Question

Let's Encrypt ACMEv1 protocol. You should upgrade to an ACMEv2

Hi, i got email: Beginning June 1, 2020, we will stop allowing new domains to validate using the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before then, or certificate issuance will fail. For most people, simply upgrading to the latest version of your existing client will suffice.

I have wordpress oneclick installation. Anyone to guide me how should i do that?

Subscribe
Share

I am using nginx on ubuntu 16.04. I followed the answers to this question, and my certbot is now at version 0.31.0, and the /etc/letsencrypt/accounts directory has acme-v02.api.letsencrypt.org. But, if I run:

sudo certbot renew --dry-run --preferred-challenges http-02

I get the following:

certbot: error: argument --preferred-challenges: Unrecognized challenges: http-02

When using certbot with nginx, how can I get it to use acmev2?

This comment has been deleted


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello,

I would recommend to first try and update certbot with the following commands:

sudo apt update
sudo apt install --only-upgrade certbot

Then as mentioned by @kkinsly run the following command and add your email:

sudo certbot update_account

Then you can see ACME V2 option listed under the following folder:

/etc/letsencrypt/accounts/

If you are using only the the acme.sh script, to upgrade your ACME script, you need to first SSH to your Droplet and then run:

sudo /etc/letsencrypt/acme.sh  --upgrade -b dev

Then make the new acme.sh executable:

chmod +x /root/.acme.sh/acme.sh

Backup the old acme.sh script just in case that you need it:

mv /etc/letsencrypt/acme.sh /etc/letsencrypt/acme.sh.bak

After that create a symlink for the new updated acme.sh script and the letsencrypt directory:

ln -s /root/.acme.sh/acme.sh /etc/letsencrypt/acme.sh

Then I believe that this should work as normal.

Hope that this helps! Regards, Bobby

I tried sudo certbot --server https://acme-v02.api.letsencrypt.org/directory and then the /etc/letsencrypt/accounts directory has acme-v02.api.letsencrypt.org. Am I all set?

My certbot version is certbot 0.22.2. Shall I be concerned? Thanks in advance!

This is all I needed to do:

The steps above provided by Bobby:

sudo apt update
sudo apt install --only-upgrade certbot

Then as mentioned by @kkinsly run the following command and add your email:

sudo certbot update_account

Then you can see ACME V2 option listed under the following folder:

/etc/letsencrypt/accounts/

And then just verified using the simulation command below:

certbot renew --dry-run

I’m on Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-150-generic x86_64). When I use: sudo apt-get update sudo apt-get install –only-upgrade certbot

I get: Reading package lists… Done Building dependency tree Reading state information… Done certbot is already the newest version (0.31.0-1+ubuntu16.04.1+certbot+1). The following packages were automatically installed and are no longer required: letsencrypt linux-headers-4.4.0-141 linux-headers-4.4.0-141-generic linux-headers-4.4.0-142 linux-headers-4.4.0-142-generic linux-headers-4.4.0-143 linux-headers-4.4.0-143-generic linux-headers-4.4.0-145 linux-headers-4.4.0-145-generic linux-headers-4.4.0-148 linux-headers-4.4.0-148-generic linux-headers-4.4.0-151 linux-headers-4.4.0-151-generic linux-headers-4.4.0-154 linux-headers-4.4.0-154-generic linux-headers-4.4.0-157 linux-headers-4.4.0-157-generic linux-headers-4.4.0-159 linux-headers-4.4.0-159-generic linux-headers-4.4.0-161 linux-headers-4.4.0-161-generic linux-headers-4.4.0-164 linux-headers-4.4.0-164-generic linux-headers-4.4.0-165 linux-headers-4.4.0-165-generic linux-headers-4.4.0-72 linux-headers-4.4.0-72-generic linux-headers-4.4.0-75 linux-headers-4.4.0-75-generic linux-headers-4.4.0-78 linux-headers-4.4.0-78-generic linux-headers-4.4.0-79 linux-headers-4.4.0-79-generic linux-headers-4.4.0-81 linux-headers-4.4.0-81-generic linux-headers-4.4.0-83 linux-headers-4.4.0-83-generic linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic linux-headers-4.4.0-89 linux-headers-4.4.0-89-generic linux-headers-4.4.0-91 linux-headers-4.4.0-91-generic linux-headers-4.4.0-92 linux-headers-4.4.0-92-generic linux-headers-4.4.0-93 linux-headers-4.4.0-93-generic linux-image-4.4.0-141-generic linux-image-4.4.0-142-generic linux-image-4.4.0-143-generic linux-image-4.4.0-145-generic linux-image-4.4.0-148-generic linux-image-4.4.0-151-generic linux-image-4.4.0-154-generic linux-image-4.4.0-157-generic linux-image-4.4.0-159-generic linux-image-4.4.0-161-generic linux-image-4.4.0-164-generic linux-image-4.4.0-165-generic linux-image-4.4.0-72-generic linux-image-4.4.0-75-generic linux-image-4.4.0-78-generic linux-image-4.4.0-79-generic linux-image-4.4.0-81-generic linux-image-4.4.0-83-generic linux-image-4.4.0-87-generic linux-image-4.4.0-89-generic linux-image-4.4.0-91-generic linux-image-4.4.0-92-generic linux-image-4.4.0-93-generic linux-modules-4.4.0-143-generic linux-modules-4.4.0-145-generic linux-modules-4.4.0-148-generic linux-modules-4.4.0-151-generic linux-modules-4.4.0-154-generic linux-modules-4.4.0-157-generic linux-modules-4.4.0-159-generic linux-modules-4.4.0-161-generic linux-modules-4.4.0-164-generic linux-modules-4.4.0-165-generic python-acme python-augeas python-cffi-backend python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-pyicu python-requests python-rfc3339 python-six python-tz python-urllib3 python-zope.component python-zope.event python-zope.hookable python-zope.interface Use ‘sudo apt autoremove’ to remove them. The following packages will be upgraded: systemd-sysv 1 upgraded, 0 newly installed, 0 to remove and 200 not upgraded. 1 not fully installed or removed. Need to get 0 B/12.0 kB of archives. After this operation, 1,024 B of additional disk space will be used. (Reading database … 758379 files and directories currently installed.) Preparing to unpack …/systemd-sysv_229-4ubuntu21.27_amd64.deb … Unpacking systemd-sysv (229-4ubuntu21.27) over (229-4ubuntu21.21) … dpkg: unrecoverable fatal error, aborting: fork failed: Cannot allocate memory E: Sub-process /usr/bin/dpkg returned an error code (2)

Any advice?

I can’t see acme-v02.api.letsencrypt.org, even when I run sudo /etc/letsencrypt/acme.sh --upgrade -b dev, and the results are:

[Fri Jan 24 01:09:30 UTC 2020] Already uptodate! [Fri Jan 24 01:09:30 UTC 2020] Upgrade success!

Found the easiest solution. Run below script and add your email

sudo certbot update_account

Now you can see ACME V2 option listed under

 /etc/letsencrypt/accounts/

This comment has been deleted