Update your client software to continue using Let's Encrypt

Hello,
Yesterday I received the following email:
How do I to fix this issue?
thanks

"Hi,

According to our records, the software client you're using to get Let's
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol. Here are the details of one
recent ACMEv1 request from each of your account(s):

Client IP address: xxx.xxx.xxx.xxx

User agent: CertbotACMEClient/0.12.0 (Debian GNU/Linux 8 (jessie)) Authenticator/webroot Installer/None

Hostname(s): "mydomain.tld","www.mydomain.tld"

Request time: 2020-02-27 08:00:55 UTC

Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice. You can view the
client list at: https://letsencrypt.org/docs/client-options/

If you're unsure how your certificate is managed, get in touch with the
person who installed the certificate for you. If you don't know who to
contact, please view the help section in our community forum at
https://community.letsencrypt.org/c/help and use the search bar to check if
there's an existing solution for your question. If there isn't, please create
a new topic and fill out the help template.

ACMEv1 API deprecation details can be found in our community forum:
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1

As a reminder: In the future, Let's Encrypt will be performing multiple
domain validation requests for each domain name when you issue a certificate.
While you're working on migrating to ACMEv2, please check that your system
configuration will not block validation requests made by new Let's Encrypt IP
addresses, or block multiple matching requests. Per our FAQ
(https://letsencrypt.org/docs/faq/), we don't publish a list of IP addresses
we use to validate, and this list may change at any time.

To receive more frequent updates, subscribe to our API Announcements:
https://community.letsencrypt.org/t/about-the-api-announcements-category

Thank you for joining us on our mission to create a more secure and privacy-
respecting Web!

All the best,

Let's Encrypt

 

Recent Linux distributions and LE versions support the new protocol. But old certificate created with old protocol may continue using the Acme1. So delete the certificate and create it again, then it should be Acme2.

 

Thanks for quick reply
Any link for HOWTo I do this ?

 

Deactivate LetsEncrypt for that domain in ispconfig.
Use "certbot delete" to delete the cert.
Reactivate LetsEncrypt in Ispc

However, it could be that your certbot version is too old:

0.12 is from 2017. Recent version is 1.3.0.
Looks like more work for you.

From Certbot webpage:

Depends on how you have initially installed certbot. Could also be you have a certbot installation in /opt/eff

 

OK, thank you for your reply.
Could you please tell me the specific order I need to follow? The certbot is under /opt/
Do I first delete certbot, then update and finally enable?

 

Ηι
today i started to fix the problem
1. οκ
2. "certbot delete" dosent work any help

 

It is not clear to me exacly what I need to remove and from where Is there any link that describes exacly what I need to do?

 

"doesnt work" is not a valid error message. What problem are you facing when executing that command?

 

I believe certbot-auto is the command that fetches and installs latest certbot on your computer. Is there a certbot now installed?

 

Good morning Taleman,
As you have already understood I have no knowledge so I want to take small and certain steps
I have done no action other than uncheck the SSL from this particular domain from ispconfig panel
I would be happy if you told me what to do step by step
Thanks

 

If you still have certbot installed, you could delete the certs with "certbot delete". If this is not installed, then deactivate Letsencrypt and SSL for your web and delete the same web in these folders:

Code:

    /etc/letsencrypt/archive
    /etc/letsencrypt/live
    /etc/letsencrypt/renewal

After that, install certbot and activate SSL and LetsEncrypt in ispc

 

Hi Stelni86
Thanks for reply
Please confirm me the following commands for delete

cp /etc/letsencrypt/ /etc/letsencrypt.backup -r
rm -rf /etc/letsencrypt/live/bar.example.com/
rm -rf /etc/letsencrypt/archive/bar.example.com/
rm /etc/letsencrypt/renewal/bar.example.com.conf

and

remove certbot
sudo apt-get remove certbot

install certbot
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

get and install your certificates
sudo /usr/local/bin/certbot-auto --apache

Set up automatic renewal
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null

Thanks

 

correct.

From your previous comments, it looks like you have already removed certbot.
You have to remove certbot-auto, too! -> "rm -rf /opt/eff.org"

The best thing would be to install the Debian package. But for that you need a newer system than jessie. (LTS support for jessie will end in June, you have to upgrade anyway). So you have to use certbot-auto. Be aware to not create any certificates with certbot-auto (will be done by ispc) and do not install any certs (will break ispc) and do not create the cronjob (will be done by ispc):

Code:

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --install-only

do not select any domains, just select c to cancel. Selecting a domain will exclude them from ssl in ispconfig, that's why it is important to not select a domain and not use the apache option.
Afterwards reactivate letsencrypt in ispc, select SSL and letsencrypt for your web

[edit]
Edited command for future reference according to Tills correcion

 

I followed the steps above one by one
something goes wrong
all sites are down
How do I fix it?
I 'm wondernig what I did wrong