newly boostrapped controllers fail to obtain signed letsencrypt certificate

Bug #1864900 reported by Deviant on 2020-02-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju
High
Harry Pidcock

Bug Description

It appears that letsencrypt are no longer honouring the method Juju uses to obtain TLS certificates from letsencrypt API's.

Error in machine log after bootstrap

2020-02-25 21:10:17 ERROR juju.worker.httpserver tls.go:96 cannot get autocert certificate for "juju.example.com": 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

method used to bootstrap controller

juju bootstrap cloud controller-name --constraints tags=juju-maas --config autocert-dns-name=juju.example.com --credential credentialname

Deviant (dvnt) on 2020-02-26
description: updated
Harry Pidcock (hpidcock) on 2020-03-09
Changed in juju:
status: New → In Progress
assignee: nobody → Harry Pidcock (hpidcock)
importance: Undecided → High
milestone: none → 2.7.4
Changed in juju:
milestone: 2.7.4 → 2.7.5
Harry Pidcock (hpidcock) on 2020-03-14
Changed in juju:
status: In Progress → Fix Committed
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers