Which ACME version I'm using?

My domain is: matco.com.ar

My web server is (include version): Apache/2.4.25

The operating system my web server runs on is (include version): debian 9

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.25.0

Today I received an email suggesting me update my client software to continue using Let’s Encrypt

Here’s and extract:
According to our records, the software client you’re using to get Let’s Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate in the past two weeks using the ACMEv1 protocol. Here are the details of one recent ACMEv1 request from each of your account(s):

Client IP address: 144.217.89.13

User agent: CertbotACMEClient/0.25.0 (certbot; Debian GNU/Linux 9 (stretch)) Authenticator/webroot Installer/apache (renew; flags: n) Py/3.5.3

Now, how can I know which ACME version I’m actually using? I would like to know that before I perform an upgrade on my system so I can compare if I’m using v2 later on

1 Like
grep server /etc/letsencrypt/renewal/matco.com.ar.conf

The latest Certbot available on Debian Stretch is 0.28.0-1. You should upgrade it using apt.

In particular, 0.26.0 is when ACME v2 became the default server in Certbot. As you are on 0.25.0, you are missing that change.

2 Likes

returns nothing. Is there another way?

1 Like

That means it’s using ACME v1.

1 Like

just upgraded the system, certbot included (now 0.28) but everything is exactly as before

1 Like

If you’ve upgraded everything (pay special attention to make sure you’ve upgraded python3-acme in particular), then your next renewal should automatically use ACME v2.

So you should be all set.

There’s still a lot of time left before anything breaks for renewals, so if you receive another email like this in the future, you can investigate again, but I don’t think you will.

Do you mean that no server line appeared? That’s normal and OK - Certbot will default to ACME v2 next time, now that you’ve upgraded.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.