- Status Closed
- Percent Complete
- Task Type Bug Report
- Category Any
-
Assigned To
Emulatorman - Operating System Hyperbola GNU/Linux-libre
- Severity Critical
- Priority Very High
- Reported Version Any
- Due in Version Starfix
-
Due Date
Undecided
- Votes
- Private
Opened by Megver83 - 16/07/2018
Last edited by Emulatorman - 20/07/2018
FS#1100 - [python-acme] to start crashing on June 19th
Description:
Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16
[Impact]
Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.
[Test Case]
On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
[Regression Potential]
If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).
[Original Bug Description]
I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.
Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.
To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.
Please let me know what I can do to help get this resolved.
Additional info:
Solution is to upgrade the following packages
* certbot 0.23.0-1.hyperbola1.backports1
* python-acme 0.23.0-1.backports1
and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)
The other option is to patch certbot, as described in the launchpad’s issue
Steps to reproduce:
1) Install certbot
2) try anything related to the certificates (certonly, renew)
3) You may get an error like this:
Obtaining a new certificate An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json fields[slot] = field.decode(value) File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode return self.fdec(value) File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json '{0} not recognized'.format(cls.__name__)) josepy.errors.DeserializationError: Deserialization error: Status not recognized During handling of the above exception, another exception occurred: josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized Please see the logfiles in /var/log/letsencrypt for more details.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Yes, i think the patch is the way, since it's just one line patch.
I've pushed python-acme package with a new revision, check now if it's working well and let me know to close this task, thank you for your report!