[Letsencrypt-devel] Bug#846319: letsencrypt.sh: Fails to create fullchain.pem

Chris Boot bootc at debian.org
Wed Nov 30 09:26:23 UTC 2016

Package: letsencrypt.sh
Version: 0.2.0-4
Severity: grave
Tags: upstream patch
Justification: renders package unusable

Dear maintainer,

Since openssl 1.1 has migrated to stretch I am unable to renew my Let's
Encrypt certificates using letsencrypt.sh. The symptoms are:

 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
unable to load certificate
139783378379904:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:

What happens is that openssl is used with the same file/path for the
"-in" and "-out" arguments to openssl when converting the downloaded
issuer certificates from DER to PEM format. This produces the above
error message and results in a 0-byte chain.pem file.

The bug is fixed upstream in:


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages letsencrypt.sh depends on:
ii  curl     7.50.1-1
ii  openssl  1.1.0c-2

letsencrypt.sh recommends no packages.

letsencrypt.sh suggests no packages.

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/bin/letsencrypt.sh (from letsencrypt.sh package)

More information about the Letsencrypt-devel mailing list