Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-20391

Upgrade Certbot to ACMEv2



    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: VM
    • Labels:
    • Project:


      We received the below message from Let's Encrypt and since I did not install Cerbot on the VM it's quite unclear to me how to upgrade Cerbot. Could you please help? TIA

      Update your client software to continue using Let's Encrypt

      According to our records, the software client you're using to get Let's
      Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
      in the past two weeks using the ACMEv1 protocol. Here are the details of one
      recent ACMEv1 request from each of your account(s):

      Client IP address:

      User agent: CertbotACMEClient/0.22.2 (certbot; Ubuntu 16.04.6 LTS) Authenticator/webroot Installer/None (renew; flags: n) Py/3.5.2

      Hostname(s): "try.freemarker.apache.org","try.freemarker.org"

      Request time: 2020-06-02 00:02:28 UTC

      Beginning June 1, 2020, we will stop allowing new domains to validate using
      the ACMEv1 protocol. There will be brown-outs throughout June, and new ACMEv1
      validations will be permanently disabled on July 2, 2020. The schedule is
      available at:

      You should upgrade to an ACMEv2 compatible client immediately, and use these
      production brown-outs to verify that your organization will not be affected.
      For most subscribers, simply upgrading to the latest version of your existing
      client will suffice. You can view the client list at:

      If you're unsure how your certificate is managed, get in touch with the
      person who installed the certificate for you. If you don't know who to
      contact, please view the help section in our community forum at
      https://community.letsencrypt.org/c/help and use the search bar to check if
      there's an existing solution for your question. If there isn't, please create
      a new topic and fill out the help template.

      ACMEv1 API deprecation details can be found in our community forum:

      As a reminder: In the future, Let's Encrypt will be performing multiple
      domain validation requests for each domain name when you issue a certificate.
      While you're working on migrating to ACMEv2, please check that your system
      configuration will not block validation requests made by new Let's Encrypt IP
      addresses, or block multiple matching requests. Per our FAQ
      (https://letsencrypt.org/docs/faq/), we don't publish a list of IP addresses
      we use to validate, and this list may change at any time.

      To receive more frequent updates, subscribe to our API Announcements:

      Thank you for joining us on our mission to create a more secure and privacy-
      respecting Web!

      All the best,

      Let's Encrypt




            • Assignee:
              jleroux Jacques Le Roux
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: