Lets Entcrypt Plugin update from ACMEv1 to ACMEv2

  • Hello


    will a new plugin version come out soon due to the change to ACMEv2?

    Or can I also update Certbot manually? If yes how:?:

  • I would also be interested to know.

    Here is a mail I got from Let's Encrypt:


  • At present, a quick and dirty solution that worked for me is as follows:


    ONLY FOR PEOPLE WHO HAVE A VALID SUBSCRIPTION TO THE PLUGIN


    1. Download the Let's Encrypt Plugin 3.5.0 on your Local Computer (from Plugin-Store)

    2. Uncompress the tar.gz archive

    3. Replace LetsEncrypt/bin/certbot-auto with https://raw.githubusercontent.…rtbot/v1.1.0/certbot-auto

    4. Edit LetsEncrypt/info.php and change:

    - version (for example 3.5.1)

    - date (for example 2020-02-03)

    - build (for example 2020020300)

    5. Repackage the LetsEncrypt directory and his contents to LetsEncrypt.tar.gz (with 7zip create a tar and the with 7zip again create a gz)

    6. Upload the new plugin as usual


    Test what you did with:

    Code
    1. /opt/eff.org/certbot/venv/bin/certbot --version

    If the result is 1.1.0 and not 0.26.1 you did it.


    I only tested the Create certificate and the Revoke Certificate procedures. They worked with LE API v2. I didn't test the renewal yet.


    Hope it helps,

    bye Kess.

  • You don't need to download that stuff on your local machine, On the server you can use mc (Midnight Commander) to edit the contents of the archive.

  • Thank you both for providing a solution.


    I have found an even easier way to work around this issue. (Certificate creation works, Please revoke and reissue each certificate to make sure renewal is also using ACMEv02)

    The latest Let's Encrypt i-MSCP plugin is using certbot 0.26.1 which is already capable of using ACMEv2. But it is not used by default.

    You can change that by uncommenting line 796 in /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm so it looks like this:


    Code
    1. '--server', 'https://acme-v02.api.letsencrypt.org/directory',


    Please keep in mind, that this files gets overwritten, when reinstalling or updating the Let's Encrypt Plugin.

    Edited 3 times, last by Vringe: Update testing status ().

  • Hi!



    Plugin is not working.

    Plugin menu write:

    Installing...



    I start install 1.5 hours ago, but not finished.



    What the problem?

  • So I made your changes and deleted my ssl and saved it again.thanks you

    my System :



    - Distribution: Debian | Release: 9.8 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.2.1), Mailgraph (v 1.1.1), OpenDKIM (v 1.1.3), PanelRedirect (v 1.1.5) & SpamAssassin (v 1.1.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 4.0.1), RoundcubePlugins (v 2.0.1)

  • I have followed these instructions. It does not work for me. Today I got an email from Letsyencrypt again that I use ACME V1 to renew the certificate. After the setting, the certificate was deleted as described above and created again. In the file /etc/letsencrypt/renewal/my-domain.de something changed after the new creation. The line with server = https://acme-v02.api.letsencrypt.org/directory and a few others have been added. Who can help me here. 01.06.2020 is the death line :-(





  • Thank you very much for all the information. I prefered creating an own package which worked fine with your information.


    FYI what I did:

    1. Download the newest LetsEncrypt version.
    2. Extract all files
    3. Downloaded newest certbot-auto file from https://raw.githubusercontent.…rtbot/master/certbot-auto and replace it with LetsEncrypt/bin/certbot-auto
    4. Edit LetsEncrypt/backend/LetsEncrypt.pm (as described above, uncommented line #796 ('--server', 'https://acme-v02.api.letsencrypt.org/directory',)
    5. Edit Letsencrypt/info.php and updated version number, date and build


    My tests:

    • Create a subdomain and request certificate: Pass
    • Test webpage with browser: Pass
    • Revoke the certificate: Pass

    By the way:

    There is a configuration option called "certbot_version" inside the config.php which can be switched to "develop". If I read the code correct this is going to clone the newest certbot from github. So switching from "released" to "develop" there could also fix the ACMEv1 to ACMEv2. Untested / not tried as found too late!

    Edited 3 times, last by UncleSam ().