I have opened this issue at https://git.ispconfig.org/ispconfig/ispconfig3/issues/5030 but I was thinking may be I just talk about it in here as well. As discussed at the git, with some minor additions, I was thinking about changing from this (in letsencrypt.inc.php): Code: $letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain $cli_domain_arg --webroot-path /usr/local/ispconfig/interface/acme"; To this: Code: $certbot_version = shell_exec('apt-cache policy certbot | grep -i Installed | tr -d "Installed: "'); if ($certbot_version >=0.22) { $acme_version = 'https://acme-v02.api.letsencrypt.org/directory'; } else { $acme_version = 'https://acme-v01.api.letsencrypt.org/directory'; } $letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $cli_domain_arg --webroot-path /usr/local/ispconfig/interface/acme"; This will allow the usage of Acme v2 for those who have certbot v0.22 and above installed. As stated there, this is not intended to support wildcard that is offered via Acme v2 as I understand the difficulty in accessing and updating dns server but could be a first step towards it that need not be that perfect yet. I hope this will get a good feedback from the developers.
That's fine for me, if you tested it and LE still works like before, then please feel free to submit a merge request.
Just one thing, you can not use apt to find out the certbot version as this will not work on CentOS, Fedora and OpenSuSE. In the 900-le cron file there is a version check which works on all distributions, you might want to use that as basis for your code.
Thank you for your feedback @till. Basically the same was pointed out by Florian and Markus too, so it was fixed and it was merged in the git with the following code was used instead. Code: $letsencrypt_version = exec($letsencrypt . ' --version 2>&1', $ret, $val); if(preg_match('/^(\S+|\w+)\s+(\d+(\.\d+)+)$/', $letsencrypt_version, $matches)) { $letsencrypt_version = $matches[2]; } if ($letsencrypt_version >=0.22) { $acme_version = 'https://acme-v02.api.letsencrypt.org/directory'; } else { $acme_version = 'https://acme-v01.api.letsencrypt.org/directory'; } $letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $cli_domain_arg --webroot-path /usr/local/ispconfig/interface/acme";
