If security/certbot and its dependencies are compiled against security/libressl, renewal of certificates issued since late March by Let's Encrypt fails with the message:
"The <ObjectIdentifier(oid=18.104.22.168.4.1.1122.214.171.124, name=Unknown OID)> extension is invalid and can’t be parsed. Skipping.
All renewal attempts failed. The following certs could not be renewed:"
This is caused by Let's Encrypt adding an extension to the certificate which is not recognised by LibreSSL.
ensure LibreSSL is in use for certbot's dependencies and enter:
"certbot renew --dry-run".
Has this bug just bitten the forum? Its cert has expired.