Search code examples
apacheubuntucertbotacme.sh

Certbot - Update your client software to continue using Let's Encrypt - Update ACME v1 to v2 in Ubuntu 14.04

I've receive an email from [email protected] with the subject "Update your client software to continue using Let's Encrypt"

I'm using Ubuntu 14.04.05 LTS in the servers where I host my https sites, Certbot is 0.22.2+1+ubuntu

That's the latest version in my repositories.

I've tried to renew a domain forcing to use the ACME v2 server, following this documentation https://certbot.eff.org/docs/using.html?highlight=acmev2#changing-the-acme-server adding "--server https://acme-v02.api.letsencrypt.org/directory" to the renew command but it doesn't worked.

Now I'm stuck and requesting some help.

Thanks for reading and for your help.

Solution

  • Update:

    Solution 1 :

    You can try these 5 steps. See if this works:

    sudo apt update
sudo apt install --only-upgrade certbot
sudo certbot update_account
certbot renew --dry-run

    I got to know about them from Digital Ocean Community: https://www.digitalocean.com/community/questions/let-s-encrypt-acmev1-protocol-you-should-upgrade-to-an-acmev2

    Solution 2:

    As you already mentioned ppa:certbot/certbot doesn't have the latest version of certbot.

    certbot official website provides all the instructions related to certbot:

    https://certbot.eff.org/all-instructions/

    You have to select "Nginx on Ubuntu (other)", which will lead you to this page:

    https://certbot.eff.org/lets-encrypt/ubuntuother-nginx.html

    This page tells you to execute these statements:

    Step 1: Install certbot-auto:

    wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

    Step 2: configure nginx :

    sudo /usr/local/bin/certbot-auto --nginx

    This step will ask you:

    1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

    Here you can enter '1'

    Then it asks:

    Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

    You can choose whatever your requirements are.

    Step 3: Setup a cron job to auto renew:

    echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

    Disclaimer: Above method worked worked for me. YMMV!

    Please mention in comment if this solution worked for you or not. Also let me know if anything better comes up. Enjoy!