search

btcpayserver / btcpayserver-docker

Docker resources for hosting BTCPayServer easily
MIT License
588 stars 362 forks source link

Letsencrypt: Account creation on ACMEv1 is disabled #207

Closed eightyfive closed 5 years ago

eightyfive commented 5 years ago

This issue is related to docker-letsencrypt-nginx-proxy-companion.

Even though at the time of writing it is still October 2019, it seems that account creation through the Acmev1 API is already disabled:

$ docker logs letsencrypt-nginx-proxy-companion

Creating/renewal pay.payie.io certificates... (pay.payie.io)
2019-10-18 05:02:28,030:INFO:simp_le:1382: Generating new account key
2019-10-18 05:02:37,339:WARNING:simp_le:1397: --email was not provided; ACME CA will have no way of contacting you.
ACME server returned an error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

More details: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

NicolasDorier commented 5 years ago

I just updated the docker image, if you update it should use acme2

eightyfive commented 5 years ago

Hi @NicolasDorier thanks for the swift response.

I did the following but I get a new error now:

$ btcpay-update.sh
$ . ./btcpay-setup.sh -i
$ docker logs letsencrypt-nginx-proxy-companion

Reloading nginx docker-gen (using separate container nginx-gen)...
Reloading nginx (using separate container nginx)...
Creating/renewal pay.payie.io certificates... (pay.payie.io)
2019-10-18 06:31:54,813:INFO:simp_le:1323: Generating new account key
2019-10-18 06:32:00,897:WARNING:simp_le:1346: --email was not provided; ACME CA will have no way of contacting you.
2019-10-18 06:32:00,897:INFO:simp_le:1353: By using simp_le, you implicitly agree to the CA's terms of service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/acme/messages.py", line 249, in __getitem__
    return self._jobj[self._canon_key(name)]
KeyError: 'newAccount'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/simp_le.py", line 1565, in main
    return main_with_exceptions(cli_args)
  File "/usr/lib/python3.7/site-packages/simp_le.py", line 1549, in main_with_exceptions
    persist_new_data(args, existing_data)
  File "/usr/lib/python3.7/site-packages/simp_le.py", line 1408, in persist_new_data
    args, existing_data.account_key, existing_data.account_reg)
  File "/usr/lib/python3.7/site-packages/simp_le.py", line 1357, in registered_client
    client.new_account(new_reg)
  File "/usr/lib/python3.7/site-packages/acme/client.py", line 604, in new_account
    response = self._post(self.directory['newAccount'], new_account)
  File "/usr/lib/python3.7/site-packages/acme/messages.py", line 251, in __getitem__
    raise KeyError('Directory field not found')
KeyError: 'Directory field not found'

Unhandled error has happened, traceback is above

Debugging tips: -v improves output verbosity. Help is available under --help.

Should I just try a fresh install?

NicolasDorier commented 5 years ago

@eightyfive this sucks, I will look into it, this is not normal.

NicolasDorier commented 5 years ago

Can you try

ACME_CA_URI=https://acme-v02.api.letsencrypt.org/directory

and try again . btcpay-setup.sh -i ?

eightyfive commented 5 years ago

I just went for a fresh install, but I (strongly) guess that the issue was what you pointed out (env var out-of-sync with latest code).

I can access my website through https now with no problem.

Thanks a lot for your help!

NicolasDorier commented 5 years ago

@eightyfive thanks for the testing, let's encrypt just outdated ACME v1 so was missing some stuff to update.