Open leandroprz opened 4 years ago
neurobin
commented
4 years ago https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/4
You should update letsencrypt. It's probably called certbot now. You can pass the path to certbot with lcget:
sudo ./lcget certonly -c leandroprz.ini -lp /usr/bin/certbot
leandroprz
commented
4 years ago I have the latest certbot installed:
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo apt-get install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.40.0-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.I tried again with your command and got the same error:
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo ./lcget certonly -c leandroprz.ini -lp /usr/bin/certbot
Saving debug log to /home/leandroprz/.letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 307, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File "/usr/lib/python3/dist-packages/acme/client.py", line 861, in new_order
authorizations.append(self.client.request_domain_challenges(domain))
File "/usr/lib/python3/dist-packages/acme/client.py", line 351, in request_domain_challenges
return self.request_challenges(messages.Identifier(
File "/usr/lib/python3/dist-packages/acme/client.py", line 329, in request_challenges
response = self._post(self.directory.new_authz, new_authz)
File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)
Please see the logfiles in /home/leandroprz/.letsencrypt for more details.Maybe I have a wrong configuration in the lcget script?
neurobin
commented
4 years ago Maybe I have a wrong configuration in the lcget script?
You probably added new domain/s that was not there before. New domain verification needs to use the new API. If you can't update certbot to the latest, from official repo, you will probably have to follow other ways. A google search will help.
leandroprz
commented
4 years ago I managed to install the latest version available from here.
leandroprz@ubuntu:~/Downloads/lcget-master$ certbot-auto --version
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
certbot 1.5.0After running the command I get a similar error even though I created a new account using the latest version with certbot-auto:
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo ./lcget certonly -c leandroprz.ini -lp /usr/local/bin/certbot-auto
Saving debug log to /home/leandroprz/.letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 1347, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 1217, in certonly
le_client = _init_le_client(config, auth, installer)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 603, in _init_le_client
acc, acme = _determine_account(config)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 519, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/client.py", line 175, in register
regr = perform_registration(acme, config, tos_cb)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/client.py", line 218, in perform_registration
return acme.new_account_and_tos(newreg, tos_cb)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 830, in new_account_and_tos
regr = self.client.register(regr)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 278, in register
response = self._post(self.directory[new_reg], new_reg)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 96, in _post
return self.net.post(*args, **kwargs)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 1177, in post
return self._post_once(*args, **kwargs)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 1190, in _post_once
response = self._check_response(response, content_type=content_type)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 1048, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
Please see the logfiles in /home/leandroprz/.letsencrypt for more details.I registered using the latest version:
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo certbot-auto register
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): l***@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: aEdit:
I commented these lines:
#server = https://acme-staging.api.letsencrypt.org/directory
#debug
#break-my-certsThen I didn't get any errors, but nothing happened. I pressed Enter, but it's been like this for about 20 minutes:
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo ./lcget certonly -c leandroprz.ini -lp /usr/local/bin/certbot-auto
Saving debug log to /home/leandroprz/.letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
famcYlbdQ3a80mA0Tm59veLH_o14K24mNgekKlojv9Q.5GnSxA2ZMB***
And make it available on your web server at this URL:
http://domain.com/.well-known/acme-challenge/famcYlbdQ3a80mA0Tm59v***
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue#server = https://acme-staging.api.letsencrypt.org/directory
#debug
#break-my-certsYou can try this setting with the old certbot. If it does not work, then lcget needs to be updated to support latest version of certbot. lcget depends on the printed messages from the certbot which seem to have changed.
leandroprz
commented
4 years ago Unfortunately it didn't work. Same as before, after pressing Enter nothing happens.
leandroprz@ubuntu:~/Downloads/lcget-master$ sudo ./lcget certonly -c leandroprz.ini -lp /usr/bin/certbot
Saving debug log to /home/leandroprz/.letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com.ar
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
zntKZif2cd06wI_eiWgsuEvVB3GWLoySZ2UnoUiJ9Eg***
And make it available on your web server at this URL:
http://domain.com/.well-known/acme-challenge/zntKZif2cd06wI_eiWgsuEv***
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to ContinueIt's been like this for about 10 minutes.
Let me know if you need me to test something when updating the script, I could really use this.
Thank you for your help.
neurobin
commented
4 years ago Let me know if you need me to test something when updating the script, I could really use this.
I don't think I will have any free time for this project for now. There's another project letsacme that is probably also suffering the impact of api version change. An update to this project may come within a month as I use this for my domains.
Hi,
I'm trying to create certificates for my domains but I'm getting this error: