Question

Let's Encrypt ACMEv1 protocol. You should upgrade to an ACMEv2

Posted January 15, 2020 15.4k views
Let's Encrypt

Hi, i got email:
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice.

I have wordpress oneclick installation. Anyone to guide me how should i do that?

1 comment
  • I am using nginx on ubuntu 16.04. I followed the answers to this question, and my certbot is now at version 0.31.0, and the /etc/letsencrypt/accounts directory has acme-v02.api.letsencrypt.org. But, if I run:

    sudo certbot renew --dry-run --preferred-challenges http-02
    

    I get the following:

    certbot: error: argument --preferred-challenges: Unrecognized challenges: http-02
    

    When using certbot with nginx, how can I get it to use acmev2?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
6 answers

Hello,

I would recommend to first try and update certbot with the following commands:

sudo apt update
sudo apt install --only-upgrade certbot

Then as mentioned by @kkinsly run the following command and add your email:

sudo certbot update_account

Then you can see ACME V2 option listed under the following folder:

/etc/letsencrypt/accounts/

If you are using only the the acme.sh script, to upgrade your ACME script, you need to first SSH to your Droplet and then run:

sudo /etc/letsencrypt/acme.sh  --upgrade -b dev

Then make the new acme.sh executable:

chmod +x /root/.acme.sh/acme.sh

Backup the old acme.sh script just in case that you need it:

mv /etc/letsencrypt/acme.sh /etc/letsencrypt/acme.sh.bak

After that create a symlink for the new updated acme.sh script and the letsencrypt directory:

ln -s /root/.acme.sh/acme.sh /etc/letsencrypt/acme.sh

Then I believe that this should work as normal.

Hope that this helps!
Regards,
Bobby

This is all I needed to do:

The steps above provided by Bobby:

sudo apt update
sudo apt install --only-upgrade certbot

Then as mentioned by @kkinsly run the following command and add your email:

sudo certbot update_account

Then you can see ACME V2 option listed under the following folder:

/etc/letsencrypt/accounts/

And then just verified using the simulation command below:

certbot renew --dry-run

Found the easiest solution. Run below script and add your email

sudo certbot update_account

Now you can see ACME V2 option listed under

 /etc/letsencrypt/accounts/
  • “certbot: error: unrecognized arguments: update_account” :(

  • Now I see acme-v02.api.letsencrypt.org folder… how do I know if that’s the one been used by certbot and not v01 or staging-v02?

  • I still do not have /etc/letsencrypt/acme.sh

    I’ve run :

    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository universe
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update

    sudo certbot update_account

    this has given me /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org

    however there is still no ‘acme.sh’ script.

    if I run letsencrypt –version
    I get ‘certbot 0.31.0’

    so certbot has been upgraded from 0.27.0

I can’t see acme-v02.api.letsencrypt.org, even when I run sudo /etc/letsencrypt/acme.sh –upgrade -b dev, and the results are:

[Fri Jan 24 01:09:30 UTC 2020] Already uptodate!
[Fri Jan 24 01:09:30 UTC 2020] Upgrade success!

I’m on Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-150-generic x86_64). When I use:
sudo apt-get update
sudo apt-get install –only-upgrade certbot

I get:
Reading package lists… Done
Building dependency tree
Reading state information… Done
certbot is already the newest version (0.31.0-1+ubuntu16.04.1+certbot+1).
The following packages were automatically installed and are no longer required:
letsencrypt linux-headers-4.4.0-141 linux-headers-4.4.0-141-generic linux-headers-4.4.0-142
linux-headers-4.4.0-142-generic linux-headers-4.4.0-143 linux-headers-4.4.0-143-generic linux-headers-4.4.0-145
linux-headers-4.4.0-145-generic linux-headers-4.4.0-148 linux-headers-4.4.0-148-generic linux-headers-4.4.0-151
linux-headers-4.4.0-151-generic linux-headers-4.4.0-154 linux-headers-4.4.0-154-generic linux-headers-4.4.0-157
linux-headers-4.4.0-157-generic linux-headers-4.4.0-159 linux-headers-4.4.0-159-generic linux-headers-4.4.0-161
linux-headers-4.4.0-161-generic linux-headers-4.4.0-164 linux-headers-4.4.0-164-generic linux-headers-4.4.0-165
linux-headers-4.4.0-165-generic linux-headers-4.4.0-72 linux-headers-4.4.0-72-generic linux-headers-4.4.0-75
linux-headers-4.4.0-75-generic linux-headers-4.4.0-78 linux-headers-4.4.0-78-generic linux-headers-4.4.0-79
linux-headers-4.4.0-79-generic linux-headers-4.4.0-81 linux-headers-4.4.0-81-generic linux-headers-4.4.0-83
linux-headers-4.4.0-83-generic linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic linux-headers-4.4.0-89
linux-headers-4.4.0-89-generic linux-headers-4.4.0-91 linux-headers-4.4.0-91-generic linux-headers-4.4.0-92
linux-headers-4.4.0-92-generic linux-headers-4.4.0-93 linux-headers-4.4.0-93-generic
linux-image-4.4.0-141-generic linux-image-4.4.0-142-generic linux-image-4.4.0-143-generic
linux-image-4.4.0-145-generic linux-image-4.4.0-148-generic linux-image-4.4.0-151-generic
linux-image-4.4.0-154-generic linux-image-4.4.0-157-generic linux-image-4.4.0-159-generic
linux-image-4.4.0-161-generic linux-image-4.4.0-164-generic linux-image-4.4.0-165-generic
linux-image-4.4.0-72-generic linux-image-4.4.0-75-generic linux-image-4.4.0-78-generic
linux-image-4.4.0-79-generic linux-image-4.4.0-81-generic linux-image-4.4.0-83-generic
linux-image-4.4.0-87-generic linux-image-4.4.0-89-generic linux-image-4.4.0-91-generic
linux-image-4.4.0-92-generic linux-image-4.4.0-93-generic linux-modules-4.4.0-143-generic
linux-modules-4.4.0-145-generic linux-modules-4.4.0-148-generic linux-modules-4.4.0-151-generic
linux-modules-4.4.0-154-generic linux-modules-4.4.0-157-generic linux-modules-4.4.0-159-generic
linux-modules-4.4.0-161-generic linux-modules-4.4.0-164-generic linux-modules-4.4.0-165-generic python-acme
python-augeas python-cffi-backend python-chardet python-configargparse python-configobj python-cryptography
python-dialog python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient
python-openssl python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-pyicu
python-requests python-rfc3339 python-six python-tz python-urllib3 python-zope.component python-zope.event
python-zope.hookable python-zope.interface
Use ‘sudo apt autoremove’ to remove them.
The following packages will be upgraded:
systemd-sysv
1 upgraded, 0 newly installed, 0 to remove and 200 not upgraded.
1 not fully installed or removed.
Need to get 0 B/12.0 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
(Reading database … 758379 files and directories currently installed.)
Preparing to unpack …/systemd-sysv229-4ubuntu21.27amd64.deb …
Unpacking systemd-sysv (229-4ubuntu21.27) over (229-4ubuntu21.21) …
dpkg: unrecoverable fatal error, aborting:
fork failed: Cannot allocate memory
E: Sub-process /usr/bin/dpkg returned an error code (2)

Any advice?

I tried sudo certbot --server https://acme-v02.api.letsencrypt.org/directory and then the /etc/letsencrypt/accounts directory has acme-v02.api.letsencrypt.org. Am I all set?

My certbot version is certbot 0.22.2. Shall I be concerned? Thanks in advance!

Submit an Answer