Debian 10 (buster) - HOWTO use mod_md after ACMEv1 deactivation

This post is for those using Debian 10 (buster) with mod_md and getting:

Errors:

(13)Permission denied: acme problem urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

Unable to understand ACME server response. Wrong ACME protocol version?

(22)Invalid argument: CA url for example.com invalid (missing uri scheme): accepted

Solution:

First, check the latest version of apache2 offered in Debian 10 (buster) here. If the version is 2.4.40 or newer, upgrade your apache2 installation using the standard Debian commands. You do not need to use buster-backports in this case. If the latest version offered is below 2.4.40, such as 2.4.38, then proceed:

Use apache2 from buster-backports

deb https://deb.debian.org/debian buster-backports main

apt-get -t buster-backports install apache2

Explanation:

As of this writing (November 2019), Debian 10 (buster) has apache2 version 2.4.38-3+deb10u3, which includes mod_md version 1.1.17, which only supports ACMEv1. Apache 2.4.40 was the first to include an ACMEv2-compatible version of mod_md. The apache2 package in buster-backports is based on Apache 2.4.41. Therefore, by adding buster-backports to your /etc/apt/sources.list and installing apache2 using the instructions above, you will be installing an ACMEv2-compatible version of mod_md.

I expect that Debian will soon update the version of apache2 included in buster to 2.4.41. Therefore if you are reading this message some time after it was posted, you should first make sure you have the latest version of apache2 installed. The buster-backports workaround will not be necessary after the Apache version in buster has been updated to 2.4.40 or newer.

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.