Your message dated Sat, 16 May 2026 10:23:18 +0000
with message-id <[email protected]>
and subject line Released with 13.5
has caused the Debian Bug report #1132949,
regarding trixie-pu: package python-certbot/4.0.0-2+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132949: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132949
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:python-certbot
User: [email protected]
Usertags: pu
Hello release team!
As per #1125267, currently the version of certbot in trixie does not properly
handle renewals when you have requested a particular profile of certificate
(e.g., a shortlived cert). This imports a patch from upstream which fixes this
bug.
I've tested the patch and verified both that the renewal does not happen
correctly in the current version, and does correctly happen with the proposed
update. In addition, the autopkgtest suite runs an automated check that goes
through the entire certificate issuance lifecycle for both the http-01, apache,
and nginx workflows.
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
Sincerely,
--
Harlan Lieberman-Berg
~hlieberman
diff -Nru python-certbot-4.0.0/debian/changelog
python-certbot-4.0.0/debian/changelog
--- python-certbot-4.0.0/debian/changelog 2025-05-25 11:27:29.000000000
-0400
+++ python-certbot-4.0.0/debian/changelog 2026-04-04 20:36:10.000000000
-0400
@@ -1,3 +1,9 @@
+python-certbot (4.0.0-2+deb13u1) trixie; urgency=medium
+
+ * Import patch to store profile in renewal (Closes: #1125267)
+
+ -- Harlan Lieberman-Berg <[email protected]> Sat, 04 Apr 2026 20:36:10
-0400
+
python-certbot (4.0.0-2) unstable; urgency=medium
* autopkgtests: drop manual IP flag no longer used
diff -Nru python-certbot-4.0.0/debian/patches/0002-store-profile.patch
python-certbot-4.0.0/debian/patches/0002-store-profile.patch
--- python-certbot-4.0.0/debian/patches/0002-store-profile.patch
1969-12-31 19:00:00.000000000 -0500
+++ python-certbot-4.0.0/debian/patches/0002-store-profile.patch
2026-04-04 20:33:56.000000000 -0400
@@ -0,0 +1,53 @@
+From 6a590e970efb7ba6c51bc74708c6507ae3a511d3 Mon Sep 17 00:00:00 2001
+From: Jacob Hoffman-Andrews <[email protected]>
+Date: Mon, 5 May 2025 17:15:56 -0700
+Subject: [PATCH] store preferred/required_profile in renewal config
+
+This ensures that renewals of certificates will use the same profile settings.
+---
+ CHANGELOG.md | 2 ++
+ certbot/_internal/renewal.py | 3 ++-
+ certbot/_internal/tests/storage_test.py | 6 ++++++
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+Index: python-certbot/certbot/_internal/renewal.py
+===================================================================
+--- python-certbot.orig/certbot/_internal/renewal.py
++++ python-certbot/certbot/_internal/renewal.py
+@@ -45,7 +45,8 @@ logger = logging.getLogger(__name__)
+ STR_CONFIG_ITEMS = ["config_dir", "logs_dir", "work_dir", "user_agent",
+ "server", "account", "authenticator", "installer",
+ "renew_hook", "pre_hook", "post_hook", "http01_address",
+- "preferred_chain", "key_type", "elliptic_curve"]
++ "preferred_chain", "key_type", "elliptic_curve",
++ "preferred_profile", "required_profile"]
+ INT_CONFIG_ITEMS = ["rsa_key_size", "http01_port"]
+ BOOL_CONFIG_ITEMS = ["must_staple", "allow_subset_of_names", "reuse_key",
+ "autorenew"]
+Index: python-certbot/certbot/_internal/tests/storage_test.py
+===================================================================
+--- python-certbot.orig/certbot/_internal/tests/storage_test.py
++++ python-certbot/certbot/_internal/tests/storage_test.py
+@@ -122,16 +122,22 @@ class RelevantValuesTest(unittest.TestCa
+ namespace = cli.prepare_and_parse_args(PLUGINS, [
+ '--allow-subset-of-names',
+ '--authenticator', 'apache',
++ '--preferred-profile', 'fancyprofile',
+ ])
+ expected_relevant_values = {
+ 'server': constants.CLI_DEFAULTS['server'],
+ 'key_type': 'ecdsa',
+ 'allow_subset_of_names': True,
+ 'authenticator': 'apache',
++ 'preferred_profile': 'fancyprofile',
+ }
+
+ assert relevant_values(namespace) == expected_relevant_values
+
++ def test_with_required_profile(self):
++ self.values["required_profile"] = "shortlived"
++ expected_relevant_values = self.values.copy()
++ assert self._call(self.values) == expected_relevant_values
+
+ class BaseRenewableCertTest(test_util.ConfigTestCase):
+ """Base class for setting up Renewable Cert tests.
diff -Nru python-certbot-4.0.0/debian/patches/series
python-certbot-4.0.0/debian/patches/series
--- python-certbot-4.0.0/debian/patches/series 2025-05-24 15:24:46.000000000
-0400
+++ python-certbot-4.0.0/debian/patches/series 2026-04-04 20:33:16.000000000
-0400
@@ -1 +1,2 @@
0001-remove-external-images.patch
+0002-store-profile.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 13.5
This update has been released as part of Debian 13.5.
--- End Message ---
