Hello
will a new plugin version come out soon due to the change to ACMEv2?
Or can I also update Certbot manually? If yes how
Lets Entcrypt Plugin update from ACMEv1 to ACMEv2
-
I would also be interested to know.
Here is a mail I got from Let's Encrypt:
QuoteDisplay MoreAccording to our records, the software client you're using to get Let's
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol.
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice. You can view the
client list at: https://letsencrypt.org/docs/client-options/
-
-
At present, a quick and dirty solution that worked for me is as follows:
ONLY FOR PEOPLE WHO HAVE A VALID SUBSCRIPTION TO THE PLUGIN
1. Download the Let's Encrypt Plugin 3.5.0 on your Local Computer (from Plugin-Store)
2. Uncompress the tar.gz archive
3. Replace LetsEncrypt/bin/certbot-auto with https://raw.githubusercontent.…rtbot/v1.1.0/certbot-auto
4. Edit LetsEncrypt/info.php and change:
- version (for example 3.5.1)
- date (for example 2020-02-03)
- build (for example 2020020300)
5. Repackage the LetsEncrypt directory and his contents to LetsEncrypt.tar.gz (with 7zip create a tar and the with 7zip again create a gz)
6. Upload the new plugin as usual
Test what you did with:
If the result is 1.1.0 and not 0.26.1 you did it.
I only tested the Create certificate and the Revoke Certificate procedures. They worked with LE API v2. I didn't test the renewal yet.
Hope it helps,
bye Kess.
-
You don't need to download that stuff on your local machine, On the server you can use mc (Midnight Commander) to edit the contents of the archive.
-
-
Thank you both for providing a solution.
I have found an even easier way to work around this issue. (Certificate creation works, Please revoke and reissue each certificate to make sure renewal is also using ACMEv02)
The latest Let's Encrypt i-MSCP plugin is using certbot 0.26.1 which is already capable of using ACMEv2. But it is not used by default.
You can change that by uncommenting line 796 in /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm so it looks like this:
Please keep in mind, that this files gets overwritten, when reinstalling or updating the Let's Encrypt Plugin.
-
Hi!
Plugin is not working.
Plugin menu write:
Installing...
I start install 1.5 hours ago, but not finished.
What the problem? -
-
Perhaps, have a look at the logs ?
Or at the running processes in order to see if something is still happening ?
-
Display MoreThank you both for providing a solution.
I have found an even easier way to work around this issue. (Certificate creation tested, Renewal untested yet!)
The latest Let's Encrypt i-MSCP plugin is using certbot 0.26.1 which is already capable of using ACMEv2. But it is not used by default.
You can change that by uncommenting line 796 in /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm so it looks like this:
Please keep in mind, that this files gets overwritten, when reinstalling or updating the Let's Encrypt Plugin.
So I made your changes and deleted my ssl and saved it again.thanks you
-
-
Display More
Thank you both for providing a solution.
I have found an even easier way to work around this issue. (Certificate creation works, Please revoke and reissue each certificate to make sure renewal is also using ACMEv02)
The latest Let's Encrypt i-MSCP plugin is using certbot 0.26.1 which is already capable of using ACMEv2. But it is not used by default.
You can change that by uncommenting line 796 in /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm so it looks like this:
Please keep in mind, that this files gets overwritten, when reinstalling or updating the Let's Encrypt Plugin.
I have followed these instructions. It does not work for me. Today I got an email from Letsyencrypt again that I use ACME V1 to renew the certificate. After the setting, the certificate was deleted as described above and created again. In the file /etc/letsencrypt/renewal/my-domain.de something changed after the new creation. The line with server = https://acme-v02.api.letsencrypt.org/directory and a few others have been added. Who can help me here. 01.06.2020 is the death line
Display MoreCode- # renew_before_expiry = 30 days
- version = 0.10.2
- archive_dir = /etc/letsencrypt/archive/mydomain.de
- cert = /etc/letsencrypt/live/mydomain.de/cert.pem
- privkey = /etc/letsencrypt/live/mydomain.de/privkey.pem
- chain = /etc/letsencrypt/live/mydomain.de/chain.pem
- fullchain = /etc/letsencrypt/live/mydomain.de/fullchain.pem
- # Options used in the renewal process
- [renewalparams]
- account = XXXX My ACCOUNT XXXX
- server = https://acme-v02.api.letsencrypt.org/directory
- authenticator = webroot
- pref_challs = http-01,
- installer = None
- [[webroot_map]]
- mydomain.de = /var/www/imscp/gui/plugins/LetsEncrypt/acme
-
Thank you very much for all the information. I prefered creating an own package which worked fine with your information.
FYI what I did:
- Download the newest LetsEncrypt version.
- Extract all files
- Downloaded newest certbot-auto file from https://raw.githubusercontent.…rtbot/master/certbot-auto and replace it with LetsEncrypt/bin/certbot-auto
- Edit LetsEncrypt/backend/LetsEncrypt.pm (as described above, uncommented line #796 ('--server', 'https://acme-v02.api.letsencrypt.org/directory',)
- Edit Letsencrypt/info.php and updated version number, date and build
My tests:
- Create a subdomain and request certificate: Pass
- Test webpage with browser: Pass
- Revoke the certificate: Pass
By the way:
There is a configuration option called "certbot_version" inside the config.php which can be switched to "develop". If I read the code correct this is going to clone the newest certbot from github. So switching from "released" to "develop" there could also fix the ACMEv1 to ACMEv2. Untested / not tried as found too late!
-