Description of problem: The ACMEv1 will reach end of life in June 2020 and certificate will not be regenerated anymore. An update was already needed in the past because of a bug : https://bugs.mageia.org/show_bug.cgi?id=21742 Version 2.0.0 is out and I pushed it in cauldron and 7/updates_testing. It works with letsencrypt.org ACMEv2 API. Step to install with 2.0.0: 1. acme conf example.com=www.example.com 2. exemple.com and www.example.com point with a A, AAAA or resolved CNAME record on current server 3. verify /etc/acme/config file 4. verify web server configuration in /etc/httpd/conf/vhosts.d/acme.conf for apache 5. "http://example.com/.well-known/acme-challenge/something" returns "something." 6. run "acme cert" to generate certificate 7. setup daily cron with command "acme cron" to refresh certificate when required Version-Release number of selected component (if applicable): 1.1-1.mga7 1.1-2.mga7 1.2-1.mga7 1.* How reproducible: Always in June 2020 Steps to Reproduce: 1. Install acme 2. Configure /etc/acme/config like described in https://bugs.mageia.org/show_bug.cgi?id=21742 3. It will fail in June 2020
The format and syntax of the configuration file /etc/acme/config remain the same in both v1.x & v2.x If an user installed a custom cron, it will be required to change the command line from: /usr/bin/acmecron to : /usr/bin/acme cron If requested, it may be possible to add a transparent script to do that.
I think it would be better to add a symlink from the old name to the new name.
CC: (none) => davidwhodgins
Doesn't look like it has changed the command name ... # urpmq -l acme|grep cron /usr/bin/acmecron /usr/share/man/man1/acmecron.1 /usr/share/man/man1/acme-cron.1 /usr/bin/acmecron /usr/share/man/man1/acmecron.1 /usr/share/man/man1/acme-cron.1 ]# urpmq -i acme|grep ^Source|sort -uV Source RPM : acme-1.1-2.mga7.src.rpm Source RPM : acme-2.0.0-1.mga7.src.rpm
Thank you Ralph for the alert, and your work to put the matter right. Assigning the bug to you as the registered & real maintainer. Thanks also Dave for your comments.
Assignee: bugsquad => mageia
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA7-64-OK
I am unable to publish an advisory, joining in next comment.
Whiteboard: MGA7-64-OK => (none)Keywords: advisory, validated_update => (none)
Created attachment 11599 [details] Advisory for acme I checked certbot seems to be ACMEv2 ready since version 0.30.0 so other packages shouldn't be impacted.
Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA7-64-OK
QA Contact: (none) => mageia
I've committed the advisory in svn. I ran into some problems and had to revert, then re-apply the changes I was making to the advisory. Strangely it now has the line ID: MGAA-2020-0098 at the end, which normally isn't present until after the package has been pushed from testing to updates. Was this package already pushed or not?
I tried to publish it. Advisory should be published as MGAA-2020-0098, but it don't show up on the advisory website. Can someone tell me what I am missing now ?
Understood now. I tried to add the advisory after you posted that you couldn't, hence the conflict. The line "ID: MGAA-2020-0098" is not manually added. It will be added by the robot that's used to push the package from updates testing, to updates. The procedure is that the packager creates the update, writes an advisory as a comment in the bug report, and assigns the bug to qa-bugs@ml.mageia.org. Someone, usually me or tmb adds the advisory to svn, and adds the advisory keyword to the bug report. When a qa team member has tested the update the MGA7-64-OK or MGA7-32-OK whiteboard entry is added. When testing has finished, the validated update keyword is added. The bug report will then be listed in the validated section of https://madb.mageia.org/tools/updates It's then up to a sysadmin to run a script to push the update from testing to updates. That script will only push the update if the bug is assigned to qa, the ok, advisory, and validated entries are there, and the advisory is present in svn. So there are three steps. - The packager creates the package in update testing, including an advisory in a bug report comment. - QA tests the update, and either qa or a sysadmin adds the advisory to svn. - A sysadmin runs the script to push the update, and publish the advisory. I've removed the line ID: MGAA-2020-0098 from the advisory and committed that change to svn. Note that the advisory only lists the updates testing version, not the existing versions, and since Mageia 6 is eol, no updates for it will be issued, or specified in the advisory. Advisory as it now exists in svn ... $ cat 26500.adv type: bugfix subject: Updated acme packages fix Let's Encrypt ACMEv1 June 2020 EOL plan src: 7: core: - acme-2.0.0-1.mga7 description: | Let's Encrypt certification authority has deprecated ACMEv1 API since November 2019. In June 2020 they will stop allowing new domains to validate via ACMEv1 API, in 2021 service will become unreliable until termination in June 2021. The version 2.0.0 of acme implements ACMEv2 API with configuration file compatibility. If you use a custom cron to refresh the certificate please update the command line from: /usr/bin/acmecron to: /usr/bin/acme cron Debug option has been renamed to verbose, please update accordingly when required. NOTE: The commands acmecert, acmeconf and acmecron have been replaced by a single command, acme, which now takes a keyword of cert, conf, or cron. If you use a custom cron to refresh the certificate please update the command line from: /usr/bin/acmecron to: /usr/bin/acme cron references: - https://bugs.mageia.org/show_bug.cgi?id=26500 - https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 - https://git.rapsys.eu/acme/ I'm reassigning the bug to qa so that it will be pushed from updates testing to updates, the next time a sysadmin runs the push script. The advisory will be published to the web site when that script is run.
Assignee: mageia => qa-bugs
The package is already submited in updates_testing, you should have everything if I understood correctly :) Thank's for your help.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2020-0099.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED