Got email telling me to update to ACME v2 despite recent certbot

Hi!

I recently received an email notifying me that the software client I’m using renewed at least one certificate in the past two weeks using the ACMEv1 protocol.

User agent: CertbotACMEClient/0.31.0 (certbot; Ubuntu 16.04.6 LTS) Authenticator/apache Installer/apache (renew; flags: n) Py/3.5.2
Request time: 2020-02-03 15:29:56 UTC

However, when running “certbot renew --dry-run -v”, I can see the following output:

Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org

… which seems to show that my version of certbot is using ACMEv2, right? And if that is the case, why did the actual renewal happen via v1? Is there anything I should do to avoid this?

My domain is: chroniquesgalactica.org
My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.6
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @aurelc2g

check your protocol you should find under

 /var/log/letsencrypt/letsencrypt.log

If there is an acme-01 - order, use the --server option to switch to v2.

I do indeed see acme-01 in the logs. How come the dry-run I just tried used v2, but the actual run used v1? Do I have to explicitly provide the --server option to force using v2? I had assumed that recent enough versions of certbot would automatically prefer v2.

I don't know, I've never used v1.

Additional: Check your config files, if there is a hard coded server = v1 ...

You may have an information in your config files you have to find and to change.