[Letsencrypt-devel] Bug#833494: acmetool: Does not correctly respond to changes in an ACME server's preferred agreement

Uwe Steinmann uwe at steinmann.cx
Fri Aug 5 06:35:42 UTC 2016 

Package: acmetool
Version: 0.0.54-1
Severity: important

Dear Maintainer,

Current version of acmetool has a problem with the agreement.

20160805081346 [CRITICAL] acmetool: fatal: reconcile: the following errors occurred:
error satisfying Target(xxxxxxx;https://acme-v01.api.letsencrypt.org/directory;0):
HTTP error: 400 Bad Request
map[Server:[nginx] Content-Type:[application/problem+json]
Boulder-Request-Id:[a8pizmxmElGgUHEUJwrrXaRRBPe-0updqBrZuKCauHo]
Pragma:[no-cache] Date:[Fri, 05 Aug 2016 06:13:46 GMT]
Content-Length:[265] Boulder-Requester:[1885796]
Replay-Nonce:[sKseTFb9KB-a6mkcMJs6ugOG3XwzaA-fUrwleqYiy38] Expires:[Fri,
05 Aug 2016 06:13:46 GMT] Cache-Control:[max-age=0, no-cache, no-store]]
{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL
		[https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf]
		does not match current agreement URL
		[https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]",
  "status": 400
}

This seems to have the same source as #833336 and acmetool 0.0.55 fixes
it according to the changelog:

Fixes #191, whereby acmetool did not correctly respond to changes in an
ACME server's preferred agreement. This is an important update and should
be applied promptly, as it causes autorenewal to fail (though by design,
acmetool requires intervention to agree to new agreements anyway).


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages acmetool depends on:
ii  libc6    2.23-4
ii  libcap2  1:2.25-1

Versions of packages acmetool recommends:
ii  dialog  1.3-20160424-1

acmetool suggests no packages.

-- no debconf information

More information about the Letsencrypt-devel mailing list