Updating to ACMEv2 Let's Encrypt

Discussion in 'Installation/Configuration' started by tfboy, May 23, 2020.

  1. tfboy

    tfboy Member

    I've been running my install of ISPconfig for some time now with no real issues, currently on 3.1.15p2. The server was installed a few years back using the great "perfect server" guides. OS is Ubuntu 16.04.6 LTS.
    However, recently, I've been receiving emails from LE saying that my renewals are still being done with the ACME v1 protocol which will be suspended on 1st June and I should be renewing my certificates with the ACME v2 instead.
    Having looked at the logs, I can see that it still uses the v1 URL: https://acme-v01.api.letsencrypt.org/acme/....
    Any suggestions about how I should go about updating this?
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If the certificate was issued with ACME v1, that protocol continues to be used.
    So check first the certbot version you have does support ACME v2. If it does then untick the LE box, wait 2 minutes and tick it back on. Then the cert should be issued using ACME v2.
    Old discussions of this very same thing with very same error message are in this forum, use search to find them.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    It's a good question why certbot is not updating this on their own when a current certbot version is installed. What you can probably do as an alternative to the method @Taleman suggested is to look at the renewal config files from certbot and change the URL for v1 protocol that you find in there to the v2 protocol URL (compare recent newly created SSL cert renewal config with an old one).
  4. tfboy

    tfboy Member

    I did search and read through quite a few threads, but most users suggested "fixes" that could potentially break ISPconfig's renewal mechanism, so didn't want to try those.

    The only thing I could find was Till's post here: https://www.howtoforge.com/community/threads/acme-migration-v01-to-v02.83659/#post-398665 that suggests disabling LE then re-enabling it within the panel will trigger a new process that would switch to v2 versions.
    I'm actually in the process of migrating my server to a new one, with a fresh install of ISPconfig with Debian 10 following the awesome guides on here, so I guess the problem will go away anyway.

Share This Page