Question

Let's Encrypt ACMEv1 protocol. You should upgrade to an ACMEv2

Posted January 15, 2020 6.7k views
Let's Encrypt

Hi, i got email:
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice.

I have wordpress oneclick installation. Anyone to guide me how should i do that?

1 comment
  • I am using nginx on ubuntu 16.04. I followed the answers to this question, and my certbot is now at version 0.31.0, and the /etc/letsencrypt/accounts directory has acme-v02.api.letsencrypt.org. But, if I run:

    sudo certbot renew --dry-run --preferred-challenges http-02
    

    I get the following:

    certbot: error: argument --preferred-challenges: Unrecognized challenges: http-02
    

    When using certbot with nginx, how can I get it to use acmev2?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers

Hello,

I would recommend to first try and update certbot with the following commands:

sudo apt update
sudo apt install --only-upgrade certbot

Then as mentioned by @kkinsly run the following command and add your email:

sudo certbot update_account

Then you can see ACME V2 option listed under the following folder:

/etc/letsencrypt/accounts/

If you are using only the the acme.sh script, to upgrade your ACME script, you need to first SSH to your Droplet and then run:

sudo /etc/letsencrypt/acme.sh  --upgrade -b dev

Then make the new acme.sh executable:

chmod +x /root/.acme.sh/acme.sh

Backup the old acme.sh script just in case that you need it:

mv /etc/letsencrypt/acme.sh /etc/letsencrypt/acme.sh.bak

After that create a symlink for the new updated acme.sh script and the letsencrypt directory:

ln -s /root/.acme.sh/acme.sh /etc/letsencrypt/acme.sh

Then I believe that this should work as normal.

Hope that this helps!
Regards,
Bobby

Found the easiest solution. Run below script and add your email

sudo certbot update_account

Now you can see ACME V2 option listed under

 /etc/letsencrypt/accounts/
  • “certbot: error: unrecognized arguments: update_account” :(

  • Now I see acme-v02.api.letsencrypt.org folder… how do I know if that’s the one been used by certbot and not v01 or staging-v02?

  • I still do not have /etc/letsencrypt/acme.sh

    I’ve run :

    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository universe
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update

    sudo certbot update_account

    this has given me /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org

    however there is still no ‘acme.sh’ script.

    if I run letsencrypt –version
    I get ‘certbot 0.31.0’

    so certbot has been upgraded from 0.27.0

I can’t see acme-v02.api.letsencrypt.org, even when I run sudo /etc/letsencrypt/acme.sh –upgrade -b dev, and the results are:

[Fri Jan 24 01:09:30 UTC 2020] Already uptodate!
[Fri Jan 24 01:09:30 UTC 2020] Upgrade success!

Submit an Answer