Support for ACME v2

[ashishkulk]

Hi all,

I was wondering if kube-lego supports ACMEv2. Has anyone tried using it?

https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605

TIA.

[RickyCook]

note that according to the forum post about staging:

Existing authorizations from the v1 API will not be usable with the v2 API, meaning that you will have to reauthorize all domains prior to issuance with the v2 API

This is a non-backward-compatible version of the API, so ACME v1 clients (almost all clients available today) will not work with the ACME v2 endpoint. Existing clients will need code changes and new releases in order to support ACME v2.
...
If you use an ACME v1 client with the ACME v2 API you will likely receive errors about an incompatible /directory response, perhaps mentioning missing endpoints (new-reg, new-authz, etc). To reiterate, ACME v1 clients will not work with ACME v2 without code changes.

so will need to wait for upstream ACME library to support v2 API

[RickyCook]

sorry; i take it back - looks like lego uses its own implementation of an ACME client :)

[ashishkulk]

Thanks for your prompt response @RickyCook

[RickyCook]

I think that it's definitely worth leaving open as a feature request @ashishkulk , because the v1 API will be deprecated at some point.

[xeor]

Maybe both can be supported for a while as well.. this should not be closed yet

[simonswine]

There are no plans to implement that

kube-lego is in maintenance mode only. There is no plan to support any new
features. The latest Kubernetes release that kube-lego officially supports
is 1.8. The officially endorsed successor is cert-manager.

If you are a current user of kube-lego, you can find a migration guide here.