End of life ACMEv1

natanv · May 27, 2021, 11:41am

Dear Community,

on June 1 2021 ACMEv1 is end of life.

I understand from that day on you will be no longer able to create/renew certificates.
Does this also mean the existing certificates will no longer work starting from June 1?

(I renewed all my certificates and hope they will continue to work for 3 more months)

Thanks,
Natan

Osiris · May 27, 2021, 11:49am

No, it's just an issuance issue, existing certificates are not affected.

natanv · May 27, 2021, 12:50pm

thanks for quick reply.
I have problems updating my system, certbot,...
So the certificates I now have created with ACMEv1 will keep working for 3 more months.
Which is great, and gives me more time.

Keep up the good work!

Natan

Osiris · May 27, 2021, 1:00pm

Feel free to open a new thread about your certbot updating issues if applicable and if you require assistance

petercooperjr · May 27, 2021, 1:13pm

There's also more information on the end-of-life in this thread:

And information on updating certbot specifically in this thread:

webprofusion · May 27, 2021, 2:39pm

Also check out alternatives like 'acme.sh' which may be useful if you have a problem with certbot.

natanv · June 1, 2021, 6:42pm

Dear Community,

I'm moving my certificates (generated with ACMEv1) from an old server to a new server where I have ACMEv2.

I copied my certificates + the /etc/letsencrypt/renewal/mydomain.conf file

Now when running: cerbot renew
I get this message:
/etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/fhfgh022b0afggf2e544ca6ec does not exist.

So certbot is still trying to find "acme-v01"

On my new location I have this folder:
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/...

I suppose if I throw existing certificates and renewel-config away and generate a new certificate it will be okay.
But I would like to avoid this.

Is there a solution ?

Kind regards,
Natan

jvanasco · June 1, 2021, 6:52pm

Someone will likely have a better answer but...

in each renewal file you will see two lines like this:

[renewalparams]
account = xxxxx

As a last resort, you should be able to just edit the file and update it with the info for the acme-v2 key. There is likely a way to automate this though, and someone more familiar with the current Certbot commands can help you with that.

schoen · June 1, 2021, 10:23pm

I'm not sure if there's code in Certbot that would do this in the case where you copied the certificate from one machine to another. (There is some update code but it seems like it's not applicable in this scenario.) I would suggest manually editing the file and changing the account reference, just as @jvanasco suggested.

Certbot should be happy to use a different account for renewals if you edit this to refer to an ACMEv2 account whose credentials are present on the new machine. You will also need to update the server line in the renewalparams suction renewal configuration file, to

server = https://acme-v02.api.letsencrypt.org/directory

system · July 1, 2021, 10:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.