I received this email:
Hi,
According to our records, the software client you're using to get Let's
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol. Here are the details of one
recent ACMEv1 request from each of your account(s):Client IP address: 82.223.19.128
User agent: CertbotACMEClient/0.31.0 (certbot; Ubuntu 16.04.6 LTS) Authenticator/webroot Installer/None (renew; flags: n) Py/3.5.2
Hostname(s): "lithotherapie.net","www.lithotherapie.net","www.yogadebutant.com","yogadebutant.com"
Request time: 2020-04-13 02:37:33 UTC
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice. You can view the
client list at: ACME Client Implementations - Let's EncryptIf you're unsure how your certificate is managed, get in touch with the
person who installed the certificate for you. If you don't know who to
contact, please view the help section in our community forum at
Help - Let's Encrypt Community Support and use the search bar to check if
there's an existing solution for your question. If there isn't, please create
a new topic and fill out the help template.ACMEv1 API deprecation details can be found in our community forum:
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1As a reminder: In the future, Let's Encrypt will be performing multiple
domain validation requests for each domain name when you issue a certificate.
While you're working on migrating to ACMEv2, please check that your system
configuration will not block validation requests made by new Let's Encrypt IP
addresses, or block multiple matching requests. Per our FAQ
(FAQ - Let's Encrypt), we don't publish a list of IP addresses
we use to validate, and this list may change at any time.To receive more frequent updates, subscribe to our API Announcements:
https://community.letsencrypt.org/t/about-the-api-announcements-categoryThank you for joining us on our mission to create a more secure and privacy-
respecting Web!All the best,
Let's Encrypt
I tried to follow the instructions there: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
But when I run sudo certbot --nginx
(I choose option 2: renew and replace certificate) I get this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: lithotherapie.net
2: www.lithotherapie.net
3: yogadebutant.com
4: www.yogadebutant.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.yogadebutant.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/lithotherapie.net
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/lithotherapie.net
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/yogadebutant.com
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/yogadebutant.com
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/lithotherapie.net:15
Rolling back to previous server configuration...
nginx: [warn] conflicting server name "lithotherapie.net" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.lithotherapie.net" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "lithotherapie.net" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.lithotherapie.net" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "lithotherapie.net" on [::]:443, ignored
nginx: [warn] conflicting server name "www.lithotherapie.net" on [::]:443, ignored
nginx restart failed:
b''
b''
IMPORTANT NOTES:
- We were unable to install your certificate, however, we
successfully restored your server to its prior configuration.
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.yogadebutant.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.yogadebutant.com/privkey.pem
Your cert will expire on 2020-08-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
My Nginx config files look like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name lithotherapie.net www.lithotherapie.net;
return 301 https://www.lithotherapie.net$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name lithotherapie.net;
include snippets/ssl-lithotherapie.net.conf;
include snippets/ssl-params.conf;
return 301 https://www.lithotherapie.net$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-lithotherapie.net.conf;
include snippets/ssl-params.conf;
server_name www.lithotherapie.net;
root /var/www/lithotherapie.net/public_html;
index index.php index.html;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/lithotherapie.net/public_html$fastcgi_script_name;
}
location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
access_log off;
}
}
And the second one:
server {
listen 80;
listen [::]:80;
server_name yogadebutant.com www.yogadebutant.com;
return 301 https://$server_name$request_uri;
root /var/www/yogadebutant.com/public_html;
index index.php index.html;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/yogadebutant.com/public_html$fastcgi_script_name;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-yogadebutant.com.conf;
include snippets/ssl-params.conf;
server_name yogadebutant.com www.yogadebutant.com;
root /var/www/yogadebutant.com/public_html;
index index.php index.html;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/yogadebutant.com/public_html$fastcgi_script_name;
}
}
What should I do to upgrade to ACMEv2 protocol?