Lets encrypt error

Discussion in 'ISPConfig 3 Priority Support' started by gpetrom, Aug 4, 2021.

  1. gpetrom

    gpetrom Member HowtoForge Supporter

    Hi

    I have a server on debian 9 and ispconfig 3.2. Sites are not updating certificates.
    When i run manualy the server.sh i am getting the following error
    The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information

    So i need to update Acme to version 2
    Can someone tell me how to do that

    Thanks in advanced
     
  2. gpetrom

    gpetrom Member HowtoForge Supporter

  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The instructions are fine, just leave out step 7.
     
  4. gpetrom

    gpetrom Member HowtoForge Supporter

    ok thank you for the quick answer.
    Worked great and i learned how debug it the next time :)
     
  5. burlyhousetech

    burlyhousetech Member HowtoForge Supporter

    Does anyone know of a certbot client solution for Debian 8 "Jessie". Wondering if a tool like acme.sh would work, and also if can be a drop-in replacement for ISPConfig usage.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Since your question has very little to do with this discussion you should create a new thread.
     
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Please don't if you are not willing to experiment on your server and facing some failures.

    That said, I did mention the theory how to do transition from certbot to acme.sh since some people did ask on how to change to it.

    But I haven't change mine from certbot to acme.sh though for personal reasons.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You should consider updating your system to Debian 9 or 10. Debian 8 is not supported anymore, so it won't get security updates and you should try to avoid using such a system on the internet. And as @ahrasis mentioned, changing from certbot to acme.sh causes a lot of troble, ISPConfig supports both clients but there is no migration path between the two as neither one can read and import the config of the other LE client.
     
  9. burlyhousetech

    burlyhousetech Member HowtoForge Supporter

    Agreed the right move is to prioritize migration to Debian 10, which we've already begun. I was mostly curious to better understand the relationship between ISPConfig and the various ACMEv2 clients. Thanks all for the feedback.
     

Share This Page