Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?
- In reply to: Matthew Seaman : "Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 20:09:33 UTC
On 24/10/2023 18:24, Matthew Seaman wrote: > On 24/10/2023 13:54, DutchDaemon - FreeBSD Forums Administrator wrote: >> Does anyone in 'port land' know what the current developments are wrt >> CertBot (or py-crypto under its hood)? >> >> CertBot is happily compiling against OpenSSL 3 from ports, but when >> running 'certbot', the crypto side of it talks to the base system >> OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does >> not understand the OpenSSL 3 calls made to it. >> >> From what I understood, this was due to an error/regression in >> pkgconf(?) which causes some type of 'path reversal' that causes >> py-crypto to ignore the OpenSSL it was compiled against, favoring the >> base system library. >> >> I either have to revert a whole lot of servers back to OpenSSL 1.1.1w >> from ports in order to renew certificates, or wait for "any movement" >> in getting the path reversal addressed/fixed. >> >> So: does anyone know where we're at with this? >> > > certbot is running just fine for me on stable/14 with openssl 3.x from > ports. Note that stable/14 has openssl 3.x in base. > > Cheers, > > Matthew > Yes ;) I knew that that would be 'the other option', but tracking -RELEASE and its patch levels is currently preferred over here. Got a tip about 'dehydrated', so maybe that'll work for now, until 14-REL is on the books.