Using getssl (Acme v1 vs v2)

Help
1

I have been getting warning emails about how I have been using a Acme v1 client and that that protocol (V1) is being deprecated. Then I would check and my client was using the “-u” switch which automatically upgrades the client. So I was confused. I finally took some time to look at this and I found that the getssl client will work for either Acme v1 or v2.

This is what I believe is key:
The original documentation and examples have this line in the getssl.cfg :
CA=“https://acme-v01.api.letsencrypt.org

I have changed that line to:
CA=“https://acme-v02.api.letsencrypt.org
and it has worked although I can’t tell whether or not this will stop the emails from Lets Encrypt

Fingers crossed. :slight_smile:
If anyone associated with getssl would care to comment that would be helpful.

2

Hi @sdevine

that should be enough. I don't know how that client works. But if you update the v01 to v02, you use the ACME-v2 version.

Perhaps check your next log (if one exists). There you should see a v02 - order url.

3

Hi @sdevine

I’m one of the maintainers of getssl and can confirm that updating the CA line in getssl.cfg is all you need to do to use v02

4

Yayyyy - thanks for the confirm. I don’t want to step on toes - but does the current documentation / example use the v02 url? Or explain it for slower folk like myself?

5

Good point - for new accounts it defaults to v02 but the documentation doesn’t mention how to upgrade from v01 to v02 for existing accounts. I’ll add something to the documentation explaining how to do it.