Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: calisun on April 01, 2020, 05:27:40 AM
-
Today I received following email from noreply@letsencrypt.org
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then.
I just did:
yum update smeserver-letsencrypt dehydrated --enablerepo=smecontribs
signal-event post-upgrade; signal-event reboot
Is there anything else required on my part?
-
Read the wiki page and follow the instructions
-
Read the wiki page and follow the instructions
Precisely. We wrote it out once so we didn't have to keep doing it again and again :-)
You can continue to renew v1 certificates, but they will eventually stop altogether.
Much better to upgrade now.
-
Sorry, I missed a line of code on my original post.
After I did yum Update, I did:
config setprop letsencrypt API 2
signal-event console-save
What I was unclear about is, are all my domains (submitted a while back under API 1) will they be automatically transferred to API 2, or do I have to re-submit them?
-
Always better to manually change and check/test.
Roughly....
Set to 2 or auto
Set status to test
Console-save
Generate knew v2 test certs
If test is ok set back to enabled, console save, and generate new certs.
Run a cleanup.
dehydrated -gc I think
Note the comments if you have issues
Don't keep trying if you have a failure or they will block you for a while.
-
# config setprop letsencrypt API 2
# signal-event console-save/quote]
-
Then run an
config setprop letsencrypt status test
signal-event console-save
Then
dehydrated -c - x
The manual doesn't request the - x but I've found as I'm useless it helps due to previous requests
Then once your happy all domains etc have check out go back to production
config setprop letsencrypt status enabled
signal-event console-save
Then
dehydrated -c -x
All taken from
https://wiki.contribs.org/Letsencrypt