-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACMEv2 beta (v0.2.1) now available #322
Comments
©! I, Hugo Landau <[email protected]>, hereby licence these changes under the ©! licence with SHA256 hash ©! fd80a26fbb3f644af1fa994134446702932968519797227e07a1368dea80f0bc.
@hlandau Hello, and a big thank you for this. When do you expect release of binaries? |
For anyone else trying to build this from source to test it out, it looks like it'll require golang version 1.9 or higher for the I think the resulting binary is correctly built to be Ewen
|
What might the status be of v2. In June of 2020 we will stop allowing new domains to validate via ACMEv1 https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 I have been using ACMEv1 and have had no problems. I like being able to use the redirector. I see that v1 is available via Centos 7 package manager, though I compiled my self. Is there any intentions of providing a v2 binary for Centos 7. Even though there is some time until June 2020. Every time a certificate is added or renewed LetsEncrypt sends me an email reminding me that v1 on June 1 2020 will no longer be allowed. There has been no activity for a month now. Has the project been put on hold. Should I start looking for something else. There is a long list of v2 releases on the LetsEncrypt website. Everyone else has already moved on to v2. https://letsencrypt.org/docs/client-options/ |
@SinOJosWeb ACMEv2 in So I would say what remains is @hlandau make a release (or at least a release candidate!) soon, so we can go ask package maintainters to make new package (it all takes time!) |
Was anyone able to build v0.2.1 on Ubuntu 16.04? Solution from @ewenmcneill does not work unfortunately, |
@defanator Don't know about Ubuntu, but on Debian package is |
@mnalis oh sorry, my bad! |
@hlandau v0.2.1 seems to work fine. Hope to expect binaries soon! |
Any plan to provide a rpm based version for Fedora users ? |
I had no trouble compiling on Amazon AWS Linux 2 AMI. Installed: cloned git repository: enter ~/acmetool directory run "make" wait for it to finish: I run haproxy did not have to change any settings. Rebooted and it works. Now simply wait to renew time, and hopefully it will renew without any errors. |
On Amazon Linux 1 I get this error when trying to build. I'll just wait for the binary.
|
seems same as hlandau/acme.t#1 |
I'm newbie on GO so probably I'm missing something: Fedora 31
|
I've got the same (similar?) problem as @pipiche38
|
In #322 (comment) @tomwaldnz wrote:
@tomwaldnz It looks like Amazon Linux is based on a RPM distro, and searching through, eg, Packages in Amazon Linux 2018.3 it looks like Did you install (According to hlandau/acme.t#1 mentioned at #322 (comment) above, this is in the README, but it's just mentioned in the text before the example on how to build, rather than as an obvious "install this first" step.... :-) ) Ewen |
A binary in the package repos would be great, especially if you see how many people are having trouble compiling it. |
For folks who come here by Google search etc and have trouble building this binary: Go modules solve all build issues because @equinox0815 already went through the trouble for us to pin down dependency version that actually work. See #326 A small recipe for Debian based systems, off the top of my head, assuming you already checkout this repository:
Don't ever try to run the Makefile, it will ruin your day. |
You may also try the old way of getting Go software (run outside any go module):
That should produce the binary based on |
Just a heads up, builds just fine with mock on CentOS 8 with #326 included. Build dependencies are simply golang, git and libcap. All in all, a really simple and straightforward .spec is all acmetool needs. |
other then upgrading go, no. |
Since my last post Feb 1 2020 acme v2 has been working flawlessly. All renews have completed, no interaction has been necessary. |
So ... the only thing really needed is for @hlandau to make an official release and (hopefully) have maintainers update their packages? |
@Amunak in fact nothing prevents maintainers to use published release now (this is exactly what i did as a FreeBSD maintainer) |
@Amunak Debian also built new packages upon receiving bug report; so you probably just need to contact your distribution package managers and indicate that they should upgrade the packages... |
@mnalis I do actually have debian on the server where I need v2, but it's only in Bullseye/testing as of now. Do you know if v2 will be backported to Buster, or do I have to experiment with backports/testing? |
If you don't want to compile yourself, but just want to download a binary from a trusted source, you can unpack the acmetool binary from debian testing directly:
Go binaries are semi-statically built. They should work on any Linux system that uses glibc. If you copy that file to Edit: changed URL to https. Note you'll get a certificate error that the hostname is www.debian.org instead of ftp.debian.org. |
@Amunak just use |
Thanks, 0.2.1 works nicely for ACMEv2 when running |
It's June now, and still no official release. I find this really frustrating; many people reporting that the application obviously is working, yet @hlandau is MIA. One of the reason I'm using acmetool and not one of a gazillion other ACME clients is that binaries are available for many platforms. Even if a release was made now it would take upstream package maintainers a while before updating it. |
@sjamaan Don't blame @hlandau for not releasing a binary version. There are already built versions out there. E.g https://launchpad.net/ubuntu/+source/acmetool/0.2.1-1/+build/18755756/+files/acmetool_0.2.1-1_amd64.deb taken from https://launchpad.net/ubuntu/+source/acmetool/0.2.1-1/+build/18755756 |
I need CentOS (and also plain Debian) packages, not Ubuntu ones. But making it an official release instead of a beta version would definitely signal to package maintainers that it's stable and can be put in a package. |
@sjamaan If you extract the |
Debian has packages, but they're in testing. You can simply download the .deb from the website and install it with Though I still find it kind of unacceptable to just abandon a project like this. My migration to v2 personally wasn't really great; the fact that you have to create a new account is less than ideal, and the DNS-01 verification hook I had to write for my provider is working less reliably than it did in v1. |
"Abandon" is a bit of a stretch imo -- the project maintainer has already added the required support for ACMEv2 in order to keep the tool viable. "Migration" to ACMEv2 is entirely dependent on the user's particular setup and has little to do with A GitHub release for 0.2.1 has existed since October. The presence of a tagged release should satisfy package maintainers/build systems, and allow distribution packages to update. Binaries on GitHub would be nice, but users should really be getting their binaries from their distribution. It is not the project maintainer's responsibility to compile software for you. |
I built acmetool on Amazon Linux a couple of days ago. Not sure why but the version isn't showing - any tips? If anyone wants this version I can make it available to download for a couple of days.
|
Having version information of the main module in the binary is a hard problem in Go at the moment: golang/go#29228 The author of acmetool has "solved" that in a ... unique way: https://github.com/hlandau/acmetool/blob/master/Makefile#L42 ... but as I've mentioned above, rather stay away from running make. It may ruin you day. |
Update - I worked it out from this thread.
Unfortunately version information isn't included. Here's version info from v0.0.67
Here's what it is when we checkout from master
I did try checking out from a tag and doing a build but that didn't help. Anyone know how to get the acmetool version into the "acmetool --version" output?
|
The author hasn't touched the project or replied for at least half a year. Considering how many people already tested v2 and said it's more or less fine, the least they could do would be marking the release as stable and providing binaries with the release (and perhaps closing this issue). It's literally like 20 clicks here on Github if they just download one of the binaries that others already compiled.
When you use the ACME API AcmeTool creates an account for you with LetsEncrypt. This is transparent for the most part, but it has some consequences. When you delete your v1 account folder you lose that account and create a new one. It's not a big deal (I hope) but it doesn't feel like the "correct" way to do things. Not being able to just tell AcmeTool to use the new API from now on is just stupid - there should be a clear and easy migration path.
Right, the minimum I'm asking for is promoting that tag into a full release.
I mean, sure. It's "only" a "nice to have". But especially when the compiled thing is a single binary file it's not too hard to make a simple release with binaries. Alternatively the author should just say fuck it, I don't want to work on this anymore, please someone fork it and work on it. That's a commendable approach, and I would totally understand it. It's not easy to maintain public projects for free. But silence for months is really, really bad. |
From the author:
So that's probably the bigger issue here. No pull requests can be merged unless CI is fixed. No binaries can be built, either. I've been working on a allowing a head build using Homebrew for macOS. It's been building just fine, even on Linux (with the insertion of a single line: I also built two bottles (binary packages), one for OS X 10.10 and one for macOS 10.15. Both could be used interchangeably on either of them as well as all versions in between. Currently the installation of head bottles is buggy: after running
Press Ctrl+C to terminate the process here and run the following:
And acmetool is ready for use. Downloads: There is also an option to enable Note that Homebrew packages need to be installed to the prefix it is built for, so these binaries require the default Homebrew prefix being at |
I have built acmetool 0.2.1 on Amazon Linux with Go 1.13.4. I think it should work on any Linux machine, but I don't know for sure and I'm offering no support. It will be available on (link removed) for a few days, after which I'll delete it and won't upload it again. If it gets too much traffic I'll take it down. |
I get that some of you are a bit frustrated due to having to compile acmetool your self. While others have taken compiling acmetool in stride. I develop with Gentoo Linux which is a compiled flavor of Linux. Been at the CLI since 1981, been compiling Linux since 1995. Personally I would rather compile code myself. For a number of reasons.
I know most of you use binary OS's. Therefore you are more dependent upon your package manager which is focused on binary installations. Yet you still have the choice to self compile. Most binary OS's are not setup very good for compiling, or what I should clarify, is package managing for self compiled code. With Gentoo besides having the normal package manager Portage. That handles compiling flags and all the code/packages that there are existing ebuilds for. There is also an Overlay/Layman system that allows for producing your own and or community produced ebuilds for packages outside of the normal package repository. Great for testing purposes, if you want something outside what is normally provided. If you are running a binary flavor of Linux, if your really want acmetool available via your package manager as a binary install. Every Linux flavor has a method for adding packages that are not already available. I suggest you look into how your Linux flavor allows for adding new packages to the repository. Then become it's package manager. Most available packages in all Linux flavors are not maintained by the code developer. Some dev's do maintain binary installs for various Linux flavors, but most do not. The complexity of knowing how every single Linux flavor is structured, is simply to tedious & time consuming, also many regularly change. Most dev's leave it to the various Linux flavor package managers to produce binary installs for their flavor. Package manager's are intimate users of their Linux flavor, they are better positioned for competently building binary installs for their specific flavor. As for Apple products they have their own tools for compiling code. But you can also run Gentoo Portage and take advantage of Gentoo tools, think it might still be supported in one manner or another. Can also install Gentoo as your primary OS on apple hardware, and or dual boot. Windblows, no help for the lot of you. Purchase a $20 or up ssd and install Linux. Then you can boot to either installed on each others respective drive. No worry of cross contamination or loss of data during install. If you want a binary Linux I suggest Alpine, which was originally build from Gentoo, but is now independent. For the best for development, Gentoo. Both Gentoo & Alpine are systemd free, they both use Openrc, or you can use Runit or almost any other system init. There are many reasons why you do not want to run systemd, but this is not the place for that discussion. With Gentoo you will learn a lot about Linux & have the most flexibility, also have access to documentation & forums to self educate. If you really want to learn Linux like those of us back in the cave days. LFS, Linux From Scratch is only instructions, no package manager, every piece of code must be hand compiled, with self set compilation flags, and self handled dependencies and their respective flags. Gentoo with it's Portage package manager makes flag handling & dependency handling easy. Gentoo is essentially LFS on steroids. Rather than expecting something to be built for you. You are much better off taking the time to learn how to be self sufficient while increasing your knowledge & experience base. Being dependent upon a binary OS is severely limited. Open your world up to the other 99% & expand out to the rest of the universe. There is much to be said about Self Reliance. |
I've built pipeline for building a version with ACMEv2 for all possible platforms. |
404 page not found - perhaps you could confirm / edit your post to update the link? |
Try again please. I forgot to make repository public. 😉 |
Homebrew/Linuxbrew tap is ready: https://github.com/CL-Jeremy/homebrew-acmetool-v2 |
Tested on Rocky Linux 8.9 and OK
|
ACMEv2 support has now been merged into
master
and a beta is available as release v0.2.1. You will need to build this yourself as release automation is being renovated.This removes and replaces support for ACMEv1. Support for in-place upgrades using existing state directories (
/var/lib/acme
) is experimental; if you want to try this, just install the new binary and run it. Please make a backup of/var/lib/acme
first. Or of course you can start with a fresh state directory.The repository has moved to
hlandau/acmetool
fromhlandau/acme
. This should redirect automatically.Please report issues on the issue tracker.
The text was updated successfully, but these errors were encountered: