Solucionado ✓ Error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Validations for new domains are disabled in the V1 API

acme1-to-acme2-certbot

Hace meses que has ido recibiendo un correo electrónico de aviso por parte de Let’s encrypt acerca de la finalización del soporte del certbot ACME1. Muy probablemente no has actualizado de certbot ACME1 a certbot ACME2 hasta que cuando has ido a crear un nuevo certificado, no te ha funcionado y has recibido el error:

Error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)

El correo electrónico era el siguiente:

Update your client software to continue using Let’s Encrypt:

Hi,

According to our records, the software client you’re using to get Let’s Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate in the past two weeks using the ACMEv1 protocol. Here are the details of one recent ACMEv1 request from each of your account(s):

 

Client IP address:  xxx.xxx.xxx.xxx

 

User agent:  CertbotACMEClient/0.10.2 (Debian GNU/Linux 8 (jessie)) Authenticator/webroot Installer/None  CertbotACMEClient/0.10.2 (Debian GNU/Linux 8 (jessie)) Authenticator/webroot Installer/None  CertbotACMEClient/0.10.2 (Debian GNU/Linux 8 (jessie)) Authenticator/webroot Installer/None

 

Hostname(s):  «dominio.com»  «dominio.com«,»dominio.com» 

 

Request time:  2020-03-26 19:10:36 UTC  2020-03-27 11:33:08 UTC  2020-04-04 22:46:56 UTC

 

Beginning June 1, 2020, we will stop allowing new domains to validate using the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before then, or certificate issuance will fail. For most people, simply upgrading to the latest version of your existing client will suffice. You can view the client list at: https://letsencrypt.org/docs/client-options/

 

If you’re unsure how your certificate is managed, get in touch with the person who installed the certificate for you. If you don’t know who to contact, please view the help section in our community forum at https://community.letsencrypt.org/c/help and use the search bar to check if there’s an existing solution for your question. If there isn’t, please create a new topic and fill out the help template.

 

ACMEv1 API deprecation details can be found in our community forum:

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1

 

As a reminder: In the future, Let’s Encrypt will be performing multiple domain validation requests for each domain name when you issue a certificate.

While you’re working on migrating to ACMEv2, please check that your system configuration will not block validation requests made by new Let’s Encrypt IP addresses, or block multiple matching requests. Per our FAQ (https://letsencrypt.org/docs/faq/), we don’t publish a list of IP addresses we use to validate, and this list may change at any time.

 

To receive more frequent updates, subscribe to our API Announcements:

https://community.letsencrypt.org/t/about-the-api-announcements-category

 

Thank you for joining us on our mission to create a more secure and privacy- respecting Web!

 

All the best,

 

Let’s Encrypt

Actualizar certbot de Acme 1 a Acme2

La solución es tan sencilla como actualizar el certbot de ACME1 a ACME2, con los comandos:

apt-get update

apt-get install –only-upgrade certbot

lets-encrypt