|Summary:||LibreSSL breaks certbot renewal of certificates issued since April|
|Product:||Ports & Packages||Reporter:||K J Petrie <freebsd-bugzilla.bugs>|
|Component:||Individual Port(s)||Assignee:||Bernard Spil <brnrd>|
|Severity:||Affects Some People||Flags:||bugzilla:
Description K J Petrie 2018-06-14 19:39:46 UTC
If security/certbot and its dependencies are compiled against security/libressl, renewal of certificates issued since late March by Let's Encrypt fails with the message: "The <ObjectIdentifier(oid=220.127.116.11.4.1.1118.104.22.168, name=Unknown OID)> extension is invalid and can’t be parsed. Skipping. All renewal attempts failed. The following certs could not be renewed:" This is caused by Let's Encrypt adding an extension to the certificate which is not recognised by LibreSSL. To reproduce: ensure LibreSSL is in use for certbot's dependencies and enter: "certbot renew --dry-run".
Comment 1 K J Petrie 2018-06-15 00:13:59 UTC
Has this bug just bitten the forum? Its cert has expired.