-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
End of Life Plan for ACMEv1 #319
Comments
I'm about to switch to lego (lego). lego is also used by caddy-server (as a library, that is how I found it) and its also a single go-lang binary. I've converted my own private VPS to lego last weekend (not necessary in the most efficient way, I reinstalled everything new, because also switched DNS and VPS provider, changed registration email address, used the newest OS release and now use RSA 4096bit keys for https, postgres and ). So I basically unwanted my certificate at the old server, switched DNS to the new server, and ordered a new and longer one at the new server. It has no quickstart feature, but then.. before choosing the next acme client I went through ACME manually, so I now know what happens behind the curtains. Do your testing with a dedicated testing domain! My old caddyserver install once had a root-owned, non-removable pid file which made systemd restart caddy about a dozend times a second (trying to renew the cert every time) and in no time I was blocked (rightfully so) by LE. Which is also the reason why I do want seperated programs for serving the web and ACMEing. |
@ronnyadsetts, there is acmev2 branch mentioned in issue #305 |
@metaminimalist Thanks, lego looks interesting. @asalmela Thanks, yes, I know about the branch but the very first bullet point of that link states "It is very alpha" which scares me a little. :-). |
One other date to be aware of is the intended deprecation of unauthenticated GET requests for ACME v2: Nov 1st, 2019. Without modification I think the |
I also just received this from LE: Hello, Action is strongly recommended to prevent problems with your Let's Encrypt A client you have used to access the Let's Encrypt API in the past 60 days has Within the past 60 days, our /new-reg API endpoint received about 104 We've found that in most cases, the client is an older version of kube-lego or We would like to help fix clients that send our API many requests that will |
same mail here |
Same mail here |
Same here. I just opened a topic in the Help section of their community forum: UPDATE: the email was sent by mistake. We only have to care about ACMEv1 deprecation (deadline june 2020 for new domains registration / june 2021 no more renewals) |
I used acme-client-portable for some time but due to lack of support for ACMEv2, I wrote my own in plain C: check https://github.com/ndilieto/uacme if you're interested. |
@metaminimalist @ronnyadsetts just a note to lego - It doesn't support multiple hostnames in one certificate. |
@holdenger yes - it does. https://controlledflight.ca/ was obtained using lego. |
A beta of support for ACMEv2 is now available, see #322. |
Unfortunatly this beta does not compile ! |
@pipiche38 have you tried using my patch #326 ? |
Thanks ! it works |
Now that the ACME protocol is an IETF standard[1], Let's Encrypt have announced an end-of-life plan[2] for the ACMEv1 endpoints. The first date of significance is Nov 2019 when new account creation will stop working.
I'd really like to continue using acme-tool as it suits my workflow perfectly.
Is anyone working on a fork to get the ACMEv2 protocol stuff to completion?
Have people migrated to different tools, if so what?
Thanks.
[1] https://letsencrypt.org/2019/03/11/acme-protocol-ietf-standard.html
[2] https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
The text was updated successfully, but these errors were encountered: