Letsencrypt ACMEv1

stefbishop · May 8, 2021, 10:20am

I have always had to renew my box cert manually, but has always worked.
Today I get this response:

Provision a certificate

Provision

A TLS certificate can be automatically provisioned from Let’s Encrypt, a free TLS certificate provider, for:
xyzmail.xyz.co.uk

xyzmail.xyz.co.uk

Something unexpected went wrong: urn:acme:error:serverInternal :: The server experienced an internal error :: ACMEv1 Brownout in Progress. ACMEv1 will fully turn off on June 1, 2021. Check https://letsencrypt.status.io/ for more details.

Following the link it says the service is temporarily suspended according to a plan that will see support ended in June.

There is no mention of ACMEv1 or ACME v2 anywhere on this discourse system.
So the problem seems general and urgent.

Help!!!

openletter · May 8, 2021, 2:29pm

Why are you renewing manually?

stefbishop · May 8, 2021, 2:43pm

Because I just get daily messages saying it won’t renew automatically, until the cert eventually expires.
It is only the cert for the box, not for the other domains.

openletter · May 8, 2021, 2:43pm

Is there anything else in that message? Because this is not the expected behavior.

stefbishop · May 8, 2021, 4:01pm

The email I get says:

xyzmail.xyz.co.uk – Previously:

✓ TLS (SSL) certificate is signed & valid. The certificate expires on 05/18/21.

xyzmail.xyz.co.uk – Currently:

The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 10 days on 05/18/21.

I should also say I get emails randomly (several times a month) saying the my box’s dns name can’t be resolved either to IPV6 or IPV4 or both. After all this time I’ve assumed it is a timing problem on my MIAB since no other symptom is seen.

However the main point of this post is that Letsencrypt are turning off ACMEV1 which my box is using.

I suspect an answer would be to upgrade certbot, but very wary of doing that on a live system with much investigation!
And also this must be a problem affecting others, but I can’t see any mention relating to ACMEV1 and V2 - and the deadline is close.

openletter · May 8, 2021, 4:05pm

The normal behavior is to use the ‘TLS (SSL) Certificates’ page in the dashboard to generate a cert that is then automatically maintained by MiaB.

For some reason, your server is not doing this.

alento · May 8, 2021, 4:09pm

@stefbishop Which version of MiaB are you running?

Is the domain showing the correct domain?

stefbishop · May 8, 2021, 4:12pm

Hi,
I cant find any mention of a version on the admin pages, but it was installed May 2017.

Stef

alento · May 8, 2021, 4:15pm

If you go to the admin area, the status check page you’ll find your version number.

I suspect that you are running a version pre v0.30 and if that is the case, you are in desperate need of migrating to a new installation of MiaB.

stefbishop · May 8, 2021, 4:19pm

Well yes. It all works most of the time.
However the status checks has always said there is no reverse dns set on IPV6

alento · May 8, 2021, 4:21pm

Ok, the IPv6 issue aside as it is not important at the moment…

Can you check your installed version of MiaB? Can you also confirm that your MiaB hostname is the one you mentioned earlier xyzmail.xyz.co.uk please?

stefbishop · May 8, 2021, 4:26pm

OK I now realise I have to enable version check to see the version!
Which is reported as 0.22

The real dns name is dcwmail.dcw-a.co.uk

Is there any hope re cerbot upgrade?!!

I think migrating from my live version might be non trivial!

alento · May 8, 2021, 4:28pm

No.

You are absolutely correct. However there is potentially a way it can be done if you are quite skilled with *nix.

Are you utilizing NextCloud?

stefbishop · May 8, 2021, 5:24pm

No. But my current provider MythicBeasts has Nextcloud in terms of what to move to.

I also have built what was meant to be standby / migrate to server at OVH, it is currently running MIAB 0.29, but I never mastered the migration of a live setup. Meanwhile time has slipped by and got nowhere.

I have accumulated quite a bit of unix admin experience over 35 years, but mostly basic stuff.

Please let me know of how to get out of this!
Stef

alento · May 8, 2021, 6:40pm

So that can simplify things in the sense that the NextCloud database is irrelevant.

Uhmm, yes. Hopefully there is actually nothing there of importance? I am going to suggest that you simply destroy that one as it too will be out of date as it will be running Ubuntu 14.04 as the OS.

It could, however, be the proper location to move to now … all depends upon what you want to do.

What you will need is a new VPS with Ubuntu 18.04 installed to which you can install Miab and manually migrate the pieces from the one to the other. Not a simple 30 minute job, but not impossible either.

I see you’ve sent me an email. I’ll take things over there.

system · June 17, 2021, 6:41pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.