needs account creation with ACMEv2

[amedranogil]

Deploying a new instance today (15/11/2019) got the following error
time="2019-11-15T11:06:04Z" level=warning msg="Failed to request a new certificate" error="acme error 'unauthorized': Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details." name=<VIRTUAL_HOST>

Accesing https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 it states new accounts using ACMEv2 are in deed discontinued from november.

We have very successfully been using this component, it would be a pitty to go back to using other automatic proxy/virtualhost/tsl management.

[amedranogil]

I don't know Go, but looking at the code it seems the package "github.com/ericchiang/letsencrypt" is deprecated. "golang.org/x/crypto/acme/autocert" should be used instead.
Is it just a matter of changing letsencrypt.go?

[ayufan]

Yes. I need to update it. I will likely do it over this weekend.

…

On Wed, Dec 4, 2019 at 4:45 PM Alejandro Medrano ***@***.***> wrote: I don't know Go, but looking at the code it seems the package "github.com/ericchiang/letsencrypt" <https://github.com/ericchiang/go-acme> is deprecated. "golang.org/x/crypto/acme/autocert" <https://godoc.org/golang.org/x/crypto/acme/autocert> should be used instead. Is it just a matter of changing letsencrypt.go? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#4?email_source=notifications&email_token=AASOSQPITIFWW5ILAUWFXC3QW7GBDA5CNFSM4JNZL7YKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF5OR4Q#issuecomment-561703154>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AASOSQI5TCFFHQUGHJAZBZ3QW7GBDANCNFSM4JNZL7YA> .

[amedranogil]

actually lego seems to be much more simple

[amedranogil]

I think 2 more environment variables are needed for the auto-proxy container:
ACCOUNT_EMAIL : required for the v2 registration
ACME_CA : to be able to change the CA backend if needed, if not set it should use the default LetsEncrypt.

Thanks for the time! if you need help testing and/or documenting, let me know!

[amedranogil]

any updates on this? apparently new validations are permanently disabled with v1: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/7
so eventhough currently our services work new virtual hosts will not be allowed by lets encrypt.

[huan]

I run into this issue today and make me struggle a while.

I hope this great alpine auto proxy docker image can upgrade to support ACMEv2 soon!