Confirm ACME2 switch (how to)

lancedolan · February 12, 2020, 5:45pm

We believe we've completed our upgrade to an ACME2 client, however we want a surefire guaranteed way to confirm that we're not still accidentally using ACME1 under the hood.

After the upgrade, our new certbot version is...

$ certbot --version
certbot 0.31.0

We've already successfully created and installed certs with the new client. How can we confirm beyond the shadow of any doubt that we're using ACME2 under the hood, not ACME1, and that we won't be surprised and S.O.L. come June 1st?

There must be some quick command to check. I used the -v toggle and saw lines like the following:

Sending GET request to https://acme-v02.api.letsencrypt.org/directory.

So, I'm fairly confident we're good to go, but I want absolute confidence.

Some of the usual info asked....

I ran this command:
certbot certonly --webroot --csr /path/to/my.csr -w /path/to/my/webroot -d domain1 -d domain2 (etc etc)

It produced this output:
the usual successful message about a successful cert

The operating system my web server runs on is (include version):
Ubuntu 18

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

lancedolan · February 12, 2020, 5:49pm

Note: I had expected to end up with a newer version than certbot 0.31.0. I believe 1.1.0 is out. I followed the instructions on https://certbot.eff.org/ exactly. If you see a major issue with using this version, please let me know, otherwise I’m continuing with this.

JuergenAuer · February 12, 2020, 6:54pm

Hi @lancedolan

check your log if there is an acme-v01.api... - order.

If not, the job is done.

ZetaRevan · February 13, 2020, 4:16am

It is, but not necessarily in the repos just yet. You'd need to manually get it & install it.

lancedolan · February 13, 2020, 4:05pm

It appears we’re good to go. Thank you for curing our paranoia!

system · March 14, 2020, 4:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.