LetsEncrypt client needs to be updated and configured to use v2 API #353
Comments
|
This is.. not as easy as in openaustralia/infrastructure#150. cuttlefish is running on ubuntu 14.04 which is not supported by the certbot PPA at https://launchpad.net/~certbot/+archive/ubuntu/certbot. The instructions at https://certbot.eff.org/lets-encrypt/debianother-apache.html may work. certbot/certbot#7296 notes that this is because ubuntu 14.06 is not supported (except for paid customers) as of April 2019 We currently have certbot 0.21 on the machine, which seems to not support ACME v02 at all. My suggestion is that we rebuild this machine on a more-modern ubuntu. If that's not feasible before the v1 API stops being supported, we may be able to install from source. The We may have more success building the version of certbot in use on our Precise machines (0.31.0) as that is probably closer to what would have worked on Trusty before support was dropped. |
|
Rebuilding cuttlefish on more recent ubuntu sounds like the correct approach. |
|
Any timetable for update to recent ubuntu? Just evaluating possibilities for selfhosted email sending, Cuttlefish looks good. |
|
Our production instance and the Ansible setup has been updated to Xenial (16.04). certbot is now at 0.31.0. @jamezpolley is there a simple test we can run to see that everything is working as expected now so we can close this ticket? |
|
Xenial is only supported until April of next year so it's well worth upgrading to more recent LTS versions if I get a chance... |
|
Reference #397 "Ubuntu 16.04 LTS is approaching its "End of Standard Support" in April 2021" |
See background in openaustralia/infrastructure#150
The text was updated successfully, but these errors were encountered: