Date: Thu, 14 Jun 2018 19:39:46 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 229016] LibreSSL breaks certbot renewal of certificates issued since April Message-ID: <bug-229016-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229016 Bug ID: 229016 Summary: LibreSSL breaks certbot renewal of certificates issued since April Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: brnrd@freebsd.org Reporter: freebsd-bugzilla.bugs@kjpetrie.co.uk Flags: maintainer-feedback?(brnrd@freebsd.org) Assignee: brnrd@freebsd.org If security/certbot and its dependencies are compiled against security/libressl, renewal of certificates issued since late March by Let's Encrypt fails with the message: "The <ObjectIdentifier(oid=3D1.3.6.1.4.1.11129.2.4.2, name=3DUnknown OID)> extension is invalid and can=E2=80=99t be parsed. Skipping. All renewal attempts failed. The following certs could not be renewed:" This is caused by Let's Encrypt adding an extension to the certificate whic= h is not recognised by LibreSSL. To reproduce: ensure LibreSSL is in use for certbot's dependencies and enter: "certbot renew --dry-run". --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229016-7788>