Hello everyone,
Having a problem with Let's Encrypt - we cannot renew certificates with Let's Encrypt client due to the following error:
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Found this notice: https://github.com/Neilpang/acme.sh/issues/1112
Any help appreciated.
Hi there,
Yes, we have a ticket.
https://github.com/opnsense/plugins/issues/470
You could try updating acme.sh manually and report back:
# opnsense-code tools ports
# cd /usr/ports/security/acme.sh
# make
# make deinstall
# make install
Cheers,
Franco
Thank you, I followed the steps, but same error appears.
In Firmware Acme client 1.12, Acme sh 2.7.4_1
[Tue Jan 9 00:37:08 EET 2018] Diagnosis versions:
[Tue Jan 9 00:37:08 EET 2018] socat doesn't exists.
[Tue Jan 9 00:37:08 EET 2018] _chk_vlist
[Tue Jan 9 00:37:08 EET 2018] Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 00:37:08 EET 2018] _on_issue_err
[Tue Jan 9 00:37:08 EET 2018] Update account error.
[Tue Jan 9 00:37:08 EET 2018] code='400'
[Tue Jan 9 00:37:08 EET 2018] response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Mon, 08 Jan 2018 22:37:07 GMT
Expires: Mon, 08 Jan 2018 22:37:07 GMT
Expires: Mon, 08 Jan 2018 22:37:07 GMT
[Tue Jan 9 00:37:08 EET 2018] responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
Sorry I am an idiot. I never merged these changes... let me create a branch in a second....
Let's try this again 8)
# opnsense-code tools ports
# cd /usr/ports/security/acme.sh
# git checkout acme_sh
# make
# make deinstall
# make install
Cheers,
Franco
Thank you.
Tried with 2.7.5_1
Same error.
Date Message
[Tue Jan 9 14:14:58 EET 2018] Diagnosis versions:
[Tue Jan 9 14:14:58 EET 2018] socat doesn't exists.
[Tue Jan 9 14:14:58 EET 2018] _chk_vlist
[Tue Jan 9 14:14:58 EET 2018] Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 14:14:58 EET 2018] _on_issue_err
[Tue Jan 9 14:14:58 EET 2018] Update account error.
[Tue Jan 9 14:14:58 EET 2018] code='400'
[Tue Jan 9 14:14:58 EET 2018] response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Tue, 09 Jan 2018 12:14:58 GMT
Expires: Tue, 09 Jan 2018 12:14:58 GMT
Expires: Tue, 09 Jan 2018 12:14:58 GMT
[Tue Jan 9 14:14:58 EET 2018] responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
[Tue Jan 9 14:14:58 EET 2018] original='{
[Tue Jan 9 14:14:58 EET 2018] _ret='0'
[Tue Jan 9 14:14:57 EET 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
I'll try to get hold of the maintainer to fix this for 17.7.12 / 18.1.
Thank you for testing,
Franco
Hello,
I'm a new user to OPNSense. I'm trying to setup Let's Encrypt and followed the direction to use the staging environment. I seem to be having the same issue where the Let's Encrypt servers are stuck on api.acme*. I found this thread and confirmed I'm using the 17.7.12 (installed) version.
Thank You