Help thread for ACMEv1 EOL (June 2021) - Returned ACMEv1 is Deprecated Error Message

Starting June 1, 2021 attempts to issue certificates with ACMEv1 will be returned this error message:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

As we get closer to June 1st we will include some common client upgrade steps and links in this thread. If you can't find your client listed here, please search the forums for threads about upgrading your client to use ACMEv2, check the documentation on your ACME client’s repository, or ask your question here!

Unsure of what ACME client you use? Our amazing community can help get you on the right track to using ACMEv2, please ask for help in this thread as well.

8 Likes

(Note: this post is a wiki; anyone Trust Level 1 or higher on the forum can edit and improve it.)

A Bit of History

The current ACME standard is documented in RFC 8555. Information specific to Let's Encrypt can be found in the ACME Protocol Updates page of the documentation. If you're writing your own client, you may need to refer to those documents, but most people use a client that has already been written.

Certbot

If you use Certbot (as a lot of people do when managing their own servers), please see this thread for information on upgrading:

CPanel, LiveConfig, or other hosted solutions

If you don't have access to a shell for your web site (that is, you only have a web-based management interface such as CPanel or LiveConfig and can't SSH or otherwise run commands on your web server), and you can no longer get certificates due to getting an error that ACMEv1 is deprecated, your web hoster needs to upgrade the version of their management software.

(If you are the web hoster and need help upgrading your management software so that your users can continue using Let's Encrypt, please feel free to ask for help in this forum and we'll do what we can, but you may find working with the provider of your management software to be more helpful as they are probably more familiar with the details of upgrading.)

win-acme

(This software is also known as Windows ACME Simple or WACS, older versions were known as letsencrypt-win-simple or LEWS.)

You need to be on at least version 2 of win-acme to handle the current ACME standard. See its web site for information on upgrading and migration steps:

Certify The Web

Certify v3.x and lower must be upgraded. If you're seeing something like this:

Could not begin authorization for domain with Let's Encrypt: YourDomainNameHere

or any other error, you should download and install the latest version from https://certifytheweb.com/. If you need further assistance, you can ask in this community or in the dedicated support community for Certify The Web at https://community.certifytheweb.com/.

Selecting a New ACME Client

If you use a client or library that is no longer under development and thus doesn't have support for the current ACME standard, you need to change to using a different client or library that does. While there is a list of ACME clients from which to choose, you may benefit from asking for advice in this community about selecting a client that fits your needs. There may be other clients not listed that could work very well for you based on your circumstances. One should also keep in mind to make sure their new selection of an ACME Client also take into account Help thread for DST Root CA X3 expiration (September 2021) for a achieving the desired goal.

11 Likes

Au revoir, ACMEv1!

:wave:

6 Likes

As planned, we have disabled the ACMEv1 API and updated the ACMEv1 End of Life thread with this information.

If you have a certificate issued from the ACMEv1 API it will continue to work until it expires. Before it expires, you should update your clients to use ACMEv2. Please continue to use this thread to get help with upgrading a client to ACMEv2.

8 Likes

Yet the v1 staging environment is still available? Or am I misinterpreting the list on letsencrypt.status.io?

2 Likes

Staging ACMEv1 has been fully turned off since the end of March 2021. Today's maintenance didn't change that. We have not started the work to remove the remaining references for ACMEv1 in our external communications and website.

5 Likes

Is this the ACMEv1 staging environment indication?

4 Likes

I marked that planned maintenance as well, at least until we delete the element. Thanks for pointing it out!

5 Likes

Thanks much for that. I'm kindof a stickler for clear messaging. :grin:

6 Likes

I would suggest rephrasing the message from:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

to

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software or its settings to do so.

Some clients (Crypt-LE included) can use either version depending on the settings (and some might still want to use v1 with other custom CAs), so for those it might be about updating the settings (if they were explicitly set to v1 in the past for example, however unlikely that might be) rather than the software itself.

4 Likes

Could someone just say it straight what do I need to do in order to upgrade my ACMEv1 to v2 on Putty 0.75?

Putty is your SSH client to talk to your server. What you need to do depends on what software your server is running (not on the software you use to send commands to the server). There are a lot of possible ways a server could be set up, and a lot of possible ACME Clients that it could be using. There are instructions for many of the common ones linked in the second post of this thread, but if you don't know what software it's running then we probably don't either. :slight_smile: Hope that helps.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.