LetsEncrypt client needs to be updated and configured to use v2 API

[jamezpolley]

See background in https://github.com/openaustralia/infrastructure/issues/150

[jamezpolley]

This is.. not as easy as in https://github.com/openaustralia/infrastructure/issues/150. cuttlefish is running on ubuntu 14.04 which is not supported by the certbot PPA at https://launchpad.net/~certbot/+archive/ubuntu/certbot. The instructions at https://certbot.eff.org/lets-encrypt/debianother-apache.html may work.

https://github.com/certbot/certbot/issues/7296 notes that this is because ubuntu 14.06 is not supported (except for paid customers) as of April 2019

We currently have certbot 0.21 on the machine, which seems to not support ACME v02 at all.

My suggestion is that we rebuild this machine on a more-modern ubuntu.

If that's not feasible before the v1 API stops being supported, we may be able to install from source. The geerlingguy.certbot module theoretically supports this, although I'm not sure what success we'd have in building current source on Trusty.

We may have more success building the version of certbot in use on our Precise machines (0.31.0) as that is probably closer to what would have worked on Trusty before support was dropped.

[mlandauer]

Rebuilding cuttlefish on more recent ubuntu sounds like the correct approach.

[mruokojo]

Any timetable for update to recent ubuntu? Just evaluating possibilities for selfhosted email sending, Cuttlefish looks good.

[mlandauer]

Our production instance and the Ansible setup has been updated to Xenial (16.04). certbot is now at 0.31.0.

@jamezpolley is there a simple test we can run to see that everything is working as expected now so we can close this ticket?

[mlandauer]

Xenial is only supported until April of next year so it's well worth upgrading to more recent LTS versions if I get a chance...

[bluepuma77]

Reference #397 "Ubuntu 16.04 LTS is approaching its "End of Standard Support" in April 2021"