Update to API V2 with acmetool

Hello, I am using acmetool and today it returned an authorization error:

error satisfying Target(www.jcouncil.net;https://acme-v01.api.letsencrypt.org/directory;0): HTTP error: 403 Forbidden
map[Content-Type:[application/problem+json] Content-Length:[230] Boulder-Requester:[12753599] Cache-Control:[public, max-age=0, no-cache] Replay-Nonce:[0001S7F8SXRJelqgYMMK2fysmEAjXb28G5wl_8nHMGj5Kvw] Server:[nginx] Date:[Sun, 02 Aug 2020 19:56:32 GMT]]
{
"type": "urn:acme:error:unauthorized",
"detail": "Error creating new authz :: Validations for new domains are disabled in the V1 API (End of Life Plan for ACMEv1)",
"status": 403
}

I understand I have to update to API V2, how do I do that? I updated acmetool to a latest 0.0.67 version, but I still get the same error.

Hi @DanielaChris

I don't know how acmetool works. But check your config to find that url.

Change it to acme-v02. Or check, if you can set something like a server address with that new value.

The 0.0.67 release doesn’t support ACME v2. So far, you have to build the ACME v2 beta from source, because the project owner has not published binaries for it yet. See https://github.com/hlandau/acmetool/issues/322.

1 Like

Thanks. I seem to have found a migration guide for acmetool, but when I try to run quickstart connections times out and crushes. I don’t know yet where does acmetool keep its config files (I inherited this server from a person who is now out of reach), trying to figure that out.

Unfortunately I can’t build it myself because I don’t know how to do it, but there was a binary I could download. But I can’t configure it. When I try to run quickstart connections times out and crushes, I have the same issue on 0.0.59 and 0.0.67.

curl -m10 -v https://acme-v02.api.letsencrypt.org/directory

What’s the output when acmetool crashes?

Sorry, at the moment I was about to check, the second admin fixed it, for some reason he didn’t get this issue. So the problem must be on my side (it still is when I try to run it).
When I run quickstart, acmetool offers me to choose a server, then freezes, then connection times out and the text (‘choose a server’ etc) is looping endlessly. I use WinSCP 5.17.7.

If your acmetool doesn't support the v2, that can't work.

v1 / v2 are different protocols, not only different servers.

Switch to another client.

We already have, we downloaded a binary at the link _az posted above. It finally worked when another admin run it, it just doesn’t work on my side for some reason.

Did you give the curl command a try?

I did now, it doesn’t show any errors, just info about the certificates.
As I said the certificate is okay now, the site is accessible as usual, what concerns me is that I apparently won’t be able to configure acmetool myself if needed.

Aside from the tool itself, which I can't help with:
If you use built-in terminal of WinSCP, it will have problems with interactive terminal commands, i.e. those that ask for input in progress. This is written right between the command line and the output areas and in every terminal button tooltip, by the way.

To workaround this, you can for example get putty.exe from here:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

And use it as a separate command-line window. It can login completely separately from WinSCP, or be started from within WinSCP without need to reenter password (but it will not inherit working directory and just start in user's home folder). For the latter, in WinSCP go to top menu → Options → Preferences → Integration → Applications, point the path to putty.exe, enable passing the password if you'd like, start with Ctrl+P or from menu → Commands.

2 Likes

Thanks! I thought it might be the issue. When I’m using Putty, it works fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.