Installing Certificates for Let's Encrypt using ACME on Azure

Hi.

My Company is using Let’s Encrypt for Certificates on App Services in Azure.

Today I received the following message, when I tried to renew one of our sites certificates:

“detail”: “Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,

So, my question is simple. What do I do in order to renew my Let’s Encrypt Certificates ?

There are numerous suggestions on the internet, but none specifically point to Azure.

Regards

Guttorm Haaversen
Go Mobile AS
Kristiansand
Norway

Hi @Guttorm

you have two options:

  • Change your setup, so you can use an existing account instead of creating a new account (or, better)
  • switch to an APIv2 - client

Check

to find one.

1 Like

ACME v1 account registrations seem to be disabled only on staging (acme-staging.api.letsencrypt.org) as part of a brown-out period:

I'm not sure why the Azure ACME client would be using the staging environment for live certificates.

I'm not sure whether GitHub - sjkp/letsencrypt-siteextension: Azure Web App Site Extension for easy installation and configuration of Let's Encrypt issued SSL certifcates for custom domain names. (which I guess you are using) supports ACMEv2 or not. It seems to - maybe you need to upgrade the extension or the configuration you are using somehow?

1 Like

Hi. I have resolved this now. The first three sites worked out fine this morning.
The remaining three failed. But when I ticked, restart site, the renewal was ok.
I am not sure why.

It seems that I upgraded to ACME 2 (see video: https://www.youtube.com/watch?v=C6V_mBo-gnE) in Juni when I last renewed Let’s Encrypt. I was not aware that that’s what I did in june !

Try it. I've never used that client (and never used Acme.v1, started with v2), so I don't know how that works.

And the normal setup shouldn't create new accounts. Create one account and use that permanent.

Also, if you need to change the client, this one is not yet on the list: https://github.com/letsencrypt/website/pull/631/files

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.