Certbot webroot with http-01 - Upgrade to ACMEv2?


i am running Certbot on Debian8 and use “webroot” for obtaining and renewing my certificates. I received an email that i must update to acmev2.

certbot renew --dry-run shows no errors.

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domainname.com
http-01 challenge for domainname.com
Waiting for verification…
Cleaning up challenges

It seems that the http-01 challange uses acmev1?

What ist the best thing to do? Upgrade certbot? Can i still use “webroot” with newer versions of certbot? Or is there an easier way?

Another question: Does the version of certbot that comes with Debian10 include “webroot” that supports ACMEv2?

Thank you very much!

1 Like

The official advice for using Certbot on Debian 8/Jessie is to use certbot-auto: https://certbot.eff.org/lets-encrypt/debianjessie-other , which automatically gives you the latest version (1.1.0 at the moment).

It will continue to function with your existing configuration and certificates. As written on the above page, once you verify it works, you should remove the old Certbot package and setup the cronjob for certbot-auto.

1 Like

Thanky you for your reply!

I think I will try this.

The page you mentioned says, that i should FIRST remove the packaged version of certbot and then install certbot-auto. But i think this will delete my existing certificates?

You recommand to install certbot-auto first and than remove the packaged version?

Thanky you very much

1 Like

Doesn’t matter too much about the order. May as well do what the instructions advise.

It won’t. Your data (renewal configuration and certificates) is stored in /etc/letsencrypt. Uninstalling Certbot won’t touch that directory. If you’re paranoid, you can also just create a backup of that directory.

1 Like

OK, thank you very much.

One last question: Does I have to create new certificates with certbot-auto or will it be able to continue with my existing configuration (i still use certbot 0.10.2). I think you mentioned, that it will continue to work and I only have to update the cronjob for renewal.

1 Like

Yes, it will continue to use your existing configuration. The only difference will be that you will run certbot-auto instead of certbot. Everything else is the same.

1 Like

How to determine which version of ACME is in use? I also received the update mail. But I have several servers using Certbot. So I need to find out which one to update.
They are all running Debian.

1 Like

Ok I just answer my own question :slight_smile: Having a look in the log file showed me lines like these:

2020-01-17 23:20:32,533:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz-v3/2281568696.

So it is using the v01 version.