renewal: fix key_type not being preserved on <v1.25.0 renewal configs #9636
Conversation
|
@hlieberman, I think you should try to backport this to the Certbot package in bookworm. Is that feasible? Without this, when people update to Certbot in bookworm from an older version of Debian and the included cron job/systemd timer runs and renews their certificates, their certificates will switch from using RSA keys to ECDSA keys which definitely wasn't our intention. This PR seems to apply cleanly to Certbot 2.1.0 after doing something about changelog conflicts and also applying this minor change. |
Definitely. Just sent 2.1.0-3 with that patch in it; will take about 10 days or so to make its way into bookworm. |
|
Thanks so much for the quick response and help Harlan. I think you just prevented a lot of headaches. |
|
@hlieberman I am seeing the patch in Debian sid but not yet bookworm, is everything still tracking OK for its inclusion? One of our users encountered this bug today, unfortunately. |
|
Yes, it is; unfortunately, it still has 10 days left. I can ping the
release managers to see if they'd be willing to do a manual migration.
…On Tue, Apr 25, 2023 at 10:16 PM alexzorin ***@***.***> wrote:
@hlieberman <https://github.com/hlieberman> I am seeing the patch in
Debian sid but not yet bookworm, is everything still tracking OK for its
inclusion?
One of our users encountered this bug today, unfortunately.
—
Reply to this email directly, view it on GitHub
<#9636 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFNWXKWP3FBLRG2KTV544DXDBEMNANCNFSM6AAAAAAWJWBZKU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Harlan Lieberman-Berg
~hlieberman
|
|
Thanks for the update! I think it will be fine to wait the remaining 10 days. |
Fixes #9635.
We may wish to backport this to Certbot 2.1.0 in order to have it land in https://packages.debian.org/bookworm/python3-certbot.