Project

General

Profile

Feature #10769

Prevent users from creating new ACMEv1 keys

Added by Viktor Gurov 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Low
Category:
ACME
Target version:
-
Start date:
07/16/2020
Due date:
% Done:

100%

Estimated time:

Description

It's better to prevent users from creating new ACMEv1 keys in order to avoid errors, such as:

Thu Jul 16 15:44:56 UTC 2020] new-authz error: { "type": "urn:acme:error:unauthorized", "detail": "Error creating new authz ::
Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)",
"status": 403

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430:
In June of 2020 we will stop allowing new domains to validate via ACMEv1.

Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.

In June of 2021 we will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.

History

#2 Updated by Jim Pingle 2 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Also available in: Atom PDF