[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
python-certbot-nginx (nor any python-letsencrypt-nginx) was never released on 16.04 so cannot regress. Michael didn't include it in his SRU work, so it didn't make this update and isn't expected to do so in the future either. ** Changed in: python-certbot-nginx (Ubuntu Xenial) Status: In Progress => Invalid ** Changed in: python-certbot-nginx (Ubuntu Xenial) Assignee: Michael Casadevall (mcasadevall) => (unassigned) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: Invalid Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of our users auto-update, these tend to be reported and fixed quickly in point releases. For instance, regressions in 0.9.0 were fixed in 0.9.1, 0.9.2 and 0.9.3. Certbot 0.9.3 has been used to issue hundreds of thousands of Certs in the field, so we are fairly confident that no further significant regressions exist in it, and that release is likely to be safe as a Xenial SRU. At least two changes in functionality between 0.4.1 and 0.9.3 do bear specific consideration for Xenial though: Debian has added a "certbot renew" twice-daily cron job to their packages between 0.4.1 and 0.9.3; we believe this is low regression risk (having secondary renewal mechanisms in place is a NOOP) but Xenial packages may want to increase the debconf verbosity to get consent for this from Xenial users who are
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
This bug was fixed in the package python-josepy - 1.1.0-1~ubuntu16.04.1 --- python-josepy (1.1.0-1~ubuntu16.04.1) xenial; urgency=medium [ Robie Basak ] * This update is part of the set of major updates moving Let's Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to continue working following the general shutdown of TLS-SNI-01 validation (LP: #1640978). [ Michael Casadevall ] * Backport SRU dependency for certbot backport -- Robie Basak Fri, 22 Feb 2019 12:38:36 + ** Changed in: python-josepy (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of our users auto-update, these tend to be reported and fixed quickly in point releases. For instance, regressions in 0.9.0 were fixed in 0.9.1, 0.9.2 and 0.9.3. Certbot 0.9.3 has been used to issue hundreds of thousands of Certs in the field, so we are fairly confident that no further significant regressions exist in it, and that release is likely to be safe as a Xenial SRU. At least two changes in functionality between 0.4.1 and 0.9.3 do bear specific consideration for Xenial though: Debian has added a "certbot renew" twice-daily cron job to their packages between 0.4.1 and 0.9.3; we believe this is low
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
This bug was fixed in the package python-acme - 0.22.2-1ubuntu0.1~16.04.1 --- python-acme (0.22.2-1ubuntu0.1~16.04.1) xenial; urgency=medium [ Robie Basak ] * This update is part of the set of major updates moving Let's Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to continue working following the general shutdown of TLS-SNI-01 validation (LP: #1640978). * This package is a dependency of Certbot and using the 0.22 version in Bionic is the most straightforward backport choice. Version 0.22 of this package is sufficient to fulfil the dependency requirement for Certbot 0.23. [ Michael Casadevall ] * Backport to Xenial for LE change -- Robie Basak Fri, 22 Feb 2019 12:41:07 + ** Changed in: python-letsencrypt-apache (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of our users auto-update, these tend to be reported and fixed quickly in point releases. For instance, regressions in 0.9.0 were fixed in 0.9.1, 0.9.2 and 0.9.3. Certbot 0.9.3 has been used to issue hundreds of thousands of Certs in the field, so we are fairly confident that no further significant regressions exist in it, and that release is likely to be safe as a Xenial SRU. At least
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
This bug was fixed in the package python-letsencrypt-apache - 0.7.0-0ubuntu0.16.04.1 --- python-letsencrypt-apache (0.7.0-0ubuntu0.16.04.1) xenial; urgency=medium [ Robie Basak ] * This update is part of the set of major updates moving Let's Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to continue working following the general shutdown of TLS-SNI-01 validation (LP: #1640978). * The new source package python-certbot-apache takes over this package's functions. [ Michael Casadevall ] * Replace python-letsencrypt-apache with a compatibility shim -- Robie Basak Fri, 22 Feb 2019 12:43:04 + ** Changed in: python-certbot (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of our users auto-update, these tend to be reported and fixed quickly in point releases. For instance, regressions in 0.9.0 were fixed in 0.9.1, 0.9.2 and 0.9.3. Certbot 0.9.3 has been used to issue hundreds of thousands of Certs in the field, so we are fairly confident that no further significant regressions exist in it, and that release is likely to be safe as a Xenial SRU. At least two changes in functionality between 0.4.1 and 0.9.3 do bear specific consideration for Xenial though:
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
This bug was fixed in the package python-letsencrypt - 0.7.0-0ubuntu0.16.04.1 --- python-letsencrypt (0.7.0-0ubuntu0.16.04.1) xenial; urgency=medium [ Robie Basak ] * This update is part of the set of major updates moving Let's Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to continue working following the general shutdown of TLS-SNI-01 validation (LP: #1640978). * The new source package python-certbot takes over this package's functions, with binary packages certbot, python-certbot and python-certbot-doc taking over respectively. * The following two functional changes are additionally made: - Log rotation is switched to logrotate via /etc/logrotate.d/certbot, and /etc/letsencrypt/cli.ini is introduced to disable internal log rotation to avoid collision. - Automatic renewal is enabled via the certbot.timer and certbot.service systemd units. [ Michael Casadevall ] * Replace python-letsencrypt with a compatibility shim -- Robie Basak Fri, 22 Feb 2019 12:42:44 + ** Changed in: python-letsencrypt (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: python-acme (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
This bug was fixed in the package python-certbot - 0.23.0-1~ubuntu16.04.1 --- python-certbot (0.23.0-1~ubuntu16.04.1) xenial; urgency=medium [ Robie Basak ] * This update is part of the set of major updates moving Let's Encrypt/Certbot to version 0.23 in 16.04 in order to allow it to continue working following the general shutdown of TLS-SNI-01 validation (LP: #1640978). * This new source package takes over the function of the previous source package python-letsencrypt, with binary packages certbot, python-certbot and python-certbot-doc taking over respectively. * The following two functional changes are additionally made: - Log rotation is switched to logrotate via /etc/logrotate.d/certbot, and /etc/letsencrypt/cli.ini is introduced to disable internal log rotation to avoid collision. - Automatic renewal is enabled via the certbot.timer and certbot.service systemd units. [ Michael Casadevall ] * Backport to Xenial -- Robie Basak Fri, 22 Feb 2019 12:41:51 + ** Changed in: python-certbot-apache (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: Fix Released Status in python-certbot source package in Xenial: Fix Released Status in python-certbot-apache source package in Xenial: Fix Released Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: Fix Released Status in python-letsencrypt source package in Xenial: Fix Released Status in python-letsencrypt-apache source package in Xenial: Fix Released Bug description: [Impact] Certbot (formerly called Let's Encrypt, as released in Xenial) will stop working on 13 March 2019 when TLS-SNI-01 validation is turned off by the primary Let's Encrypt CA. This will make the package effectively useless for just about all users. [Development Fix] Newer validation options are present in the packages in Bionic onwards, including Disco. [Stable Fix] For Xenial, we are backporting the version of Certbot in Bionic. Note that this update includes two important functional changes: 1) Automatic renewal is being enabled. 2) Log rotation is switching to being handled by logrotate. See the discussion in this bug for details. Since the upstream project has been renamed from "Let's Encrypt" to "Certbot" to better differentiate between the tooling and the CA, the /usr/bin/certbot command will become available. However, a compatibility symlink is provided under the old name /usr/bin/letsencrypt. [Test Case] Upstream have an extensive test suite and are participating in this SRU to help us validate and land it. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process and https://wiki.ubuntu.com/StableReleaseUpdates/Certbot/TestScript In addition, we will test the upgrade path from the Xenial release pocket to proposed explicitly. [Regression Potential] The Certbot team has viewed breakage of existing workflows (especially ones that may be automated) as a serious issue, has strived to avoid them, and has treated workflow changes as regressions where it has occurred. We have the following test suites in place for Certbot: * Nosetest unit tests with coverage for each module between 97% and 100%; *test.py in the relevant tree. * Integration tests that run Certbot against the current copy of Let's Encrypt's serverside boulder codebase. These require docker and are a little more involved to run. See tests/boulder_integration.sh for instructions. * "Compatibility tests" that run the Apache and Nginx plugins against corpora of configuration files for those webservers; these live in certbot-compatibility-test/ * Test farm tests, which we use to check that our releases run correctly on a wide range of platforms. These spin up Amazon EC2 instances for numerous OSes and run various tests on them. They live in tests/letstest We recommend that Ubuntu run the first of these test suites during build (but we believe the Debian packages already do that). All of these tests mitigate the risk of regressions in our releases; nonetheless, some regressions do slip past. Because many of our users auto-update, these tend to be reported and fixed quickly in point releases. For
[Group.of.nepali.translators] [Bug 1640978] Re: [SRU] Backport letsencrypt from bionic
FTR, I spotted a couple of things that turned out to be non-issues: 1) The letsencrypt binary has become a symlink and moved to the certbot binary package. This needs a Breaks/Replaces, which does exist but doesn't cover the version of letsencrypt currently in xenial-proposed. However this isn't a problem because the movement had happened prior to the version in xenial-proposed. 2) We're still shipping /etc/cron.d/certbot as it is in the Bionic backport source. However it is inert, as intended, since Ubuntu >= Xenial always has systemd (unless you're upgrading from Trusty but haven't rebooted yet). Even if the cron job did run, it wouldn't be a problem. ** Also affects: python-josepy (Ubuntu) Importance: Undecided Status: New ** Changed in: python-josepy (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640978 Title: [SRU] Backport letsencrypt from bionic Status in python-acme package in Ubuntu: Fix Released Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot-apache package in Ubuntu: Fix Released Status in python-certbot-nginx package in Ubuntu: Fix Released Status in python-josepy package in Ubuntu: Fix Released Status in python-acme source package in Xenial: In Progress Status in python-certbot source package in Xenial: In Progress Status in python-certbot-apache source package in Xenial: In Progress Status in python-certbot-nginx source package in Xenial: In Progress Status in python-josepy source package in Xenial: New Status in python-letsencrypt source package in Xenial: In Progress Status in python-letsencrypt-apache source package in Xenial: In Progress Bug description: This bug contains a list of known major and other issues fixed between upstream letsencrypt 0.4.1 and the latest version, certbot 0.9.3 (the project has also been renamed to avoid confusion between the python client software and the Let's Encrypt CA service). [Impact] MAJOR BUGS FIXED https://github.com/certbot/certbot/issues/2750 letsencrypt < 0.5.0 was not compatible with future configuration files, so users who run certbot-auto then downgrade to the Xenial packages will encounter errors. https://github.com/certbot/certbot/issues/2709 Failure to remember choices of authenticator plugins for renewal operation. This would essentially make "letsencrypt renew" useless on Xenial. Numerous less severe automated renewal-related bugs fixed in subsequent releases: https://github.com/certbot/certbot/issues?utf8=%E2%9C%93=is%3Aissue%20milestone%3A0.5.0%20is%3Aclosed%20label%3Arenewal%20 https://github.com/certbot/certbot/issues?q=is%3Aissue+milestone%3A0.7.0+is%3Aclosed+label%3Arenewal https://github.com/certbot/certbot/issues?utf8=%E2%9C%93=is%3Aissue%20milestone%3A0.6.0%20is%3Aclosed%20label%3Arenewal%20 https://github.com/certbot/certbot/issues?utf8=%E2%9C%93=is%3Aissue%20milestone%3A0.8.1%20is%3Aclosed%20label%3Arenewal%20 https://github.com/certbot/certbot/issues?utf8=%E2%9C%93=is%3Aissue%20milestone%3A0.9.0%20is%3Aclosed%20label%3Arenewal%20 https://github.com/certbot/certbot/issues/2613 Failure to handle IPv6 Virtual hosts in Apache configurations https://github.com/certbot/certbot/issues/2320 Erroneous behaviour with Apache configs that have multiple vhosts in a single file (these are still not supported for cert installation in 0.9.3, but at least produce clear error messages) https://github.com/certbot/certbot/issues/2768 Incompatibility with the specified version of the ACME protocol, preventing the Let's Encrypt serverside code from following it correctly https://github.com/certbot/certbot/issues/2731 Failure to parse Plesk's apache config files https://github.com/certbot/certbot/issues/1243 Apache plugin errors out when transformations to a configuration turn out to be a no-op. https://github.com/certbot/certbot/issues/3210 Incorrect handling of RewriteCond directives when trying to avoid Apache inifinite redirect loops https://github.com/certbot/certbot/issues/1833 Problems running Apache renewal in cron due to cron's default PATH UX: fail to re-ask for email address if the first one seems invalid: https://github.com/certbot/certbot/issues/2675 UX: when re-running is a NOOP (due to renewal not being needed yet), print an explanation: https://github.com/certbot/certbot/issues/1918 OTHER BUGS FIXED Reduce the risk of incorrect or corrupt state in case of control-C interrupts: https://github.com/certbot/certbot/issues/3219 Failure to correctly parse certain rewrite directives in Apache configs: https://github.com/certbot/certbot/issues/2735 Failure to correctly enable HTTP -> HTTPS redirects in some Apache configs:
