No renewal certificate error

Hi,

letsencrypt moved to API v2 in the meanwhile, deprecating API v1. Therefore i will receive this error:

Error registering: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

This is for staging, if i want to test, whether i can get a cert.

When i want to get a new cert i get this:

Requesting a new certificate for example.com, using the website directory /var/www ..

.. request failed : Chained certificate downloaded from https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem is empty

If i just renew, i will be taken away from that page to the SSL Settings page (first Tab).

Since i use the builtin letsencrypt feature, what can i do? Will there be any update? Even updating Webim to 1.930 didn't fix that

Thanks and best j_m

Status: 
Active

Comments

Assigned: Unassigned »

Howdy -- thanks for your report!

I've asked Jamie for his thoughts on this, we'll see what he says.

Note that a workaround in the meantime may be to temporarily use the certbot client.

Well,

i made it now manually by using sslforfree.com; but i'd appreciate if it would work again in Webmin / Virtualmin as well (haven't checked on Virtualmin yet.

Thanks and best j_m

Sorry to ask or reply.

That V1 remark / announcement was known by 11-03-2019 and still not updated in virtualmin?

The original protocol used by Let’s Encrypt for certificate issuance and management is called ACMEv1. In March of 2018 we introduced support for ACMEv2, a newer version of the protocol that matches what was finalized today as RFC 8555. We have been encouraging subscribers to move to the ACMEv2 protocol.

Today we are announcing an end of life plan for ACMEv1.

In November of 2019 we will stop allowing new account registrations through our ACMEv1 API endpoint. Existing accounts will continue to function normally.

In June of 2020 we will stop allowing new domains to validate via ACMEv1.

We will be permanently disabling new ACME v1 registrations in the staging environment on October 1st .

And this one in august 2019. https://community.letsencrypt.org/t/important-notice-to-acme-client-deve...

Clients not compatible with ACME v2 will progressively disappear from https://letsencrypt.org/docs/client-options/ (They will be greyed out first, and then removed).
The objective is to points users only to ACME v2 clients as the ACME v1 API is deprecated and will be removed

YUP i don't understand why to wait longer with this part?

You may want to use the workaround mentioned in Comment #1 above, that will resolve any issues relating to the ACME protocol version until we're able to modify the built-in client to use the new protocol.

I was able to wait a day this time now that the brownout is complete and not have to use the workaround. Will use it next if needed. Thanks for planning this in, andreychek.

THis could maybe help to get it quicker done? https://github.com/Neilpang/acme.sh . THIS ONE WORKS EVEN WITH CENTOS 8.


    An ACME protocol client written purely in Shell (Unix shell) language.
    Full ACME protocol implementation.
    Support ACME v1 and ACME v2
    Support ACME v2 wildcard certs
    Simple, powerful and very easy to use. You only need 3 minutes to learn it.
    Bash, dash and sh compatible.
    Simplest shell script for Let's Encrypt free certificate client.
    Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
    Just one script to issue, renew and install your certificates automatically.
    DOES NOT require root/sudoer access.
    Docker friendly
    IPv6 support
    Cron job notifications for renewal or error etc.

Commenting only for the sake of following this. Hopefully it's resolved by 10/31/19 :)