[Letsencrypt-devel] Bug#846319: letsencrypt.sh: Fails to create fullchain.pem
Chris Boot
bootc at debian.org
Wed Nov 30 09:26:23 UTC 2016
Package: letsencrypt.sh
Version: 0.2.0-4
Severity: grave
Tags: upstream patch
Justification: renders package unusable
Dear maintainer,
Since openssl 1.1 has migrated to stretch I am unable to renew my Let's
Encrypt certificates using letsencrypt.sh. The symptoms are:
+ Challenge is valid!
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
unable to load certificate
139783378379904:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:
What happens is that openssl is used with the same file/path for the
"-in" and "-out" arguments to openssl when converting the downloaded
issuer certificates from DER to PEM format. This produces the above
error message and results in a 0-byte chain.pem file.
The bug is fixed upstream in:
https://github.com/lukas2511/dehydrated/commit/7eca8aec5a6679ce5ca507386687d130cc38ce23
Regards,
Chris
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages letsencrypt.sh depends on:
ii curl 7.50.1-1
ii openssl 1.1.0c-2
letsencrypt.sh recommends no packages.
letsencrypt.sh suggests no packages.
-- no debconf information
-- debsums errors found:
debsums: changed file /usr/bin/letsencrypt.sh (from letsencrypt.sh package)
More information about the Letsencrypt-devel
mailing list