Error registering: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555
I am using Webmin and can not install a certificate, please, what to do?
Hi @DenisL
please read
We will be beginning brown-outs for new ACME v1 registrations for the production environment for the following dates of this year:
- October 10th to October 11th
- October 16th to October 18th
- October 31st onward
We will be permanently disabling new ACME v1 registrations in the production environment on October 31st .
So you can wait one day. But you should update your client. In three months, new registrations aren't possible.
1 Like
I will give you some Webmin specific advice, so you can hopefully proceed with your certificate request.
Basically, the bundled Let’s Encrypt client that comes with Webmin (acme-tiny), does not support the current version of the Let’s Encrypt API. Webmin dropped the ball and haven’t updated it.
However, there is a workaround. Webmin’s interface will use Certbot instead of acme-tiny, if you have Certbot installed and a Let’s Encrypt account registered.
First thing you need to do is visit https://certbot.eff.org/ and install Certbot according to suggested instructions for your operating system. Note: Select “None of the Above” for Server Software in the dropdown.
Once that’s installed, you need to run:
certbot register
At this point, you can try again to issue a certificate in the Webmin interface - it will use Certbot and hopefully succeed.
1 Like
This is new one server and installed webmin on it. So I will create new reg, or it is already when I install webmin on it? I am little bit confused, and just wanted to install ssl cetrificate
The latest version of Webmin comes with an outdated Let’s Encrypt client.
You need to install Certbot and perform the registration as I suggested.
Then Webmin’s SSL interface will work in the way you expect.
1 Like
I started install it and get this error:
[root@ ~]# sudo /usr/local/bin/certbot-auto certonly --standalone
Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
Get:1 http://mirrors.digitalocean.com/ubuntu xenial InRelease [247 kB]
Hit:2 http://mirrors.digitalocean.com/ubuntu xenial-updates InRelease
Hit:3 http://mirrors.digitalocean.com/ubuntu xenial-backports InRelease
Hit:4 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Hit:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease
Hit:7 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-xenial InRelease
Hit:8 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease
Fetched 356 kB in 0s (463 kB/s)
Reading package lists…
Reading package lists…
Building dependency tree…
Reading state information…
gcc is already the newest version (4:5.3.1-1ubuntu1).
gcc set to manually installed.
ca-certificates is already the newest version (20170717~16.04.2).
openssl is already the newest version (1.0.2g-1ubuntu4.15).
python is already the newest version (2.7.12-1~16.04).
python set to manually installed.
The following additional packages will be installed:
libexpat1-dev libpython-dev libpython2.7 libpython2.7-dev python-pip-whl
python-pkg-resources python2.7-dev python3-virtualenv zlib1g-dev
Suggested packages:
augeas-doc augeas-tools python-setuptools
Recommended packages:
libssl-doc
The following NEW packages will be installed:
augeas-lenses libaugeas0 libexpat1-dev libffi-dev libpython-dev libpython2.7
libpython2.7-dev libssl-dev python-dev python-pip-whl python-pkg-resources
python-virtualenv python2.7-dev python3-virtualenv virtualenv zlib1g-dev
0 upgraded, 16 newly installed, 0 to remove and 0 not upgraded.
Need to get 32.7 MB of archives.
After this operation, 57.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] Abort.
So, it self abort it, I have no chance to put Y or N
If you are using Ubuntu Xenial, then your installation instructions are here: https://certbot.eff.org/lets-encrypt/ubuntuxenial-other
You shouldn’t be using certbot-auto in that case.
Once it is installed, you don’t need to run --standalone, just certbot register.
[root@ ~]# certbot register sh: 1: certbot: not found
Did you run apt-get install certbot , from the instructions?
Did it succeed?
Yes, it stop it again
Do you want to continue? [Y/n] Abort.
That sounds like a problem with your SSH client. Are you using an HTML5 console, by any chance?
Anyway, I think you can work around this “Abort” problem by adding a -y, as in:
apt-get -y install certbotYea,,, thanks!! Now it works, and how to register it now?
Cool.
You can register using:
certbot register --email your@real.email.address --agree-tos
If that succeeds, try issue your certificate using Webmin user interface again.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Skipped user interaction because Certbot doesn’t appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Looks good to me. That should be the only thing you need to do.
Try Webmin again.
Ahhh, still not registred/installed
What does Webmin say?
DNS-based validation failed : Neither DNS zone mydomain or any of its sub-domains exist on this system
Okay.
That’s not a Let’s Encrypt error. That’s a Webmin error explaining that it doesn’t host the DNS for mydomain, so it can’t perform DNS validation for it.
If you know what directory mydomain is served from, you can choose the “webroot” option on that user interface, and specify the directory.
