Bug ID 1141928
Summary python-acme will break on November 1st
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
OS Other
Status NEW
Severity Critical
Priority P5 - None
Component Other
Assignee bnc-team-screening@forge.provo.novell.com
Reporter bmw@eff.org
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

This bug affects the python*-acme packages in Leap 15.0 and 15.1. If there is
already a version of python*-acme frozen in Leap 15.2, it is affected if it is
not version 0.34.0 or greater.

The python*-acme packages will no longer work with Let���s Encrypt���s ���ACMEv2���
endpoint which is their RFC 8555 compliant endpoint starting November 1st. See
https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380
for more details about this change.

As one of the upstream maintainers of this library, I would recommend
backporting python-acme 0.34.0 or greater to all supported versions of
openSUSE. There are no breaking changes to the Python API and no dependencies
should have to be updated.

If you do this, to flag a couple changes for you that you may want to know
about:

* Some of the code in the library has been deprecated in recent versions and
while it still works just fine it is causing Python DeprecationWarnings. See
https://docs.python.org/3/library/warnings.html if you're not familiar with
this.
* There is an extremely minor change in the requests sent by the library. The
previous versions were not RFC 8555 compliant and there are no known ACME CAs
that rely on this non-standard behavior, but it's something you may want to
know about. More details about this change are at
https://github.com/certbot/certbot/pull/6975.

If either of these changes are especially worrisome to you, I could tell you
the changes that need to be backported to an earlier version of python-acme,
however, I do not recommend this as it will result packages that have been less
thoroughly tested.

You are receiving this mail because: