Certbot change provider from Sectigo to CertiNext

Hello, we are running Oracle Linux 8 for our VMs. We install the yum certbot packages
which is 1.22.0. On each of our systems we rnewal the certs monthly knowing Sectigo
will be dropping the nenewals down to 47 days by 2029. We have all of this automated.

When we work on a new system we login to an account on the https://cert-manager.com/
customer/InCommon where we add the domains and for the new system and ACME info. We
obtain the KEY ID and HMAC info and use it in a long certbot command on the system.
This connects to Sectigo, and from what I see creates the account into and registers
the system. Then we can do the certbot renew to generate the cert.

Well, we got the email that InCommon is switching from using Sectigo to CertiNext
and says this will complete by Jul 17,2006. When I look at out letsencrypt files I
can see acme.sectigo.com in multiple places. What I don't get is how do I switch this
all over from sectico to certinext. For each system I look at I see thse big numbered
account and renewal information. I see this in the directories, files. I am not sure
how we convert this over to use the new provider once all this happens.

The email we got says inCommon once the agreement is signed will migrate your existing
configuration (minus your actual certificates) to the new platform. I am not exactly
sure of all this. I do see how my letencrypt files point to the old Sectigo site,
account, and renewal pointers. I am not sure how to convert this over.

Thank you for any help you can give me. Rich

With ACME, the CA you use is determined by the directory URL. Assuming they're using External Account Binding (EAB), you will be given a command using a different directory URL and new EAB credentials.

Certbot will then create a new ACME account and use new new EAB credentials to bind the ACME account to your cert-manager account.

Don't do this. The Linux OS package repos are years out of date (1.22 is from Dec 2021 and the latest is 5.5). You'll want to use the "Linux (snap)" or "Linux (pip)" instructions here.

InCommon have published transition guidance and you should contact them directly about specific migration questions:

InCommon should be working with your organizations primary administrator to help with migration (including allocating new EAB credentials), if that's you then you need to speak to them directly and attend workshops etc. At the very least you need to ask them what to do about ACME account migration, my guess is you need to change ACME account in each client and that will depend on each ACME client that you use. Based on what @MaxHearnden said that is a change of ACME directory URL and new EAB credentials in certbot. You should start with a test certificate to practice the migration.

For background info, InCommon is a higher education service provider (including certificate services) who previously used sectigo as their CA (which had it's own sectigo hosted acme endpoints) and are now moving to certinext which is a platform by hosted by the established CA eMudrha from India.