Get certificate and renew not working

I ran this command:

It produced this output:

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Lets proxy

I use lets-proxy to automatically get and renew certificates. This has worked perfectly for a number of years. All of a sudden since 14th July both new certificates and renewals are failing.

I did see there were some issues in a let’s encrypt release on the same day. Could this be a coincidence or had this created the problem?

Any info/help would be greatly appreciated.

Hi @brandymedia

you may have used ACME-v1.

That’s deprecated. Switch to an updated client with ACME-v2 - support.

Thanks for reply. When was acme v1 depreciated as I have a certificate renewal on 14th July just nothing after?

Is it just new domains that will stop or will renewals no longer work either?

If the issue is related to ACMEv1 (which we could probably confirm if you could share the exact log output from the ACME client) then the deprecation schedule is described here:

(The plan was announced in March 2019, with a series of stages to discourage the use of ACMEv1 leading up to its complete discontinuation in what’s now scheduled for June 2021.)

Thanks for your input.

The error code is as follows:

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56885: Can’t obtain acme certificate

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56884: Domain temporary skipped

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56891: Domain temporary skipped

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56892: Domain temporary skipped

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56897: Domain temporary skipped

Jul 16 21:41:33 m-ifapo-s01 lets-proxy[16941]: 2020/07/16 21:41:33 http: TLS handshake error from 82.4.182.114:56898: Domain temporary skipped

Do you know what service that is? It looks like the error is coming from one piece of software that you use, talking to another piece of software that you use. Perhaps there’s a different log file?

The service is lets-proxy it’s a reverse proxy written in golang that uses lets encrypt for certificates.

It’s been working perfectly, automatically getting and renewing certificates for several years. The last one renewed was the 14th July and now it won’t work.

I read about some issue on the 14th at lets encrypt which lead me here.

Then acme vs1 depreciation was mentioned so I assumed that to be the problem unless it’s just a coincidence.

I think that is indeed the problem. Looking at the source code of lets-proxy, it’s definitely an ACMEv1-only client. The project is archived and there’s no transition strategy to ACMEv2.

It does seem like that is the problem.

It looks like there is a new version of the project:

I’ll take a look at that.

Thanks for your help.

2 Likes

Oh, that’s great. I did not see the link to the new project.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.