Bug 2245648

Summary: Backport of Certbot 2.7.2 due to significant issue with OVH dns-01 challenges
Product: [Fedora] Fedora Reporter: KrisMa <jkmakowka>
Component: certbotAssignee: Nick Bebout <nb>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 38CC: anon.amish, certbot-sig, luk.claes, nb
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: https://github.com/certbot/certbot/issues/9799
Whiteboard:
Fixed In Version: certbot-2.8.0-1.fc39 certbot-2.8.0-1.fc38 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-12-27 01:29:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description KrisMa 2023-10-23 12:43:23 UTC 
The OVH DNS service changed the response to dns-01 challenges, which makes certificate update fail. As only dns-01 challenges allow creating wildcard certs this is quite critical to fix and these Letsencrypt certificates will expire very soon.

This was fixed in Certbot 2.7.2 which is already in Fedora Rawhide but due to the severity and time critical issue, needs to be backported to 37/38/39.

Reproducible: Always

Steps to Reproduce:
1. try making a dns-01 certificate challenge with OVH
2. Fails with "certbot-dns-ovh failed with Error adding TXT record: Expecting value: line 1 column 1 (char 0)" error
Actual Results:  
certbot-dns-ovh failed with Error adding TXT record: Expecting value: line 1 column 1 (char 0)

Expected Results:  
Sould update TXT records for dns-01 challenge to succeed.

https://github.com/certbot/certbot/issues/9799
Comment 1 Fedora Update System 2023-12-18 19:56:42 UTC 
FEDORA-2023-b063951e19 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-b063951e19
Comment 2 Fedora Update System 2023-12-19 01:42:42 UTC 
FEDORA-2023-b692f5e737 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-b692f5e737`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b692f5e737

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 3 Fedora Update System 2023-12-19 01:54:22 UTC 
FEDORA-2023-b063951e19 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-b063951e19`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b063951e19

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2023-12-27 01:29:43 UTC 
FEDORA-2023-b063951e19 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 5 Fedora Update System 2023-12-27 03:17:37 UTC 
FEDORA-2023-b692f5e737 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.