I am on Ubuntu 16.04
certbot version= 0.31.0
I got an email from Letsencrypt telling me to upgrade from ACMEv1 to ACMEv2.
According to our records, the software client you’re using to get Let’s
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol. Here are the details of one
recent ACMEv1 request from each of your account(s):
Client IP address: x.x.x.x
User agent: CertbotACMEClient/0.31.0 (certbot; Ubuntu 16.04.6 LTS) Authenticator/apache Installer/apache (renew; flags: n) Py/3.5.2
Request time: 2020-03-03 03:17:38 UTC
Checking the log confirm this. here is a line from the log:
2020-03-03 04:17:30,472:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
I have tried to upgrade and I thought I had been success because when I do a dry-run it sais:
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
The question is, why is the dry run using v2 while the normal renewal uses v1.
The renewal uses the systemd timers and my certbot.service files looks like this:
ExecStart=/usr/bin/certbot -q renew
I have noticed that my config file in /etc/letsencrypt/xxxxxx.conf has a hard reference to v1:
server = https://acme-v01.api.letsencrypt.org/directory
Should I change or remove this?
I am lost, please help? Why is the dry-run result different from the renewal?
How do I set the renewal to use acmev2?