CertBot is happily compiling against OpenSSL 3 from ports, but when running 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not understand the OpenSSL 3 calls made to it.
From what I understood, this was due to an error/regression in pkgconf(?) which causes some type of 'path reversal' that causes py-crypto to ignore the OpenSSL it was compiled against, favoring the base system library.
I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from ports in order to renew certificates, or wait for "any movement" in getting the path reversal addressed/fixed.
So: does anyone know where we're at with this?
OpenPGP_signature.asc
Description: OpenPGP digital signature