Ubuntu
python-certbot package

unrecognized arguments: --preferred-chain

Asked by Omacka S

Hello,
I would need to use certbot --preferred-chain "DST Root CA X3" argument, but i'm getting error: unrecognized arguments
versions are: ubuntu 20.04, certbot 0.40.0 (0.40.0-1ubuntu0.1)

if i install certbot via snap i get certbot 1.10.1 and there is no problem whith that argument...

I don't understand why ubuntu and "genuine" certbot are not the same... it seems they are two different tools...?
Please do we know when the ubuntu packages will support "--preferred-chain" argument?

thank you

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu python-certbot Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Manfred Hampl suggests this article as an answer to your question:
FAQ #3037: “no rolling release”.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#2

The option "--preferred-chain" is supported by certbot version 1.7 (in Ubuntu 20.10 groovy) but not in certbot 0.40 (in Ubuntu 20.04 focal).

Revision history for this message
Gert van den Berg (mohag1) said : 		#3

The problem is that the outdated version in the current LTS release includes an expired cert in the chain, which breaks some TLS clients.

The newer version with the option seems to be the only fix (the upstream version available as a snap supports the option, but that requires dealing with snaps, which I'm not doing willingly after dealing with Ubuntu Core)

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

@Gert van den Berg:
If the version currently available in focal is broken, then a bug report should be created to initiate a correction.

As far as I can see there is at least one PPA with an updated version for focal (standard disclaimer for PPAs applies of course): https://launchpad.net/~mati75/+archive/ubuntu/mikrus

Can you help with this problem?

Provide an answer of your own, or ask Omacka S for more information if necessary.

To post a message you must log in.