app-crypt/certbot-0.40.1 segfaults on certificate renewal. Reproducible: Always Steps to Reproduce: 1. /usr/bin/certbot renew --keep-until-expiring Actual Results: Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/<<<URL1>>>.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/<<<URL2>>>.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Segmentation fault Expected Results: Expected a successful certificate renewal for <<<URL2>>>. The <<<URL1>>> is not yet due for renewal. --- Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/<<<URL1>>>.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/<<<URL2>>>.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for <<<URL2>>> Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/<<<URL2>>>/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/<<<URL1>>>/fullchain.pem expires on 2020-02-07 (skipped) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/<<<URL2>>>/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This appears to be an issue that upstream has identified with certbot>=0.31 using older dev-python/cryptography. Forcing an upgrade of dev-python/cryptography from 2.6.1 to 2.8 (both stable in portage) solved the problem. > $ emerge -vat1 dev-python/cryptography > [ebuild U ] dev-python/cryptography-2.8::gentoo [2.6.1::gentoo] ... https://github.com/certbot/certbot/issues/6808 The ebuild dependency should be updated > >=dev-python/cryptography-2.8 Thanks!
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f99ef7b5814713f078684634b59456798780a555 commit f99ef7b5814713f078684634b59456798780a555 Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2019-12-21 19:05:16 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2019-12-21 19:05:41 +0000 app-crypt/certbot: update cryptography dep for to 2.8 Fixes: https://bugs.gentoo.org/703490 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> app-crypt/certbot/certbot-9999.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
> app-crypt/certbot/certbot-9999.ebuild | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks for the quick response. I can see you updated certbot-9999. This issue also applies to app-crypt/certbot-0.40.1, as indicated in the bug title.
true, but it'd require a revbump, then a wait for update, It'll be included in the next release bump. Also, 2.8 has been stable for a while so this should not impact most users.
This has been long resolved. We're now at certbot-1.3.0
