Hi
Here is a mail I just received after renewing my certificat:
Client IP address: <my IP>
User agent:
Hostname(s): "<my domain>"
Request time: 2020-02-16 ....UTC
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice. You can view the
client list at: https://letsencrypt.org/docs/client-options/
If you're unsure how your certificate is managed, get in touch with the
person who installed the certificate for you. If you don't know who to
contact, please view the help section in our community forum at
https://community.letsencrypt.org/c/help and use the search bar to check if
there's an existing solution for your question. If there isn't, please create
a new topic and fill out the help template.
ACMEv1 API deprecation details can be found in our community forum:
https://community.letsencrypt.org/t/end ... for-acmev1
As a reminder: In the future, Let's Encrypt will be performing multiple
domain validation requests for each domain name when you issue a certificate.
While you're working on migrating to ACMEv2, please check that your system
configuration will not block validation requests made by new Let's Encrypt IP
addresses, or block multiple matching requests. Per our FAQ
(https://letsencrypt.org/docs/faq/), we don't publish a list of IP addresses
we use to validate, and this list may change at any time.
To receive more frequent updates, subscribe to our API Announcements:
https://community.letsencrypt.org/t/abo ... s-category
Thank you for joining us on our mission to create a more secure and privacy-
respecting Web!
All the best,
Let's Encrypt
Let's Encrypt ACME client outdated by letsencrypt
-
- Posts: 395
- youtube meble na wymiar Warszawa
- Joined: Tue Aug 25, 2015 9:23 pm
- orion
- Posts: 3485
- Joined: Wed May 29, 2013 11:09 am
Re: Let's Encrypt ACME client outdated by letsencrypt
I thought NAS uses cerbot, but it seems not?? You'd better to report it to asustor directly too.
-
- Posts: 19
- Joined: Mon Feb 06, 2017 11:37 pm
Re: Let's Encrypt ACME client outdated by letsencrypt
I get a failure message from this now. "Unable to apply settings. Please try again. (Ref. 5401)"
I wonder if the challenge fails because of the odd port number being used. (not 80/443)
I wonder if the challenge fails because of the odd port number being used. (not 80/443)
- orion
- Posts: 3485
- Joined: Wed May 29, 2013 11:09 am
Re: Let's Encrypt ACME client outdated by letsencrypt
I guess that's a different story from OP. And, yes, you'll need to let port 80 open for your web site (letsencypt requirement). https://www.asustor.com/en/online/Colle ... ?topic=324RainCaster wrote:I get a failure message from this now. "Unable to apply settings. Please try again. (Ref. 5401)"
I wonder if the challenge fails because of the odd port number being used. (not 80/443)
-
- Posts: 52
- Joined: Wed Feb 01, 2017 1:34 am
- Location: Amsterdam
Re: Let's Encrypt ACME client outdated by letsencrypt
I see in the release notes that 3.4.6.RCO3 (released on 2019-12-25) should have introduced ACMEv2. I've been running 3.4.7.RFO2 for over 5 weeks now, but I recently got an email from Let's Encrypt saying that ACMEv1 was used on 2020-04-29 to renew my certs.
I see a crontab entry for root on my AS5104T that is executing this daily at midnight:
Anyone figure out how this client works? I looked at the binary, and it reads the file /usr/builtin/etc/certificate/certificate.json, which seems to show that my Let's Encrypt cert is type 2, but I really dont know if that has anything to do with ACMEv1 vs ACMEv2.
I see a crontab entry for root on my AS5104T that is executing this daily at midnight:
Code: Select all
0 0 * * * TAG=CERTIFICATE /usr/builtin/bin/certificate update-cert
-
- Posts: 395
- Joined: Tue Aug 25, 2015 9:23 pm
Re: Let's Encrypt ACME client outdated by letsencrypt
Same for me. I got the mail a second time from LetsEncrypt.jauling wrote:I see in the release notes that 3.4.6.RCO3 (released on 2019-12-25) should have introduced ACMEv2. I've been running 3.4.7.RFO2 for over 5 weeks now, but I recently got an email from Let's Encrypt saying that ACMEv1 was used on 2020-04-29 to renew my certs.
I see a crontab entry for root on my AS5104T that is executing this daily at midnight:Anyone figure out how this client works? I looked at the binary, and it reads the file /usr/builtin/etc/certificate/certificate.json, which seems to show that my Let's Encrypt cert is type 2, but I really dont know if that has anything to do with ACMEv1 vs ACMEv2.Code: Select all
0 0 * * * TAG=CERTIFICATE /usr/builtin/bin/certificate update-cert
Meanwhile, Asustor support answered to case : We have already updated to ACME to v2 already..
Maybe letsencrypt send mail at each renewal, regardless of version used.
-
- Posts: 1
- Joined: Wed May 20, 2020 7:19 am
Re: Let's Encrypt ACME client outdated by letsencrypt
I have an AS1002T v2 with ADM v3.5.0.R5D3. This uses acme.sh instead of certbot and has no issues with LetsEncrypt. Maybe try updating the ACME client software and see if that helps (mine is v2.0.0.r5). I have worked with acme.sh a lot for other linux deployments and it has a ton of functionality that the certbot doesn't have.
-
- Posts: 52
- Joined: Wed Feb 01, 2017 1:34 am
- Location: Amsterdam
Re: Let's Encrypt ACME client outdated by letsencrypt
Not sure why this is still an issue, but I'm on an AS5104T running 3.5.4.RE11, and got an email today saying I'm using ACMEv1, and that ACMEv1 will be retired on June 1 2021. My crontab for root has no mention of acme.sh.
You guys think this is just blind spam from Let's Encrypt? The email seems pretty specific, unless it's a canned copy/paste.
You guys think this is just blind spam from Let's Encrypt? The email seems pretty specific, unless it's a canned copy/paste.
According to our records, your Let's Encrypt software client renewed a
TLS/SSL certificate recently using the ACMEv1 protocol.