ACME v1 end of life and subdomains

My question is about the end of life of ACME v1. I’m reading this:

“In June of 2020 we will stop allowing new domains to validate via ACMEv1.”

Also:

“Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected).”

Q: What is a new domain here? Can i still get certificates to new subdomains after that date? Example (with a made up domain): I currently have a certificate for foo.example.org. After the date above can I still get a new cert for bar.example.org using ACME v1 as it is the same old domain (example.org)?

If not, can I still renew an existing certificate foo.example.org?

1 Like

A DNS identifier that has not been issued by your Let’s Encrypt account previously.

For example, example.com and test.example.com are distinct DNS identifiers.

No.

No.

If you anticipate the need to do that, you need to issue those certificates now (even if you don’t need them now), so that they are recorded against your Let’s Encrypt account, and you can get them later.

Or upgrade to ACMEv2.

2 Likes

Ok, but I assume I can still renew certs for subdomains I have already registered before? Yes, I have plenty of them so renewing them helps to give time to migrate to v2.

(The issue here is that I need to create certs for private IPs, but the current Golang autocert package does not support dns-01 challenge anymore which I need. So I need to find a different way to renew and register domains with private IPs.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.