Confirm ACME2 switch (how to)

We believe we’ve completed our upgrade to an ACME2 client, however we want a surefire guaranteed way to confirm that we’re not still accidentally using ACME1 under the hood.

After the upgrade, our new certbot version is…

$ certbot --version
certbot 0.31.0

We’ve already successfully created and installed certs with the new client. How can we confirm beyond the shadow of any doubt that we’re using ACME2 under the hood, not ACME1, and that we won’t be surprised and S.O.L. come June 1st?

There must be some quick command to check. I used the -v toggle and saw lines like the following:

Sending GET request to https://acme-v02.api.letsencrypt.org/directory.

So, I’m fairly confident we’re good to go, but I want absolute confidence.

Some of the usual info asked…

I ran this command:
certbot certonly --webroot --csr /path/to/my.csr -w /path/to/my/webroot -d domain1 -d domain2 (etc etc)

It produced this output:
the usual successful message about a successful cert

The operating system my web server runs on is (include version):
Ubuntu 18

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

1 Like

Note: I had expected to end up with a newer version than certbot 0.31.0. I believe 1.1.0 is out. I followed the instructions on https://certbot.eff.org/ exactly. If you see a major issue with using this version, please let me know, otherwise I’m continuing with this.

1 Like

Hi @lancedolan

check your log if there is an acme-v01.api... - order.

If not, the job is done.

1 Like

It is, but not necessarily in the repos just yet. You’d need to manually get it & install it.

2 Likes

It appears we’re good to go. Thank you for curing our paranoia!