2245648 – Backport of Certbot 2.7.2 due to significant issue with OVH dns-01 challenges

Bug 2245648 - Backport of Certbot 2.7.2 due to significant issue with OVH dns-01 challenges

Summary: Backport of Certbot 2.7.2 due to significant issue with OVH dns-01 challenges

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	certbot
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Nick Bebout
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://github.com/certbot/certbot/is...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-10-23 12:43 UTC by KrisMa
Modified:	2023-12-27 03:17 UTC (History)
CC List:	4 users (show)
Fixed In Version:	certbot-2.8.0-1.fc39 certbot-2.8.0-1.fc38
Clone Of:
Environment:
Last Closed:	2023-12-27 01:29:43 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description KrisMa 2023-10-23 12:43:23 UTC

The OVH DNS service changed the response to dns-01 challenges, which makes certificate update fail. As only dns-01 challenges allow creating wildcard certs this is quite critical to fix and these Letsencrypt certificates will expire very soon.

This was fixed in Certbot 2.7.2 which is already in Fedora Rawhide but due to the severity and time critical issue, needs to be backported to 37/38/39.

Reproducible: Always

Steps to Reproduce:
1. try making a dns-01 certificate challenge with OVH
2. Fails with "certbot-dns-ovh failed with Error adding TXT record: Expecting value: line 1 column 1 (char 0)" error
Actual Results:  
certbot-dns-ovh failed with Error adding TXT record: Expecting value: line 1 column 1 (char 0)

Expected Results:  
Sould update TXT records for dns-01 challenge to succeed.

https://github.com/certbot/certbot/issues/9799

Comment 1 Fedora Update System 2023-12-18 19:56:42 UTC

FEDORA-2023-b063951e19 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-b063951e19

Comment 2 Fedora Update System 2023-12-19 01:42:42 UTC

FEDORA-2023-b692f5e737 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-b692f5e737`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b692f5e737

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 3 Fedora Update System 2023-12-19 01:54:22 UTC

FEDORA-2023-b063951e19 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-b063951e19`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b063951e19

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2023-12-27 01:29:43 UTC

FEDORA-2023-b063951e19 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 5 Fedora Update System 2023-12-27 03:17:37 UTC

FEDORA-2023-b692f5e737 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.