Compatibility of old version of ACME?


#1

Hello here!

For one of my project, I need to issue certificates with Let’s Encrypt with ACME python binding.
But on Debian Stretch and Ubuntu Xenial, there is only quite old python-acme available (respectively 0.10 and 0.4).
Is there any (current or future) compatibility trouble to expect with such old libraries and current ACME v1 endpoint? Is there any compatibility matrix or tests results for each version of ACME against current v1 endpoint?

Concerning ACME v1 endpoint directly, is there any dates planned for its deprecation in favor of v2?

Regards,


#2

Since both Stretch and Xenial are supported LTS releases of their respective distros, you will find that you can get the latest version of Certbot (and its libraries) on both, by using the provided repositories.

https://certbot.eff.org will show you how to set these up, and from there you can use the provided binding.

You should never find yourself in a situation where you’re on a supported distro but without a relatively up-to-date version of Certbot.

Otherwise you could also just manage the dependency yourself, rather than relying on distro. packages (such as what certbot-auto does).

Nope!


#3

Using third-party repositiories is quite complicated. Integrating them on a documentation for self-hosting people is a huge source of troubles and support…
And we have to maintain documentation for each distro we want to support, redirecting to certbot.eff.org and let the user in the wild is generally unefficient :cry: We have to port the official command on our own documentation, to allow user to simply copy/paste the documention for setup.
That’s why we try to use only Debian & Ubuntu official repositories, but they are quite old and begin to be source of trouble with ACME 0.20+ (which split to python-acme + python-josepy) only available on very recent (and not currently published for Bionic) distribution.


#4

Problem is the ppa:cerbot/certbot only provide python2 packages, while official distrib repositories provides python3 ones too :sob:


#5

The PPA recently switched to Python 3. It doesn’t provide Python 2 packages anymore.

Edit: Some of the Certbot packages are Python 3 only, but it looks like it builds both python-acme and python3-acme packages.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.