Canonical Juju

newly boostrapped controllers fail to obtain signed letsencrypt certificate

Bug #1864900 reported by Sean Shuping on 2020-02-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Released	High	Harry Pidcock	Canonical Juju 2.7.5

Bug Description

It appears that letsencrypt are no longer honouring the method Juju uses to obtain TLS certificates from letsencrypt API's.

Error in machine log after bootstrap

2020-02-25 21:10:17 ERROR juju.worker.httpserver tls.go:96 cannot get autocert certificate for "juju.example.com": 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

method used to bootstrap controller

juju bootstrap cloud controller-name --constraints tags=juju-maas --config autocert-dns-name=juju.example.com --credential credentialname

See original description

Tags:

Sean Shuping (dvnt) on 2020-02-26

description:

updated

Harry Pidcock (hpidcock) on 2020-03-09

Changed in juju:
status:	New → In Progress
assignee:	nobody → Harry Pidcock (hpidcock)
importance:	Undecided → High
milestone:	none → 2.7.4

Revision history for this message

Harry Pidcock (hpidcock) wrote on 2020-03-09:

https://github.com/juju/juju/pull/11299

Richard Harding (rharding) on 2020-03-10

Changed in juju:
milestone:	2.7.4 → 2.7.5

Harry Pidcock (hpidcock) on 2020-03-14

Changed in juju:
status:	In Progress → Fix Committed

Canonical Juju QA Bot (juju-qa-bot) on 2020-04-01

Changed in juju:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.