Certificate renewal issue: OpenSSL legacy provider failed to load @ FreeBSD amd64

Continuing the discussion from Certificate renewal issue: OpenSSL legacy provider failed to load:

My domain is
epopen.com

I ran this command:
certbot of cron weekly.

It produced this output (From weekly run output report mail):
Renewing Let's Encrypt certificates:
:241: Warning: OpenSSL 3's legacy provider failed to load. Legacy algorithms will not be available. If you need those algorithms, check your OpenSSL configuration.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/epopen.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for epopen.com and *.epopen.com
Waiting 30 seconds for DNS changes to propagate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded: 
  /usr/local/etc/letsencrypt/live/epopen.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
 Remove 'Let's Encrypt's out of date automatic generated files successfully.

The operating system my web server runs on is (include version):
FreeBSD 15.0-RELEASE amd64

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
# /usr/local/bin/certbot-3.11 --version
:241: Warning: OpenSSL 3's legacy provider failed to load. Legacy algorithms will not be available. If you need those algorithms, check your OpenSSL configuration.
certbot 4.2.0

Hi All

My server using certbot for renewal periodically.
OpenSSL v3.5.6 build myself without legacy provider.
Follows previous discussion, the issue fixed by certbot I think, but occurred in my system.

I tried provided environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY from discussion iis work as follows
# setenv CRYPTOGRAPHY_OPENSSL_NO_LEGACY 1
# /usr/local/bin/certbot-3.11 --version
certbot 4.2.0
Is this proper solution with me?

Thanks all very much.

The previous discussion was about Certbot crashing on certain systems. And, that was fixed.

It looks like you are just getting a warning message. Certbot is running and renewing your certs. The message seems fair as you can't use legacy ciphers with openssl configured as you have it. Your system only allows TLS v1.3 so you wouldn't use those very old ciphers anyway. I agree the message seems unnecessary but it is not harmful.

Are you just bothered by this warning message?

You should be running Certbot at least daily and better is twice a day. See the guide here: User Guide — Certbot 5.6.0.dev0 documentation

It describes a cronjob that runs twice a day with various amounts of sleep to avoid running at especially busy times (like the top of each hour)

Hi @MikeMcQ

Yes, you are right, I'm checked certs and renew all fine.
I'll ignore the warning message.

Thanks your suggestion, I'll adjustment certbot run time follow you.