on June 1 2021 ACMEv1 is end of life.
I understand from that day on you will be no longer able to create/renew certificates.
Does this also mean the existing certificates will no longer work starting from June 1?
(I renewed all my certificates and hope they will continue to work for 3 more months)
No, it's just an issuance issue, existing certificates are not affected.
thanks for quick reply.
I have problems updating my system, certbot,...
So the certificates I now have created with ACMEv1 will keep working for 3 more months.
Which is great, and gives me more time.
Keep up the good work!
Feel free to open a new thread about your certbot updating issues if applicable and if you require assistance
There's also more information on the end-of-life in this thread:
And information on updating certbot specifically in this thread:
Also check out alternatives like 'acme.sh' which may be useful if you have a problem with certbot.
I'm moving my certificates (generated with ACMEv1) from an old server to a new server where I have ACMEv2.
I copied my certificates + the /etc/letsencrypt/renewal/mydomain.conf file
Now when running: cerbot renew
I get this message:
/etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/fhfgh022b0afggf2e544ca6ec does not exist.
So certbot is still trying to find "acme-v01"
On my new location I have this folder:
I suppose if I throw existing certificates and renewel-config away and generate a new certificate it will be okay.
But I would like to avoid this.
Is there a solution ?
Someone will likely have a better answer but...
in each renewal file you will see two lines like this:
account = xxxxx
As a last resort, you should be able to just edit the file and update it with the info for the acme-v2 key. There is likely a way to automate this though, and someone more familiar with the current Certbot commands can help you with that.
I'm not sure if there's code in Certbot that would do this in the case where you copied the certificate from one machine to another. (There is some update code but it seems like it's not applicable in this scenario.) I would suggest manually editing the file and changing the
account reference, just as @jvanasco suggested.
Certbot should be happy to use a different account for renewals if you edit this to refer to an ACMEv2 account whose credentials are present on the new machine. You will also need to update the
server line in the renewalparams suction renewal configuration file, to
server = https://acme-v02.api.letsencrypt.org/directory
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.