Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bug Report
  • Category Any
  • Assigned To
    Emulatorman
  • Operating System Hyperbola GNU/Linux-libre
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by Megver83 - 16/07/2018
Last edited by Emulatorman - 20/07/2018

FS#1100 - [python-acme] to start crashing on June 19th

Description:
Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16


[Impact]

Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.

[Test Case]

On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866

[Regression Potential]

If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).

[Original Bug Description]

I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.

Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.

To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.

Please let me know what I can do to help get this resolved.


Additional info:
Solution is to upgrade the following packages

* certbot 0.23.0-1.hyperbola1.backports1
* python-acme 0.23.0-1.backports1

and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)

The other option is to patch certbot, as described in the launchpad’s issue

Steps to reproduce:

1) Install certbot
2) try anything related to the certificates (certonly, renew)
3) You may get an error like this:

Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.
Closed by  Emulatorman
20.07.2018 16:19
Reason for closing:  Fixed
Admin
To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.

Yes, i think the patch is the way, since it's just one line patch.

Please let me know what I can do to help get this resolved.

I've pushed python-acme package with a new revision, check now if it's working well and let me know to close this task, thank you for your report!

Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing