Feature #10769
closed
Prevent users from creating new ACMEv1 keys
100%
Description
It's better to prevent users from creating new ACMEv1 keys in order to avoid errors, such as:
Thu Jul 16 15:44:56 UTC 2020] new-authz error: { "type": "urn:acme:error:unauthorized", "detail": "Error creating new authz ::
Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)",
"status": 403
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430:
In June of 2020 we will stop allowing new domains to validate via ACMEv1.
Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.
In June of 2021 we will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.
Updated by Viktor Gurov almost 4 years ago
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Azamat Khakimyanov over 3 years ago
- Status changed from Feedback to Resolved
Tested on 2.4.5_p1 and on 2.5.0-DEVELOPMENT (built on Mon Oct 12 07:05:15 EDT 2020)
There is no option to create Let's Encrypt ACMEv1 keys anymore.
This feature request can be marked RESOLVED.