Certbot - Update your client software to continue using Let's Encrypt - Update ACME v1 to v2 in Ubuntu 14.04

Question

I've receive an email from [email protected] with the subject "Update your client software to continue using Let's Encrypt"

I'm using Ubuntu 14.04.05 LTS in the servers where I host my https sites, Certbot is 0.22.2+1+ubuntu

That's the latest version in my repositories.

I've tried to renew a domain forcing to use the ACME v2 server, following this documentation https://certbot.eff.org/docs/using.html?highlight=acmev2#changing-the-acme-server adding "--server https://acme-v02.api.letsencrypt.org/directory" to the renew command but it doesn't worked.

Now I'm stuck and requesting some help.

Thanks for reading and for your help.

Answer 1

Update:

Solution 1 :

You can try these 5 steps. See if this works:

sudo apt update
sudo apt install --only-upgrade certbot
sudo certbot update_account
certbot renew --dry-run

I got to know about them from Digital Ocean Community: https://www.digitalocean.com/community/questions/let-s-encrypt-acmev1-protocol-you-should-upgrade-to-an-acmev2

Solution 2:

As you already mentioned ppa:certbot/certbot doesn't have the latest version of certbot.

certbot official website provides all the instructions related to certbot:

https://certbot.eff.org/all-instructions/

You have to select "Nginx on Ubuntu (other)", which will lead you to this page:

https://certbot.eff.org/lets-encrypt/ubuntuother-nginx.html

This page tells you to execute these statements:

Step 1: Install certbot-auto:

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Step 2: configure nginx :

sudo /usr/local/bin/certbot-auto --nginx

This step will ask you:

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Here you can enter '1'

Then it asks:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

You can choose whatever your requirements are.

Step 3: Setup a cron job to auto renew:

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

Disclaimer: Above method worked worked for me. YMMV!

Please mention in comment if this solution worked for you or not. Also let me know if anything better comes up. Enjoy!