How to Upgrade ACMEv1 protocol to ACMEv2 compatible client

binumicrosoft · February 1, 2020, 7:13am

According to our records, the software client you’re using to get Let’s Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate in the past two weeks using the ACMEv1 protocol. Here are the details of one recent ACMEv1 request from each of your account(s):

WINDOWS IIS Server

Client IP address: 184.154.218.34

User agent: ACMEdotNET/0.9.1.0 (ACME 1.0)

Hostname(s): “remote.romartrans.com”,“remote.romartrans.com”

Request time: 2020-01-21 15:00:16 UTC

Beginning June 1, 2020, we will stop allowing new domains to validate using the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before then, or certificate issuance will fail.

_az · February 1, 2020, 7:21am

ACMESharp (https://github.com/ebekker/ACMESharp), your current client, does not support ACME v2 at all. You will need to migrate to a different one.

Do you know if you use ACMESharp via PowerShell, or as a client library? That will help guide what you need to do next.

There are other PowerShell clients available that support ACME v2, Posh-ACME is a notable one, and ACMESharpCore-PowerShell is another.

binumicrosoft · February 1, 2020, 7:44am

We are running Windows Server 2012R2 with IIS on it.
I used standard commands to Install Certificate in IIS. Using the .exe file
Please find the screen shot of the commands it ran when i selected the number to Install the certificate.

_az · February 1, 2020, 8:36am

Thanks for that screenshot.

Based on that, we know that you are using a client called win-acme.

Luckily, you can just upgrade to the latest version of win-acme and it will be compatible with ACME v2. See this issue for further details: https://github.com/PKISharp/win-acme/issues/1357

binumicrosoft · February 1, 2020, 2:57pm

Great,
Is there any process that needs to be followed ?
Do we need to uninstall the OLD version to install the new ? Kindly Guide.

binumicrosoft · February 4, 2020, 3:16am

Worked it out. Thank you _az , your reply helped me get things moving.

Its simple :
Download the latest version from : https://github.com/PKISharp/win-acme/releases
You may download 64 or 86 Bit

Once downloaded , extract the folder : win-acme.v2.1.3.671.x64.pluggable.zip
Once extracted run the wacs.exe file, it will launch CMD and will give you the options.
I would recommend the Manual process , you just need to follow the number that it shows default.
Please make sure to read the options clearly .
Once you BIND the cert to IIS , just make sure to go ahead and disable the OLD TASK from Task Scheduler and let the new TASK run.

Binu Kumar

system · March 5, 2020, 3:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.