11

I've receive an email from noreply@letsencrypt.org with the subject "Update your client software to continue using Let's Encrypt"

I'm using Ubuntu 14.04.05 LTS in the servers where I host my https sites, Certbot is 0.22.2+1+ubuntu

That's the latest version in my repositories.

I've tried to renew a domain forcing to use the ACME v2 server, following this documentation https://certbot.eff.org/docs/using.html?highlight=acmev2#changing-the-acme-server adding "--server https://acme-v02.api.letsencrypt.org/directory" to the renew command but it doesn't worked.

Now I'm stuck and requesting some help.

Thanks for reading and for your help.

reverendocabron
  • 189
  • 1
  • 10
  • Did you find any solution? One thing I noticed is if I wget certbot-auto and install it, dry-run is successful, but it seems cron-job still points to old certbot client. – user18853 Feb 04 '20 at 05:34

1 Answers1

7

Update:

Solution 1 :

You can try these 5 steps. See if this works:

sudo apt update
sudo apt install --only-upgrade certbot
sudo certbot update_account
certbot renew --dry-run

I got to know about them from Digital Ocean Community: https://www.digitalocean.com/community/questions/let-s-encrypt-acmev1-protocol-you-should-upgrade-to-an-acmev2

Solution 2:

As you already mentioned ppa:certbot/certbot doesn't have the latest version of certbot.

certbot official website provides all the instructions related to certbot:

https://certbot.eff.org/all-instructions/

You have to select "Nginx on Ubuntu (other)", which will lead you to this page:

https://certbot.eff.org/lets-encrypt/ubuntuother-nginx.html

This page tells you to execute these statements:

Step 1: Install certbot-auto:

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Step 2: configure nginx :

sudo /usr/local/bin/certbot-auto --nginx

This step will ask you:

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Here you can enter '1'

Then it asks:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

You can choose whatever your requirements are.

Step 3: Setup a cron job to auto renew:

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

Disclaimer: Above method worked worked for me. YMMV!

Please mention in comment if this solution worked for you or not. Also let me know if anything better comes up. Enjoy!

user18853
  • 2,771
  • 1
  • 21
  • 17
  • Hi @user18853 I've tested the method and worked flawless. I can only say "THANK YOU" you really save my day, I really appreciate your help. – reverendocabron May 06 '20 at 07:52
  • 1
    Which `certbot` version is it that supports ACMEv2? I could update to `1.4` by executing `pip install certbot --upgrade` but is it sufficient? – TNT May 20 '20 at 19:51
  • @TNT I am not sure, but can you try "certbot renew". See if that throws any error or warning. If it still has the issue, you can follow the steps mentioned above. – user18853 May 22 '20 at 05:57