Acme-v2 warning vs. acme-v1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: teanow5pm.co.uk on local WAMP for development

I ran this command: f:\letsencrypt\letsencrypt.exe --renew --forcerenewal --baseuri "https://acme-v01.api.letsencrypt.org/"

It produced this output: cert was renewed

My web server is (include version): WAMP 3.1.7

The operating system my web server runs on is (include version): Windows 10 pro

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Apache?

Here's the question. (I hope I'm posting this right.) I received an email from let'sencryt with the information that my automatic cert renewal was using acme-v1 which was being phased out. The renewal itself does not give an error (yet). Onto my commandline. For a forced renewal, that works fine, my commandline is:

f:\letsencrypt\letsencrypt.exe --renew --forcerenewal --baseuri "https://acme-v01.api.letsencrypt.org/"

I could simply update it to:

f:\letsencrypt\letsencrypt.exe --renew --forcerenewal --baseuri "https://acme-v02.api.letsencrypt.org/"

Would this be correct?

Thank for helping.

Tom

I’m not certain there’s a question here. acmev1 is being phased out.
Please see:
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/2

Hope this helps
Rip

@Rip. I edited in the question after you. Sorry.

Yes. If you are using certbot (with up to date version), you can directly upgrade to APIv2. It shouldn’t cause any issue.

If you are not using certbot, try to update you client and check if that supports APIv2, then switch to v2 endpoints.

OK so as mostly always i have to say I’m not an expert on windows 10 pro.
You should be able to modify the server in your renew request. AND you should be able to use task scheduler or “AT” to run the renewal check automatically.

Test it and report back!
Rip

It has been a long time since I configured acme renewal. It must have been with Task Scheduler. Still searching for the task. Probably on another machine. I simply copied the certificate over from machine to machine to make life easier. I’ll get back to this thread as soon as I have a better question.

Thanks for the replies.

I think I have it working with the commandline:

f:\letsencrypt\wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"

Now I just have to wait and see if it will renew before 04/15/2020.

I'm a bit dubious because the output reads:

Renewal for [Manual] www.teanow5pm.co.uk is due after 04/15/2020 …

Instead of:

Next renewal set for …

Does anyone know the wacs.exe command for determining if auto-renewal is set?
Edit: Task Scheduler shows "acme renew" at 09:00 every day.

Despite documentation statements to the contrary my manual renewal updated the *.pem files Apache needs. Ie.: it was unnecessary to specify them separately.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.