Certbot upgrade to support ACMEv2

Did you get any change in:
dpkg -l python3-acme

Nope…Unfortunately…
ii python3-acme 0.28.0-1~deb9u1 all ACME protocol library for Python 3
root@instance-1:~

Try:

It sounds like you don’t have stretch-updates enabled.

/etc/apt/sources.list should usually include:

deb http://deb.debian.org/debian stretch-updates main
1 Like

For Information, GCE instance is using these sources.

Will all GCE users be required to update? This is an older instance, so not sure what a new one looks like.

root@instance-1:~# grep ^[^#] /etc/apt/sources.list /etc/apt/sources.list.d/*
/etc/apt/sources.list:deb http://http.debian.net/debian stretch main
/etc/apt/sources.list:deb-src http://http.debian.net/debian stretch main
/etc/apt/sources.list:deb http://security.debian.org/ stretch/updates main
/etc/apt/sources.list:deb-src http://security.debian.org/ stretch/updates main
/etc/apt/sources.list:deb http://ftp.debian.org/debian stretch-backports main
/etc/apt/sources.list.d/google-cloud.list:deb http://packages.cloud.google.com/apt google-compute-engine-stretch-stable main
/etc/apt/sources.list.d/google-cloud.list:deb http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch main
root@instance-1:~#

You are indeed missing stretch-updates.

stretch/updates from Debian Security is not the same.

OH NO! Your Stretch Armstrong doesn’t stretch - LOL

Just add “stretchiness” …
What is shown in?:
/etc/apt/sources.list

What happened here? :frowning:

root@instance-1:~# cat /etc/apt/sources.list
-# deb http://gce_debian_mirror.storage.googleapis.com/ stretch main
-# deb-src http://gce_debian_mirror.storage.googleapis.com/ stretch main
deb http://http.debian.net/debian stretch main
deb-src http://http.debian.net/debian stretch main
deb http://security.debian.org/ stretch/updates main
deb-src http://security.debian.org/ stretch/updates main
deb http://ftp.debian.org/debian stretch-backports main
root@instance-1:~#

Try adding the entry from my earlier post?

ii python3-acme 0.28.0-1~deb9u2

no renewal failures :slight_smile:

Curious:
So was I mis-configured from a GCE instance norm?.
Or, Will anyone using a GCE instance have this issue or was it just me this time?

1 Like

Most likely (in time).
[I don’t think stretch updates nor backports are added as any default.]

Well this started for me with the email advising of the move to ACMEv2 and upgrading what had been working fine. So if it is an issue that will show up with standard aws or gce instances, it could be a real headache. I will check some of my other sites further in the next day or so… Thanks for your expert assistance!!

For now. Let’s Encrypt is phasing it out. At this current point in time, it is disabled in the staging environment but remains enabled in the production environment. It will be disabled there too in time.

1 Like

Thank You for all the help! The dry-run is working on this instance, I will check some others in the AM.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.