How to confirm that upgrade to ACMEv2 successful?

Hi there,

After the recent deadline to upgrade to ACMEv2 how can I be assured that I have upgraded successfully?

OS: Ubuntu 14.04.1
Webserver: Apache
Certbot: certbot 0.25.0

My process was to remove the existing certs using certbot delete MYDOMAIN and then re-run the cert command.

After running certbot renew --dry-run I get the following error:
Attempting to renew cert (MYDOMAIN) from /etc/letsencrypt/renewal/MYDOMAIN.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.

I can’t seem to upgrade certbot beyond 0.25.0 (running apt-get install certbot just tells me I am running latest).

Thanks in advance.

Well, you are using ACMEv2.

The problem is that Certbot 0.25.0 and the ACMEv2 API are not compatible, so you get the “Method not allowed” error.

You need to upgrade to a newer version of Certbot.

The best way to do that would be to upgrade to a newer version of Ubuntu.

1 Like

Thanks for responding so quickly.

The site looks to be up and serving the SSL cert correctly. What are the likely issues I will face (i.e. will these certs renew) and how long do I have before this becomes an issue?

Could I use another tool for the job such as acme.sh? As I understand it, my issue is that Ubuntu 14.04 is no longer supported by the latest version of certbot.

I know I should feel the rath of dev ops but realistically I am not able to upgrade Ubuntu immediately. Am I covered in the interim whilst I explore upgrading in the near future?

You won’t be able to renew. So you’ll be in the biggest trouble whenever your certificates start to expire.

(Certbot will start trying to renew your certificates 30 days before they expire, so it will be sending wasteful, unsuccessful requests to the Let’s Encrypt API starting then.)

Exactly. Yes, you can switch to another ACME client. (As far as I know, acme.sh is still compatible with Ubuntu 14.04, though I don’t know if it’s tested or guaranteed to remain compatible with EOL Ubuntu releases.)

Yes.

1 Like

Looks like I need to prioritize finding an alternative ACME client and then port this box over to Ubuntu 20.04 LTS.

Thanks for your help, much appreciated.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.