Ubuntu 16.06 Xenial Certbot Still Using Acmev1 (last package version is certbot version 0.31.0)?

bmw · May 19, 2020, 5:08pm

What I suspect happened here is:

The server at 2a01:4f8:150:1229::2 has the same account under /etc/letsencrypt/accounts as your other server as well as a certificate for the exact same domains.
Something is configured on the server at 2a01:4f8:150:1229::2 to automatically run certbot renew. This may be your own scripts, however, I think it is (also) probably the systemd timer included in the Certbot .deb package.
The server at 2a01:4f8:150:1229::2 made use of authz reuse to issue a certificate for those domains despite not being able to prove control of that domain itself.
The server at 2a01:4f8:150:1229::2 used the ACMEv1 endpoint due to the problem described above.

To fix the issue, if the server is not in use, I’d either:

Use sudo certbot delete to delete the certificate so the default systemd timer in the Certbot package won’t try to renew it anymore.
Uninstall the certbot package and optionally delete /etc/letsencrypt to remove all account and certificate information from the server.

Topic		Replies	Views
Troubleshooting a Certbot installation that continues to use ACMEv1 Client dev	4	8235	February 27, 2021
ACMEv1 notice after upgrading Certbot Help	14	981	August 2, 2020
Acmev1 deprecated and certbot unavailable Help	10	1913	August 21, 2021
Certbot is down after trying to upgrade using apt-get install --only-upgrade certbot Help	6	1276	February 7, 2021
Certbot upgrade to support ACMEv2 Help	34	26415	February 15, 2020