Feature #10769
closedPrevent users from creating new ACMEv1 keys
100%
Description
It's better to prevent users from creating new ACMEv1 keys in order to avoid errors, such as:
Thu Jul 16 15:44:56 UTC 2020] new-authz error: { "type": "urn:acme:error:unauthorized", "detail": "Error creating new authz :: Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)", "status": 403
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430:
In June of 2020 we will stop allowing new domains to validate via ACMEv1.
Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.
In June of 2021 we will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.