Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Let's Encrypt certificate reissue error - outdated ACME
« previous
next »
Print
Pages: [
1
]
Author
Topic: Let's Encrypt certificate reissue error - outdated ACME (Read 6704 times)
comozoi
Newbie
Posts: 4
Karma: 0
Let's Encrypt certificate reissue error - outdated ACME
«
on:
January 08, 2018, 09:06:23 pm »
Hello everyone,
Having a problem with Let's Encrypt - we cannot renew certificates with Let's Encrypt client due to the following error:
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Found this notice:
https://github.com/Neilpang/acme.sh/issues/1112
Any help appreciated.
«
Last Edit: January 08, 2018, 09:07:55 pm by comozoi
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #1 on:
January 08, 2018, 09:55:34 pm »
Hi there,
Yes, we have a ticket.
https://github.com/opnsense/plugins/issues/470
You could try updating acme.sh manually and report back:
# opnsense-code tools ports
# cd /usr/ports/security/acme.sh
# make
# make deinstall
# make install
Cheers,
Franco
Logged
comozoi
Newbie
Posts: 4
Karma: 0
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #2 on:
January 08, 2018, 11:49:07 pm »
Thank you, I followed the steps, but same error appears.
In Firmware Acme client 1.12, Acme sh 2.7.4_1
[Tue Jan 9 00:37:08 EET 2018] Diagnosis versions:
[Tue Jan 9 00:37:08 EET 2018] socat doesn't exists.
[Tue Jan 9 00:37:08 EET 2018] _chk_vlist
[Tue Jan 9 00:37:08 EET 2018] Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 00:37:08 EET 2018] _on_issue_err
[Tue Jan 9 00:37:08 EET 2018] Update account error.
[Tue Jan 9 00:37:08 EET 2018] code='400'
[Tue Jan 9 00:37:08 EET 2018] response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Mon, 08 Jan 2018 22:37:07 GMT
Expires: Mon, 08 Jan 2018 22:37:07 GMT
Expires: Mon, 08 Jan 2018 22:37:07 GMT
[Tue Jan 9 00:37:08 EET 2018] responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #3 on:
January 08, 2018, 11:50:47 pm »
Sorry I am an idiot. I never merged these changes... let me create a branch in a second....
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #4 on:
January 08, 2018, 11:53:25 pm »
Let's try this again
# opnsense-code tools ports
# cd /usr/ports/security/acme.sh
# git checkout acme_sh
# make
# make deinstall
# make install
Cheers,
Franco
Logged
comozoi
Newbie
Posts: 4
Karma: 0
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #5 on:
January 09, 2018, 01:10:18 pm »
Thank you.
Tried with 2.7.5_1
Same error.
Date Message
[Tue Jan 9 14:14:58 EET 2018] Diagnosis versions:
[Tue Jan 9 14:14:58 EET 2018] socat doesn't exists.
[Tue Jan 9 14:14:58 EET 2018] _chk_vlist
[Tue Jan 9 14:14:58 EET 2018] Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 14:14:58 EET 2018] _on_issue_err
[Tue Jan 9 14:14:58 EET 2018] Update account error.
[Tue Jan 9 14:14:58 EET 2018] code='400'
[Tue Jan 9 14:14:58 EET 2018] response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Tue, 09 Jan 2018 12:14:58 GMT
Expires: Tue, 09 Jan 2018 12:14:58 GMT
Expires: Tue, 09 Jan 2018 12:14:58 GMT
[Tue Jan 9 14:14:58 EET 2018] responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
[Tue Jan 9 14:14:58 EET 2018] original='{
[Tue Jan 9 14:14:58 EET 2018] _ret='0'
[Tue Jan 9 14:14:57 EET 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
«
Last Edit: January 09, 2018, 01:16:27 pm by comozoi
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #6 on:
January 10, 2018, 08:40:11 am »
I'll try to get hold of the maintainer to fix this for 17.7.12 / 18.1.
Thank you for testing,
Franco
Logged
bahansen.us
Newbie
Posts: 1
Karma: 0
Re: Let's Encrypt certificate reissue error - outdated ACME
«
Reply #7 on:
January 20, 2018, 11:53:29 pm »
Hello,
I'm a new user to OPNSense. I'm trying to setup Let's Encrypt and followed the direction to use the staging environment. I seem to be having the same issue where the Let's Encrypt servers are stuck on api.acme*. I found this thread and confirmed I'm using the 17.7.12 (installed) version.
Thank You
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Let's Encrypt certificate reissue error - outdated ACME