Getting error Acme client version is old but I just updated

I followed instruction on this page: https://certbot.eff.org/lets-encrypt/ubuntubionic-haproxy

I got rid of old certbot. and installed new using snap.

My domain is: admin.cloud.net

I ran this command:
certbot certonly --server https://acme-staging.api.letsencrypt.org/directory --webroot --webroot-path "/usr/share/apache2/default-site/" --keep-until-expiring --text -v --email yourname@example.com --agree-tos -d example.com

It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fa3230cd0>
Prep: True
Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fa3230cd0> and installer None
Plugins selected: Authenticator webroot, Installer None
Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org:443
https://acme-staging.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 704
Received response:
HTTP 200
Server: nginx
Date: Tue, 22 Dec 2020 20:34:02 GMT
Content-Type: application/json
Content-Length: 704
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: 0003ST__6At7ETKXhGyFEQ8-jkkCmPDwzHSpFUfMZYMswbw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "RpwB0QGD70U": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert"
}
Requesting fresh nonce
Sending HEAD request to https://acme-staging.api.letsencrypt.org/acme/new-reg.
https://acme-staging.api.letsencrypt.org:443 "HEAD /acme/new-reg HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Date: Tue, 22 Dec 2020 20:34:02 GMT
Content-Type: application/problem+json
Content-Length: 91
Connection: keep-alive
Allow: POST
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: 0003F7aQ76zoIJ0L5cZIcmqj71UcmjmApIXRdkvg9Z9-Gjg


Storing nonce: 0003F7aQ76zoIJ0L5cZIcmqj71UcmjmApIXRdkvg9Z9-Gjg
JWS payload:
b'{\n  "contact": [\n    "mailto:yourname@example.com"\n  ],\n  "resource": "new-reg"\n}'
Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-reg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInpxNVQ0cS1Icl93QTJ3ZWVjbnItTTlDZjlCSTZKSWhLS0xTTVBlTjdSSFdiVGJUaFNNN0VYUFZDZE5mU3cyQXIwa1l2YTQ4cHhseHZwRTRHLWRFY1FoRkZSSWRuS3RVQVNUUmFvdy1FZVJmQ0dvdU8xODYyTzhuNmdlNlBfV28ybW5sU2pnYU4wWURsSjZuc3hRQWc0SWpmeENSQ1RCZU91WGluMXY3WnM4LVpSV0tzSjN5bFNrcHE4RlROUkowbVJmVzRocDRienlsWUkxaFFLN3Jzek51QmFGVFNEcU1yclVNTlJ6dExNbzRIUHBya3VBdG9OeHl4ajZtUXk0bUxUbDlQcXFNWGpkLXpKZ1ZRMURyQ0pTV1p3ZWlocDlXSW1mTXhpN3RJUFhIV2VWN3NJS01tQWhWdENQb0h5VlhjWmFOV0ZFb0NST0RLVUFZX1VZcDc3USIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDAwM0Y3YVE3NnpvSUowTDVjWkljbXFqNzFVY21qbUFwSVhSZGt2ZzlaOS1HamcifQ",
  "signature": "xTMKNyd8W-1bt2qXiE8D1yC7ISWyvS_sn5R-5wMxSjxr3SvbFjN3zTGhzHhPM0Ww3r1nX3ejPR_F3M2yqbJk6mhy6wWbOqXUc8sLju2YT9sEgk4yFZffRXj1t1BbZAdG0UMblgjrSuOq58QD6PZicbKtdDJCvqf-zpzglwap3eFshXEPfxs9qPVHYHBDx8Gf9JYgp33CNzQYGKAWC1BS9d5TW_0aMlNqbWyfb6qrN7B-8wnhDeq9VC_hTLA50J6VkI__B_9mFNGRzy4LTRuH50gdrkCUyMe9kCQc6xYfAvcq5lGPhndWl6161XeKZ3XGfZZJOoBQxstsL6wwFgrfeg",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzp5b3VybmFtZUBleGFtcGxlLmNvbSIKICBdLAogICJyZXNvdXJjZSI6ICJuZXctcmVnIgp9"
}
https://acme-staging.api.letsencrypt.org:443 "POST /acme/new-reg HTTP/1.1" 403 280
Received response:
HTTP 403
Server: nginx
Date: Tue, 22 Dec 2020 20:34:03 GMT
Content-Type: application/problem+json
Content-Length: 280
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: 00040Zk2URShw-FwlYaWPfzsA42-O4bZ8TCvVNbhySBFSlI

{
  "type": "urn:acme:error:unauthorized",
  "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.",
  "status": 403
}
Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/794/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 1412, in main
    return config.func(config, plugins)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 1276, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 651, in _init_le_client
    acc, acme = _determine_account(config)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 568, in _determine_account
    acc, acme = client.register(
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/client.py", line 175, in register
    regr = perform_registration(acme, config, tos_cb)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/client.py", line 217, in perform_registration
    return acme.new_account_and_tos(newreg, tos_cb)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 852, in new_account_and_tos
    regr = self.client.register(regr)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 279, in register
    response = self._post(self.directory[new_reg], new_reg)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 97, in _post
    return self.net.post(*args, **kwargs)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 1201, in post
    return self._post_once(*args, **kwargs)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 1214, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 1072, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
An unexpected error occurred:
The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

My web server is (include version):
Apache 2.4.29
The operating system my web server runs on is (include version):
Ubuntu 18.04 bionic
My hosting provider, if applicable, is:
self hosted.
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
# certbot --version
certbot 1.10.1

1 Like

Use --dry-run instead of --server https://... if you want to test issuing a certificate.

That URL is the ACMEv1 staging server, which is deprecated, even if you have an up-to-date Certbot version.

If you want the ACMEv2 staging server, it's just --staging or --server https://acme-staging-v02.api.letsencrypt.org/directory.

3 Likes

Thank You, I tried --staging flag , but now I got this error:

   certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.cloud.net
   Type:   unauthorized
   Detail: Invalid response from
   http://admin.cloud.net/.well-known/acme-challenge/WWd4ejUNPhbr1L5m3G-i3NhK-oipg7lxjFnEsHlpDpg
   [92.46.17.190]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

but I have port 80 forwarded and website is accessible over the internet , only this resource WWd4ejUNPhbr1L5m3G-i3NhK-oipg7lxjFnEsHlpDpg is not found , why ? do I have to port forward ssh port as well ?

2 Likes

I am guessing admin.cloud.net is not your real domain?

According to the Certbot command you've used, you should be able to create this file:

/usr/share/apache2/default-site/.well-known/acme-challenge/test.txt

and access it via

http://admin.cloud.net/.well-known/acme-challenge/test.txt

If that's not the case, then you'll have to review and correct your Certbot command to match your webserver setup.

1 Like

Does that mean under my site web root .well-known and then acme-challenge folders needs to exist ?
yes I am not pasting the actual domain or ip here. sorry

No, the directories don't need to exist, Certbot will create them if necessary.

What matters is that http://admin.cloud.net/ actually serves its contents from /usr/share/apache2/default-site/.

The error you encountered suggests that this isn't the case.

1 Like

I got it, so I manually created directories thats it.
thank you very much (y)

sadly the production one didn't worked. this is the letsencrypt.log
2020-12-22 22:07:08,202:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2020-12-22 22:07:09,006:DEBUG:certbot._internal.main:certbot version: 1.10.1
2020-12-22 22:07:09,007:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-12-22 22:07:09,040:DEBUG:certbot._internal.log:Root logging level set at 10
2020-12-22 22:07:09,041:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-12-22 22:07:09,043:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2020-12-22 22:07:09,052:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f8939da90>
Prep: True
2020-12-22 22:07:09,053:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f8939da90> and installer None
2020-12-22 22:07:09,054:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-12-22 22:07:09,055:DEBUG:certbot._internal.account:Account loading problem
Traceback (most recent call last):
File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 218, in _load_for_server_path
with open(self._regr_path(account_dir_path)) as regr_file:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/regr.json'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 166, in _find_all_for_server_path
    accounts.append(self._load_for_server_path(account_id, server_path))
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 225, in _load_for_server_path
    raise errors.AccountStorageError(error)
certbot.errors.AccountStorageError: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/regr.json'
2020-12-22 22:07:09,058:DEBUG:certbot._internal.account:Account loading problem
Traceback (most recent call last):
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 218, in _load_for_server_path
    with open(self._regr_path(account_dir_path)) as regr_file:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/regr.json'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 166, in _find_all_for_server_path
    accounts.append(self._load_for_server_path(account_id, server_path))
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/account.py", line 225, in _load_for_server_path
    raise errors.AccountStorageError(error)
certbot.errors.AccountStorageError: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/regr.json'
2020-12-22 22:07:09,124:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/.
2020-12-22 22:07:09,128:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-12-22 22:07:09,653:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET / HTTP/1.1" 200 None
2020-12-22 22:07:09,658:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 22 Dec 2020 22:07:09 GMT
Content-Type: text/html
Last-Modified: Mon, 05 Oct 2020 22:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f7b9dfb-87e"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Encoding: gzip

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content=
  "width=device-width, initial-scale=1">

  <title>Boulder: The Let's Encrypt CA</title>
  <link href=
  "//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"
  rel="stylesheet" type="text/css">
  <link href=
  "//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
  rel="stylesheet" type="text/css">
</head>

<body>
  <div class="container-fluid">
    <div class="row">
      <div class="col-xs-6 text-right">
        <p style="font-size: 90px;">
        <i class="fa fa-barcode"></i></p>
      </div>

      <div class="col-xs-6 text-left">
        <h1>Boulder<br>
        <small>The Let's Encrypt CA</small></h1>
      </div>
    </div>

    <div class="row">
      <div class="col-xs-8 col-xs-offset-2 text-center">
        <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
        <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
        <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
      </div>
    </div>
    <div class="row">
      <div class="col-xs-4 col-xs-offset-2 text-center">
        <p><a href="https://letsencrypt.status.io" title="Twitter">
          <i class="fa fa-area-chart"></i>
          Service Status (letsencrypt.status.io)
        </a></p>
      </div>
      <div class="col-xs-4 text-center">
        <p><a href="https://twitter.com/letsencrypt" title="Twitter">
          <i class="fa fa-twitter"></i>
          Check with us on Twitter
        </a></p>
      </div>
    </div> <!-- row -->
  </div>


</body>
</html>

2020-12-22 22:07:09,660:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/794/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 1412, in main
    return config.func(config, plugins)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 1276, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 651, in _init_le_client
    acc, acme = _determine_account(config)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/main.py", line 568, in _determine_account
    acc, acme = client.register(
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/client.py", line 173, in register
    acme = acme_from_config_key(config, key)
  File "/snap/certbot/794/lib/python3.8/site-packages/certbot/_internal/client.py", line 43, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 831, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 1167, in get
    return self._check_response(
  File "/snap/certbot/794/lib/python3.8/site-packages/acme/client.py", line 1086, in _check_response
    raise errors.ClientError(
acme.errors.ClientError: Unexpected response Content-Type: text/html
2020-12-22 22:07:09,669:ERROR:certbot._internal.log:An unexpected error occurred:
2020-12-22 22:07:09,670:ERROR:certbot._internal.log:acme.errors.ClientError: Unexpected response Content-Type: text/html

where we see FileNotFound Error '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/regr.json'
the regr.json is inside .../diectory/c2ae64c0e17e1ee735e84d29ca3597d7/ but certbot is not considering thsi hash key !

I'm not sure, I need to see the "Arguments" log line which you removed.

1 Like

2020-12-22 22:07:09,007:DEBUG:certbot._internal.main:Arguments: ['--server', 'https://acme-v02.api.letsencrypt.org/', '--webroot', '--webroot-path', '/usr/share/apache2/default-site/', '--text', '-v', '--email', 'vitachaos@cloud.net', '--agree-tos', '-d', 'admin.cloud.net', '--preconfigured-renewal']

I did not added --preconfigured-renewal, dont know how it got added.

1 Like

You chopped off the /directory from the --server URL.

In general, you don't need to specify the server URL. Certbot will default to that server anyway.

--preconfigured-renewal is normal, don't worry about it.

1 Like

thank you again I copied server url from this page: https://certbot.eff.org/docs/using.html#changing-the-acme-server

I guess it needs updating.

4 Likes

You're right, I'll fix it:

By default, Certbot uses Let’s Encrypt’s production server at https://acme-v02.api.letsencrypt.org/.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.