Undocumented how to deal w/ v1 deprecation #528

New Issue

adam · 2025-12-29T01:26:48+01:00

adam commented

2025-12-29 01:26:48 +01:00

Originally created by @jmgurney on GitHub (Apr 17, 2021).

Please document how to deal w/ the acme v1 deprecation by Let's Encrypt. Right now the only documentation that I found was a post on twitter: https://twitter.com/lukas2511/status/1244682949292892160?s=20 which isn't a place I expected to find documentation on how to deal w/ the upgrade.

It'd be even better to have added a warning that when getting a 403:

ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 403)

That you pop up a warning about this. If this had been in 0.7, it would have saved me some time, but as it was, I spent over an hour and a half of my time trying to figure out how to deal w/ this error message because of the lack of documentation.

I also didn't need to have upgraded, because I was running 0.6.5 which apparently supports v2, but got this error message and assumed that my version didn't support v2 instead of it being a simple configuration problem.

Originally created by @jmgurney on GitHub (Apr 17, 2021). Please document how to deal w/ the acme v1 deprecation by Let's Encrypt. Right now the only documentation that I found was a post on twitter: https://twitter.com/lukas2511/status/1244682949292892160?s=20 which isn't a place I expected to find documentation on how to deal w/ the upgrade. It'd be even better to have added a warning that when getting a 403: ``` ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 403) ``` That you pop up a warning about this. If this had been in 0.7, it would have saved me some time, but as it was, I spent over an hour and a half of my time trying to figure out how to deal w/ this error message because of the lack of documentation. I also didn't need to have upgraded, because I was running 0.6.5 which apparently supports v2, but got this error message and assumed that my version didn't support v2 instead of it being a simple configuration problem.

adam closed this issue

2025-12-29 01:26:48 +01:00

adam commented

2025-12-29 01:26:49 +01:00

@lukas2511 commented on GitHub (Apr 18, 2021):

Dehydrated handles this automatically as long as you didn't manually specify a CA in your config file.

If you manually specified in there to use an acme-v01 API dehydrated will try to do that, and dehydrated would speak ACME v1 if the server would respond correspondingly.

Since Let's Encrypt disabled that API endpoint dehydrated just prints the error message it receives from the server.

Also if manually set the migration is documented two lines below the CA value in the config example...:

# Path to old certificate authority
# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
# If dehydrated detects an account-key for the old CA it will automatically reuse that key
# instead of registering a new one.
# default: https://acme-v01.api.letsencrypt.org/directory
#OLDCA="https://acme-v01.api.letsencrypt.org/directory"

@lukas2511 commented on GitHub (Apr 18, 2021): Dehydrated handles this automatically as long as you didn't manually specify a CA in your config file. If you manually specified in there to use an acme-v01 API dehydrated will try to do that, and dehydrated would speak ACME v1 if the server would respond correspondingly. Since Let's Encrypt disabled that API endpoint dehydrated just prints the error message it receives from the server. Also if manually set the migration is documented two lines below the `CA` value in the config example...: ``` # Path to old certificate authority # Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint. # If dehydrated detects an account-key for the old CA it will automatically reuse that key # instead of registering a new one. # default: https://acme-v01.api.letsencrypt.org/directory #OLDCA="https://acme-v01.api.letsencrypt.org/directory" ```

adam commented

2025-12-29 01:26:49 +01:00

@jmgurney commented on GitHub (Apr 19, 2021):

Yeah, that didn't work.

You failed to mention that API=auto needs to be set as well.

@jmgurney commented on GitHub (Apr 19, 2021): Yeah, that didn't work. You failed to mention that `API=auto` needs to be set as well.

adam commented

2025-12-29 01:26:50 +01:00

@lukas2511 commented on GitHub (Apr 19, 2021):

Yeah, that didn't work.

You failed to mention that API=auto needs to be set as well.

I don't really see a reason to mention that, it's clearly documented in the config example as the API version to use.
That is something you configured yourself, so you touched that part of the configuration before and should know that you manually forced dehydrated to use API version 1. If you do that dehydrated will try that, and might fail, that's really not an issue with dehydrated.

@lukas2511 commented on GitHub (Apr 19, 2021): > Yeah, that didn't work. > > You failed to mention that `API=auto` needs to be set as well. I don't really see a reason to mention that, it's clearly documented in the config example as the API version to use. That is something you configured yourself, so you touched that part of the configuration before and should know that you manually forced dehydrated to use API version 1. If you do that dehydrated will try that, and might fail, that's really not an issue with dehydrated.

adam referenced this issue

2025-12-29 01:29:40 +01:00

[PR #529] [CLOSED] added fullkeyandchain.pem support #855

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#528