difficult as you'll need to
  configure webroot renewals.

  This affects all current and future versions. I'm in 14.04.5 LTS
  I'm on certbot 0.19.0, 20.0-3 is available in The Bionic Beaver

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-certbot/+bug/1745227/+subscriptions