Bug 211798 - security/letskencrypt: urgent fix to renew certs after LE license agreement update
Summary: security/letskencrypt: urgent fix to renew certs after LE license agreement u...
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: Bernard Spil
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-12 22:40 UTC by Dave Cottlehuber
Modified: 2016-08-19 21:09 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (brnrd)
koobs: merge-quarterly?

Attachments
v1 patch (1.56 KB, text/plain)
2016-08-12 22:40 UTC, Dave Cottlehuber 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Cottlehuber freebsd_committer freebsd_triage 2016-08-12 22:40:35 UTC 
Created attachment 173614 [details]
v1 patch

The upstream LetsEncrypt.org licence changed on 1 August, and the API requires agreeing to that specific doc via a new URL. Without this change, certs cannot be renewed. The error message is also not clear, so much pain was shed working through this...

Upstream letsKencrypt has this in https://github.com/kristapsdz/letskencrypt/commit/0debf74f89a84b21b031c15075a7b85af9b682f8 and the -portable version now does too.

This patch switches to git for the moment until it's tagged.

# QA

- WorksForME
- poudriere ok on 11.0-CURRENT-amd64
- portlint is fine
- updated PORTREVISION might need review
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-08-12 23:18:08 UTC 
A commit references this bug:

Author: brnrd
Date: Fri Aug 12 23:17:59 UTC 2016
New revision: 420150
URL: https://svnweb.freebsd.org/changeset/ports/420150

Log:
  security/letskencrypt: Allow configurable license agreement

    - Backport upstream fixes for -a option (license agreement URL)
    - Bump PORTREVISION

  PR:             211798
  Submitted by:   Dave Cottlehuber <dch@skunkwerks.at>
  Reported by:    Dave Cottlehuber <dch@skunkwerks.at>

Changes:
  head/security/letskencrypt/Makefile
  head/security/letskencrypt/files/patch-extern.h
  head/security/letskencrypt/files/patch-letskencrypt.1
  head/security/letskencrypt/files/patch-main.c
  head/security/letskencrypt/files/patch-netproc.c
  head/security/letskencrypt/files/pkg-message.in
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-13 05:06:32 UTC 
Shouldn't this be merged, or are quarterly users not affected?
Comment 3 Dave Cottlehuber freebsd_committer freebsd_triage 2016-08-13 06:38:23 UTC 
Yes. I am sure that without this patch is it impossible to create new certificates, both in staging and in production. I am not 100% sure if this is related to my unsuccessful renewal though - still working on that.
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2016-08-13 09:25:35 UTC 
I believe this is only for new account keys not for issuance or renewal of new certificates. I've issued a new certificate (added the SAN names) on 2016-08-08 without problems.

Found an error in my commit as well. The files/pkg-message.in addition is unneccessary as the new default URL is OK (i.e. v1.1.1)
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-08-13 14:46:11 UTC 
A commit references this bug:

Author: brnrd
Date: Sat Aug 13 14:45:45 UTC 2016
New revision: 420161
URL: https://svnweb.freebsd.org/changeset/ports/420161

Log:
  security/letskencrypt: Fix pkg-message

    - Remove unneeded license agreement warning from pkg-message
    - Fix broken example script while here

  PR:		211798

Changes:
  head/security/letskencrypt/files/letskencrypt.sh.sample.in
  head/security/letskencrypt/files/pkg-message.in