I’m trying to migrate certbot to acme-v2 for standalone mode running behind HA-Proxy for auto-renewal Ha-Proxy certs.
After upgrading (using apt ppa) I’m running this certbot version:
With acme-v1 renewal still works. Currently my cli.ini (/etc/letsencrypt/cli.ini) is pointing to ‘server = https://acme-v01.api.letsencrypt.org/directory’. It doesn’t seem to work upgrading it to ‘server = https://acme-v02.api.letsencrypt.org/directory’.
With acme-v1 I noticed this new warnings (but still works):
Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/my-domain.de.conf with version 0.10.2 of Certbot. This might not work.
(does produce new certs and works anyway)
Trying to run without 'server = ’ in cli.conf the upgraded client still uses acme-v1. Replacing with acme-v2 URL it doesn’t seem to work at all saying:
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert from /etc/letsencrypt/renewal/gitlab.typoworx.de.conf produced an unexpected error: ‘Directory field not found’. Skipping.
(producing no new cert at all)
I did not found a migration guide yet. So what’s wrong here? Is the given version too old and there’s no version for Ubuntu Xenial supporting Acme2 or how can I get this work?
I should say that I’m nut ‘simply’ running certbot --standalone, but also some deploy-hook workflow for Ha-Proxy (prepare PEM-file for Ha-Proxy and softly restart Ha-Proxy afterwards).
Is this also possible with acme.sh if I would have to migrate to this solution?