search

kpcyrd / acme-redirect

Tiny http daemon that answers acme challenges and redirects everything else to https
GNU General Public License v3.0
71 stars 11 forks source link

Compatibility with OpenSSL 3.x -> cannot install with Debian 12 Bookworm #38

Open salvor-hardin opened 1 year ago

salvor-hardin commented 1 year ago

When trying to install the package under Debian 12 Bookworm:

apt update && apt install acme-redirect
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://deb.debian.org/debian-security bookworm-security InRelease
Get:4 https://apt.vulns.sexy stable InRelease [1,804 B]
Get:5 https://apt.vulns.sexy stable/main amd64 Packages [1,376 B]
Fetched 3,180 B in 1s (2,978 B/s)    
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://apt.vulns.sexy/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 **acme-redirect : Depends: libssl1.1 (>= 1.1.0) but it is not installable**
E: Unable to correct problems, you have held broken packages.

Debian 12 Bookworm uses OpenSSL 3.0.x, as OpenSSL 1.1.1 is no longer maintained for this distro + will be EoL in September 11th 2023

Is there any workaround or update to keep using acme-redirect ?

Thanks.

kpcyrd commented 1 year ago

The best workaround is building the binary yourself from source on a system that has openssl 3.

I made the mistake of not creating apt repositories for each Debian release (there's only one called stable), unfortunately it's non-trivial to do this with reprepro. :broken_heart: Uploading a new build with openssl 3 for everybody would break systems that didn't upgrade to debian 12 yet.

salvor-hardin commented 1 year ago

Ok, thanks. Got it.

Would be good to know what will be your choice for long term solution, as OpenSSL 1.1.1 to be EoL from September is going to break things...