Package: letsencrypt.sh Version: 0.2.0-4 Severity: grave Tags: upstream patch Justification: renders package unusable
Dear maintainer, Since openssl 1.1 has migrated to stretch I am unable to renew my Let's Encrypt certificates using letsencrypt.sh. The symptoms are: + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... unable to load certificate 139783378379904:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101: What happens is that openssl is used with the same file/path for the "-in" and "-out" arguments to openssl when converting the downloaded issuer certificates from DER to PEM format. This produces the above error message and results in a 0-byte chain.pem file. The bug is fixed upstream in: https://github.com/lukas2511/dehydrated/commit/7eca8aec5a6679ce5ca507386687d130cc38ce23 Regards, Chris -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages letsencrypt.sh depends on: ii curl 7.50.1-1 ii openssl 1.1.0c-2 letsencrypt.sh recommends no packages. letsencrypt.sh suggests no packages. -- no debconf information -- debsums errors found: debsums: changed file /usr/bin/letsencrypt.sh (from letsencrypt.sh package)