If security/certbot and its dependencies are compiled against security/libressl, renewal of certificates issued since late March by Let's Encrypt fails with the message:
"The <ObjectIdentifier(oid=188.8.131.52.4.1.11184.108.40.206, name=Unknown OID)> extension is invalid and can’t be parsed. Skipping.
All renewal attempts failed. The following certs could not be renewed:"
This is caused by Let's Encrypt adding an extension to the certificate which is not recognised by LibreSSL.
ensure LibreSSL is in use for certbot's dependencies and enter:
"certbot renew --dry-run".
Has this bug just bitten the forum? Its cert has expired.
I this still an issue with later versions of LibreSSL?
PR will be closed "Not Enough Information" in by end of July.
(FWIW: I advise acme.sh over py-certbot. Too many dependencies in certbot)
I don't know. I changed certbot's configuration to use openssl rather than libressl the day I reported the bug and have not investigated any further.