Prepared the test env as described above on Bionic and Focal. With the current -release package on renewal I got:
Focal: ubuntu@bos01-amd64-certbot-focal:~$ sudo certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/cb-test-focal.dd-dns.de.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator apache, Installer apache Attempting to renew cert (cb-test-focal.dd-dns.de) from /etc/letsencrypt/renewal/cb-test-focal.dd-dns.de.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/47ae0d179cac064a0853a666b64b9017 does not exist. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/cb-test-focal.dd-dns.de/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/cb-test-focal.dd-dns.de/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Bionic ubuntu@bos01-amd64-certbot-bionic:~$ sudo certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/cb-test-bionic.dd-dns.de.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator apache, Installer apache Attempting to renew cert (cb-test-bionic.dd-dns.de) from /etc/letsencrypt/renewal/cb-test-bionic.dd-dns.de.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/5ece9e900665a4ad152750c4869a6214 does not exist. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/cb-test-bionic.dd-dns.de/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/cb-test-bionic.dd-dns.de/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Upgrading to proposed ... Focal: ubuntu@bos01-amd64-certbot-focal:~$ sudo apt install certbot python3-certbot Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: python3-certbot-nginx python-certbot-doc The following packages will be upgraded: certbot python3-certbot 2 upgraded, 0 newly installed, 0 to remove and 8 not upgraded. Need to get 241 kB of archives. After this operation, 2048 B disk space will be freed. Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/universe amd64 certbot all 0.40.0-1ubuntu0.1 [17.9 kB] Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/universe amd64 python3-certbot all 0.40.0-1ubuntu0.1 [223 kB] Fetched 241 kB in 0s (9692 kB/s) (Reading database ... 96443 files and directories currently installed.) Preparing to unpack .../certbot_0.40.0-1ubuntu0.1_all.deb ... Unpacking certbot (0.40.0-1ubuntu0.1) over (0.40.0-1) ... Preparing to unpack .../python3-certbot_0.40.0-1ubuntu0.1_all.deb ... Unpacking python3-certbot (0.40.0-1ubuntu0.1) over (0.40.0-1) ... Setting up python3-certbot (0.40.0-1ubuntu0.1) ... Setting up certbot (0.40.0-1ubuntu0.1) ... Processing triggers for man-db (2.9.1-1) ... Bionic: ubuntu@bos01-amd64-certbot-bionic:~$ sudo apt install certbot python3-certbot Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: grub-pc-bin Use 'sudo apt autoremove' to remove it. Suggested packages: python3-certbot-nginx python-certbot-doc The following packages will be upgraded: certbot python3-certbot 2 upgraded, 0 newly installed, 0 to remove and 18 not upgraded. Need to get 219 kB of archives. After this operation, 3072 B of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu bionic-proposed/universe amd64 certbot all 0.27.0-1~ubuntu18.04.2 [18.1 kB] Get:2 http://us.archive.ubuntu.com/ubuntu bionic-proposed/universe amd64 python3-certbot all 0.27.0-1~ubuntu18.04.2 [201 kB] Fetched 219 kB in 0s (14.8 MB/s) (Reading database ... 93724 files and directories currently installed.) Preparing to unpack .../certbot_0.27.0-1~ubuntu18.04.2_all.deb ... Unpacking certbot (0.27.0-1~ubuntu18.04.2) over (0.27.0-1~ubuntu18.04.1) ... Preparing to unpack .../python3-certbot_0.27.0-1~ubuntu18.04.2_all.deb ... Unpacking python3-certbot (0.27.0-1~ubuntu18.04.2) over (0.27.0-1~ubuntu18.04.1) ... Setting up python3-certbot (0.27.0-1~ubuntu18.04.2) ... Setting up certbot (0.27.0-1~ubuntu18.04.2) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Then post update recheck the renew: We expect a) for it to work b) the v1 warning c) an adapted cpmfiguration afterwards Focal: ubuntu@bos01-amd64-certbot-focal:~$ sudo certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/cb-test-focal.dd-dns.de.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Using server https://acme-v02.api.letsencrypt.org/directory instead of legacy https://acme-v01.api.letsencrypt.org/directory Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/cb-test-focal.dd-dns.de/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/cb-test-focal.dd-dns.de/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ubuntu@bos01-amd64-certbot-focal:~$ grep api /etc/letsencrypt/renewal/cb-test-focal.dd-dns.de.conf server = https://acme-v02.api.letsencrypt.org/directory Bionic: ubuntu@bos01-amd64-certbot-bionic:~$ sudo certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/cb-test-bionic.dd-dns.de.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Using server https://acme-v02.api.letsencrypt.org/directory instead of legacy https://acme-v01.api.letsencrypt.org/directory Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for cb-test-bionic.dd-dns.de Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/cb-test-bionic.dd-dns.de/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/cb-test-bionic.dd-dns.de/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ubuntu@bos01-amd64-certbot-bionic:~$ grep api /etc/letsencrypt/renewal/cb-test-bionic.dd-dns.de.conf server = https://acme-v02.api.letsencrypt.org/directory So overall it LGTM on both releases. I'll set the tags accordingly and free my test systems. If anyone else can give this some testing in addition that would be awesome! ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal ** Tags added: verification-done verification-done-bionic verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893274 Title: Certbot will stop working for 23,847 users with upcoming Let's Encrypt deprecation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-certbot/+bug/1893274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
