Community

Let's Encrypt Acmev1 issue

Trying to configure a cert in a fresh install with lets encrypt, but get an error response from lets encrypt due to ACMEv1 being disabled and needing to move to ACMEv2. In the response there is a link explaining it.
Is there a way to get a certificate from lets encrypt using ACMEv2

2019-11-21 00:00:58 +0000 08 ip-10-201-0-81 JOBLOG:70000003: LetsE: Acme job executing
2019-11-21 00:00:58 +0000 08 ip-10-201-0-81 JOBLOG:70000003: LetsE: AcmeInitState for xxxxxxxx executing
2019-11-21 00:00:58 +0000 08 ip-10-201-0-81 JOBLOG:70000003: LetsE: Response code 403
2019-11-21 00:00:58 +0000 02 ip-10-201-0-81 JOBLOG:70000003: LetsE: Issuance Job for xxxxxxxx abandoned!
2019-11-21 00:00:58 +0000 02 ip-10-201-0-81 JOBLOG:70000003: LetsE: last protocol errType urn:acme:error:unauthorized
2019-11-21 00:00:58 +0000 02 ip-10-201-0-81 JOBLOG:70000003: LetsE: last protocol errDetail Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
2019-11-21 00:00:58 +0000 02 ip-10-201-0-81 JOBLOG:70000003: LetsE: Job step action => Cannot complete current work item, abandoning

Hello,

Starting with Axigen 10.2.2.84 ACMEv2 client was included.

My recommendation is to update you install (Binary and Web Interfaces) to the latest version available 10.2.2.86:

https://www.axigen.com/updates/axigen-10.2.2.86/

Regards,
Florin

Clicking that link (https://www.axigen.com/updates/axigen-10.2.2.86/) leads to a ‘404’ error message.

Furthermore: I’m running version 10.3.0 and I also get warnings from Let’s Encrypt about ACMEv1.
What can I do to let Axigen use the ACMEv2 protocol?

Hello,

The link is no longer working because a new patch version is available 10.2.2.90:

https://www.axigen.com/updates/axigen-10.2.2.90/

Regarding Axigen 10.3.0, this version should include ACMEv2 protocol and to check what happen can you attach the log file that cover a Let’s Encrypt request.

Regards,
Florin

1 Like

OK, I see. Thank you.

My attention was drawn to this issue by a message from Let’s Encrypt, saying:

“According to our records, the software client you’re using to get Let’s Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate in the past two weeks using the ACMEv1 protocol.”

I tried to find the corresponding log entries, but in the last two weeks my Axigen server did not contact Let’s Encrypt. And before that, in December, the communication between Axigen and Let’s Encrypt went fine.

So it probably is some misinterpretation on Let’s Encrypt’s side.

Thanks again!

Cheers,
-Ton.