First, reproducing the problem:
$ sudo certbot run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <email address hidden>
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
(...)
I stopped there, as today the v1 endpoint is working, but this bug is about changing certbot to use v2, so the above, even though it didn't fail, is enough to confirm it's using v1.
So I cancel, and upgrade to the version in proposed:
And now it uses v2:
$ sudo certbot run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <email address hidden>
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
(...)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/certbot-test.justgohome.co.uk/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Now let's revoke it (note it also uses the v2 endpoint):
$ sudo certbot --cert-path /etc/letsencrypt/live/certbot-test.justgohome.co.uk/fullchain.pem revoke
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully revoked the certificate that was located
at /etc/letsencrypt/live/certbot-test.justgohome.co.uk/fullchain.pem
And the systemd timer is active:
$ sudo systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2019-10-26 01:02:54 UTC 4h 12min left Fri 2019-10-25 20:37:10 UTC 13min ago certbot.timer certbot.service
My xenial verification
First, reproducing the problem: letsencrypt/ letsencrypt. log api.letsencrypt .org
$ sudo certbot run
Saving debug log to /var/log/
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <email address hidden>
Starting new HTTPS connection (1): acme-v01.
(...)
I stopped there, as today the v1 endpoint is working, but this bug is about changing certbot to use v2, so the above, even though it didn't fail, is enough to confirm it's using v1.
So I cancel, and upgrade to the version in proposed:
*** 0.27.0- 1~ubuntu16. 04.1 500 us.archive. ubuntu. com/ubuntu xenial- proposed/ universe amd64 Packages
500 http://
And now it uses v2: letsencrypt/ letsencrypt. log api.letsencrypt .org
$ sudo certbot run
Saving debug log to /var/log/
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <email address hidden>
Starting new HTTPS connection (1): acme-v02.
(...)
Testing fake renewal works: letsencrypt/ letsencrypt. log
$ sudo certbot --dry-run renew
Saving debug log to /var/log/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - t/renewal/ certbot- test.justgohome .co.uk. conf v02.api. letsencrypt. org test.justgohome .co.uk
Processing /etc/letsencryp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for certbot-
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - t/live/ certbot- test.justgohome .co.uk/ fullchain. pem
new certificate deployed with reload of apache server; fullchain is
/etc/letsencryp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed: letsencrypt/ live/certbot- test.justgohome .co.uk/ fullchain. pem (success)
/etc/
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Now let's revoke it (note it also uses the v2 endpoint): t/live/ certbot- test.justgohome .co.uk/ fullchain. pem revoke letsencrypt/ letsencrypt. log api.letsencrypt .org
$ sudo certbot --cert-path /etc/letsencryp
Saving debug log to /var/log/
Starting new HTTPS connection (1): acme-v02.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you like to delete the cert(s) you just revoked?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es (recommended)/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - test.justgohome .co.uk.
Deleted all files relating to certificate certbot-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - t/live/ certbot- test.justgohome .co.uk/ fullchain. pem
Congratulations! You have successfully revoked the certificate that was located
at /etc/letsencryp
And the systemd timer is active:
$ sudo systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2019-10-26 01:02:54 UTC 4h 12min left Fri 2019-10-25 20:37:10 UTC 13min ago certbot.timer certbot.service
xenial verification succeeded.