- Status Closed
- Percent Complete
- Task Type Update Request
- Category Any
-
Assigned To
coadde Emulatorman - Operating System All
- Severity Critical
- Priority Very High
- Reported Version Any
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Opened by Megver83 - 18/04/2018
Last edited by Emulatorman - 26/04/2018
FS#705 - [certbot] update package to support ACMEv2 and Wildcard
Since certbot v0.22.0[0] there’s support for ACMEv2 and Wildcard. This is an important update since wildcard SSL certificates can make server security and maintaince easier by supporting all subdomains of a base domain.
Debian Stretch (stable) uses certbot 0.10.2 but there’s 0.23.0 in stretch-backports repository[1]. So I’d like to request an update or a backport of certbot and its dependencies.
These are the actual packages versions from Hyperbola and Arch:
- certbot (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
- python-acme (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
- python-configargparse (0.12.0-1) / Hyperbola version ⇒ (0.11.0-2) [=]
- python-parsedatetime (2.4-1) / Hyperbola version ⇒ (2.3-1) [x]
- python-pbr (4.0.2-1) / Hyperbola version ⇒ (3.0.0-1) [<]
- python-pytz (2018.4-1) / Hyperbola version ⇒ (2017.2-1) [<]
- python-zope-component (4.4.1-1) / Hyperbola version ⇒ (4.3.0-2) [=]
- python-zope-event (4.3.0-1) / Hyperbola version ⇒ (4.2.0-2) [=]
NOTE: packages marked with an “[x]” means that the pkg has Debian Stretch backports of the proposed updated version. The “[=]” means that Debian has no backports but uses the same version of the pkg as Hyperbola. The [<] means the Debian Version lower than Hyperbola’s Version.
The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel. If certbot gets the update, then the following Arch packages need to be added for obtaining wildcard certificates throught the DNS challenge:
- certbot-dns-cloudflare
- certbot-dns-cloudxns
- certbot-dns-digitalocean
- certbot-dns-dnsimple
- certbot-dns-dnsmadeeasy
- certbot-dns-luadns
- certbot-dns-nsone
- certbot-dns-rfc2136
- certbot-dns-route53
I ommited certbot-dns-google since it’s not compatible with the Hyperbola Packaging Guidelines.
[0] https://community.letsencrypt.org/t/certbot-0-22-0-release-with-acmev2-and-wildcard-support/55061
[1] https://packages.debian.org/search?keywords=certbot
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hyperbola follow Debian development principles and patches, however not their packages version since we have our own development policies to upgrade our packages through our packaging guidelines (see 6th and 7th amendment of our packaging guidelines), however we consider their patching and backporting (if it contains critical security issues) so important to improve our stability. For that reason, some Debian Stretch packages version are lower than our ones :)
We will distribute only certbot-dns-luadns and certbot-dns-rfc2136 because the another packages aren't compatible with the Hyperbola Social Contract for privacy reasons like certbot-dns-google case.