Koozali.org: home of the SME Server

Email from noreply@letsencrypt.org

Offline calisun

  • *
  • 601
  • +0/-0
Email from noreply@letsencrypt.org
« on: April 01, 2020, 05:27:40 AM »
Today I received following email from noreply@letsencrypt.org

Code: [Select]
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then.

I just did:
Code: [Select]
yum update smeserver-letsencrypt dehydrated --enablerepo=smecontribs
signal-event post-upgrade;  signal-event reboot

Is there anything else required on my part?
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: Email from noreply@letsencrypt.org
« Reply #1 on: April 01, 2020, 06:24:06 AM »
Read the wiki page and follow the instructions
...

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Email from noreply@letsencrypt.org
« Reply #2 on: April 01, 2020, 12:43:39 PM »
Read the wiki page and follow the instructions

Precisely. We wrote it out once so we didn't have to keep doing it again and again :-)

You can continue to renew v1 certificates, but they will eventually stop altogether.

Much better to upgrade now.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline calisun

  • *
  • 601
  • +0/-0
Re: Email from noreply@letsencrypt.org
« Reply #3 on: April 02, 2020, 12:22:21 AM »
Sorry, I missed a line of code on my original post.
After I did yum Update, I did:

Code: [Select]
config setprop letsencrypt API 2
signal-event console-save

What I was unclear about is, are all my domains (submitted a while back under API 1) will they be automatically transferred to API 2, or do I have to re-submit them?
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Email from noreply@letsencrypt.org
« Reply #4 on: April 02, 2020, 12:35:25 AM »
Always better to manually change and check/test.

Roughly....

Set to 2 or auto
Set status to test
Console-save
Generate knew v2 test certs
If test is ok set back to enabled, console save, and generate new certs.

Run a cleanup.

dehydrated -gc I think

Note the comments if you have issues

Don't keep trying if you have a failure or they will block you for a while.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: Email from noreply@letsencrypt.org
« Reply #5 on: June 09, 2020, 01:24:52 AM »
Quote
# config setprop letsencrypt API 2
# signal-event console-save/quote]

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: Email from noreply@letsencrypt.org
« Reply #6 on: June 09, 2020, 01:32:37 AM »
Then run an
Quote
config setprop letsencrypt status test
signal-event console-save
Then
Quote
dehydrated -c - x

The manual doesn't request the - x but I've found as I'm useless it helps due to previous requests

Then once your happy all domains etc have check out go back to production

Quote
config setprop letsencrypt status enabled
signal-event console-save

Then
Quote

dehydrated -c -x


All taken from
https://wiki.contribs.org/Letsencrypt