New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acme.sh now defaults to zerossl #33
Comments
@tykeal, could you describe the steps you took to force the default CA? |
@oxc, I ended up having to do the following on my puppet controller:
I also needed to do
The first one just fixes it for any new registered accounts. It didn't fix it for the already registered accounts. I'll note I discovered this because of some upgrades I was doing and it caused my acme.sh install to get fully updated to latest. It then tried to use zerossl even though according to the documentation it's supposed to use whatever registrar your certs are with but it kept failing because I have not actively registered a zerossl account which seems to be required. |
I'll add new parameters to specify the CA and it will of course default to Let's Encrypt. |
I'll note that according to the help in acme.sh it's possible to pass the server as a CLI parameter, so maybe that would be the best way forward for all the calls that are generated by the module? Alternatively, if the default CA does get set then when doing CLI troubleshooting it would be easier ;) |
Thanks for the hint. That's how I've implemented it. Give me some time to test it before issueing a new release. |
Version 3.0.0 has just been release, it should fix this issue. In order to properly address this I had to introduce some backwards-incompatible changes, but I think this aligns with the recent changes in acme.sh and is acceptible with this regard. Please let me know if you find any issues in the new release, I'm prepared to issue a hotfix. |
New versions of acme.sh now default to zerossl which fails, especially if you've been using LetsEncrypt for a while.
It would be good to add configuration to the module to allow selecting of the different CAs. Right now the only option is 'production' or 'staging' and that assumes an LE CA. However, acme.sh now has support for several different servers other than just LE.
See: https://github.com/acmesh-official/acme.sh/wiki/Server
I had to go force my default ca on my account configs to get around this after doing an upgrade!
The text was updated successfully, but these errors were encountered: