certbot backport

To: debian-backports@lists.debian.org
Subject: certbot backport
From: Frederik Himpe <fhimpe@ai.vub.ac.be>
Date: Mon, 14 Dec 2020 11:14:14 +0100
Message-id: <[🔎] ad2f5c104925ecb09a8cb5939b85c862ccfc4009.camel@ai.vub.ac.be>

Hi,

It looks like certbot in Debian Buster is too old to deal correctly
with the newly issued certificates signed by R3 intermediate. See bug
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977350 . I hope that
bug can be fixed in Buster.

Furthermore, starting next month, Certbot will issue certificates by
default which will not validate by older clients (such as older Android
version):
https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516
This change can be delayed by setting preferred-chain = DST Root CA X3,
but you need at least Certbot 1.6 for that.

So a backported version of certbot seems worthwhile.

Regards,
-- 
Frederik Himpe <fhimpe@ai.vub.ac.be>
Vrije Universiteit Brussel

Reply to:

Prev by Date: Power down fails on Lenovo Yoga 260
Next by Date: Re: Incorrect dependency in python3-lxml
Previous by thread: Power down fails on Lenovo Yoga 260
Next by thread: Fwd: ffmpegfs_2.1-1~bpo10+1: ACCEPTED on mentors (buster-backports)
Index(es):
- Date
- Thread