auto-proxy icon indicating copy to clipboard operation
auto-proxy copied to clipboard

Published 20 hours ago verified publisher icon ayufan

needs account creation with ACMEv2

Open amedranogil opened this issue 5 years ago • 6 comments

Deploying a new instance today (15/11/2019) got the following error time="2019-11-15T11:06:04Z" level=warning msg="Failed to request a new certificate" error="acme error 'unauthorized': Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details." name=<VIRTUAL_HOST>

Accesing https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 it states new accounts using ACMEv2 are in deed discontinued from november.

We have very successfully been using this component, it would be a pitty to go back to using other automatic proxy/virtualhost/tsl management.

amedranogil avatar Nov 15 '19 11:11 amedranogil

I don't know Go, but looking at the code it seems the package "github.com/ericchiang/letsencrypt" is deprecated. "golang.org/x/crypto/acme/autocert" should be used instead. Is it just a matter of changing letsencrypt.go?

amedranogil avatar Dec 04 '19 15:12 amedranogil

Yes. I need to update it. I will likely do it over this weekend.

On Wed, Dec 4, 2019 at 4:45 PM Alejandro Medrano [email protected] wrote:

I don't know Go, but looking at the code it seems the package "github.com/ericchiang/letsencrypt" https://github.com/ericchiang/go-acme is deprecated. "golang.org/x/crypto/acme/autocert" https://godoc.org/golang.org/x/crypto/acme/autocert should be used instead. Is it just a matter of changing letsencrypt.go?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ayufan/auto-proxy/issues/4?email_source=notifications&email_token=AASOSQPITIFWW5ILAUWFXC3QW7GBDA5CNFSM4JNZL7YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF5OR4Q#issuecomment-561703154, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASOSQI5TCFFHQUGHJAZBZ3QW7GBDANCNFSM4JNZL7YA .

ayufan avatar Dec 04 '19 16:12 ayufan

actually lego seems to be much more simple

amedranogil avatar Dec 04 '19 16:12 amedranogil

I think 2 more environment variables are needed for the auto-proxy container: ACCOUNT_EMAIL : required for the v2 registration ACME_CA : to be able to change the CA backend if needed, if not set it should use the default LetsEncrypt.

Thanks for the time! if you need help testing and/or documenting, let me know!

amedranogil avatar Dec 04 '19 16:12 amedranogil

any updates on this? apparently new validations are permanently disabled with v1: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/7 so eventhough currently our services work new virtual hosts will not be allowed by lets encrypt.

amedranogil avatar May 18 '20 14:05 amedranogil

I run into this issue today and make me struggle a while.

I hope this great alpine auto proxy docker image can upgrade to support ACMEv2 soon!

huan avatar Aug 01 '20 15:08 huan