If security/certbot and its dependencies are compiled against security/libressl, renewal of certificates issued since late March by Let's Encrypt fails with the message: "The <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=Unknown OID)> extension is invalid and can’t be parsed. Skipping. All renewal attempts failed. The following certs could not be renewed:" This is caused by Let's Encrypt adding an extension to the certificate which is not recognised by LibreSSL. To reproduce: ensure LibreSSL is in use for certbot's dependencies and enter: "certbot renew --dry-run".
Has this bug just bitten the forum? Its cert has expired.