Acme.sh will not issue, says I am using verson 1 when I am using version 2

YTC1 · March 8, 2020, 6:09pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ytc1-cloud.dyndns.org

I ran this command:
./acme.sh --issue -d ytc1.dyndns.org -d ytc1-cloud.dyndns.org --use-wget --test --apache --accountconf ${PWD}/account.conf
root@ytc1-cloud:/var/www/acme/.acme.sh# ./acme.sh -v
https://github.com/Neilpang/acme.sh
v2.8.0

It produced this output:
[Sunday, 8 March 2020 at 18:00:47 GMT] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Sunday, 8 March 2020 at 18:00:49 GMT] Checking if there is an error in the apache config file before starting.
[Sunday, 8 March 2020 at 18:00:49 GMT] OK
[Sunday, 8 March 2020 at 18:00:50 GMT] JFYI, Config file /etc/apache2/2.4/httpd.conf is backuped to /root/.acme.sh/httpd.conf
[Sunday, 8 March 2020 at 18:00:50 GMT] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Sunday, 8 March 2020 at 18:00:50 GMT] The backup file will be deleted on success, just forget it.
[Sunday, 8 March 2020 at 18:00:50 GMT] Registering account
[Sunday, 8 March 2020 at 18:00:52 GMT] Register account Error: {“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,“status”: 403}
[Sunday, 8 March 2020 at 18:00:52 GMT] Please check log file for more details: /var/www/acme/.acme.sh/acme.sh.log

My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
Solaris 11.4
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

./acme.sh -v

v2.8.0

mnordhoff · March 8, 2020, 6:52pm

You are using version 1 of the Let's Encrypt API. It's not about the version number of your ACME client.

Can you upgrade to a newer version of acme.sh? Version 2.8.0 is over a year old. I think it supports the ACMEv2 API but it evidently doesn't use it by default, and it might have bugs anyway.

That's the version 1 staging URL.

YTC1 · March 8, 2020, 7:24pm

Ah, ok.
I ran acme.sh upgrade and this is the version it gave me.
Is there something else I should have run?

YTC1 · March 8, 2020, 7:33pm

Right, I ran the upgrade again, and noticed it wrote to /root , when I was running from /var/www/acme/.acme.sh

I’ve copied into the correct dir and have moved forward, now another errror/issue, but wil leave that for another day.

9peppe · March 8, 2020, 7:35pm

it writes it into /root and defines an alias, don’t copy that script, it will expect its data somewhere.

YTC1 · March 8, 2020, 9:10pm

This is a Solaris zone, the / is immutable for security reasons.
I forgot I needed to do this, and use the --home variable.
All software needs to have roots and paths configurable. I wrongly assumed it would pick up/source the account.conf from the dir it was run from.
I’ll make notes.

It has been working this way for 2 years.

system · April 7, 2020, 9:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.