The Certbot packages in Ubuntu 16.04 will stop working on 13 March 2019. Updates to fix this problem are now ready for testing. Please help us test!
The change described at March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support will make many users of the the Ubuntu 16.04 letsencrypt packages unable to obtain new certificates. Newer Ubuntu releases package versions of Certbot that implement alternate validation methods and are not affected.
In Ubuntu 16.04 we are addressing this by backporting the existing Certbot packaging from Ubuntu 18.04. Proposed updates for 16.04 are now available and will be released to the usual update channels when they have received sufficient testing and validation.
Please help us test these packages on 16.04. Reports of both success and failure are appreciated. Please include details of how you tested, including the package versions used and any specifics of your environment to https://launchpad.net/bugs/1640978
To test:
To avoid upgrading wholesale to the proposed pocket (doing so may break your system), ensure that apt is pinned from doing so by making sure that a file exists in /etc/apt/preferences.d/, for example /etc/apt/preferences.d/proposed-updates, as follows:
Package: *
Pin: release a=xenial-proposed
Pin-Priority: 400
Allow apt to upgrade all the packages provided in this Certbot update by creating /etc/apt/preferences.d/certbot-proposed as follows:
Package: python-acme-doc python-acme python3-acme certbot letsencrypt python-certbot-doc python-certbot python-certbot-apache python-certbot-apache-doc python-josepy-doc python-josepy python3-josepy python-letsencrypt python-letsencrypt-apache
Pin: release a=xenial-proposed
Pin-Priority: 500
Make sure the following line exists in your /etc/apt/sources.list (or in a file in /etc/apt/sources.list.d/):
deb http://archive.ubuntu.com/ubuntu/ xenial-proposed main universe
(other components such as restricted and multiverse may also be present).
Now you may simply apt update and apt upgrade as usual and apt will upgrade to this proposed update ready for testing.
Reports of both success and failure are appreciated. Please include details of how you tested, including the package versions used and any specifics of your environment. You can generate the status and versions of all the Certbot-related packages with the following command:
dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${version}\n' python-acme-doc python-acme python3-acme certbot letsencrypt python-certbot-doc python-certbot python-certbot-apache python-certbot-apache-doc python-josepy-doc python-josepy python3-josepy python-letsencrypt python-letsencrypt-apache
Please add testing reports to the Launchpad tracking bug at: https://launchpad.net/bugs/1640978