Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acem/autocert: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 #39732

Closed
andrewarrow opened this issue Jun 21, 2020 · 3 comments

Comments

@andrewarrow
Copy link

@andrewarrow andrewarrow commented Jun 21, 2020

What version of Go are you using (go version)?

$ go version
go version go1.14.4 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

GOARCH="amd64"
GOHOSTOS="linux"

What did you do?

111111111
*** https://acme-v01.api.letsencrypt.org/directory
*** https://acme-v01.api.letsencrypt.org/acme/new-reg
2020/06/21 00:16:52 http: TLS handshake error from 23.241.207.246:58899: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
111111111
2020/06/21 00:16:52 http: TLS handshake error from 23.241.207.246:58900: acme/autocert: missing certificate

What did you expect to see?

No error, this is very simple autocert manager code.

What did you see instead?

https://stackoverflow.com/questions/62479445/what-causes-urnacmeerrorunauthorized-403-error-in-golangs-acme-autocert

Example code:

package main

import (
	"crypto/tls"
	"net/http"

	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/acme/autocert"
)

func main() {

	router := gin.Default()
	hosts := []string{"yourdomain.com"}
	certManager := autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(hosts...),
		Cache:      autocert.DirCache("/certs"),
	}

	server := &http.Server{
		Addr:    ":https",
		Handler: router,
		TLSConfig: &tls.Config{
			GetCertificate: certManager.GetCertificate,
		},
	}

	server.ListenAndServeTLS("", "")
}
@gopherbot gopherbot added this to the Unreleased milestone Jun 21, 2020
@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Jun 22, 2020

Can you test the latest version of golang.org/x/crypto? autocert has been upgraded to ACVEv2 for a while now. https://pkg.go.dev/golang.org/x/crypto/acme/autocert?tab=doc#pkg-constants

@FiloSottile FiloSottile changed the title x/crypto: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 x/crypto/acem/autocert: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 Jun 22, 2020
@andrewarrow
Copy link
Author

@andrewarrow andrewarrow commented Jun 22, 2020

i got the latest and greatest, still got same error.

@andrewarrow
Copy link
Author

@andrewarrow andrewarrow commented Jun 24, 2020

I had the latest golang but my go.mod had golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 changing to the 2020 version fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.