Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/acem/autocert: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 #39732

Closed
andrewarrow opened this issue Jun 21, 2020 · 3 comments
Closed

x/crypto/acem/autocert: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 #39732

andrewarrow opened this issue Jun 21, 2020 · 3 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
Unreleased

Comments

@andrewarrow
Copy link

andrewarrow commented Jun 21, 2020
edited

What version of Go are you using (go version)?

$ go version
go version go1.14.4 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

GOARCH="amd64"

GOHOSTOS="linux"

What did you do?

111111111
*** https://acme-v01.api.letsencrypt.org/directory
*** https://acme-v01.api.letsencrypt.org/acme/new-reg
2020/06/21 00:16:52 http: TLS handshake error from 23.241.207.246:58899: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
111111111
2020/06/21 00:16:52 http: TLS handshake error from 23.241.207.246:58900: acme/autocert: missing certificate

What did you expect to see?

No error, this is very simple autocert manager code.

What did you see instead?

https://stackoverflow.com/questions/62479445/what-causes-urnacmeerrorunauthorized-403-error-in-golangs-acme-autocert

Example code:

package main

import (
	"crypto/tls"
	"net/http"

	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/acme/autocert"
)

func main() {

	router := gin.Default()
	hosts := []string{"yourdomain.com"}
	certManager := autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(hosts...),
		Cache:      autocert.DirCache("/certs"),
	}

	server := &http.Server{
		Addr:    ":https",
		Handler: router,
		TLSConfig: &tls.Config{
			GetCertificate: certManager.GetCertificate,
		},
	}

	server.ListenAndServeTLS("", "")
}
@gopherbot gopherbot added this to the Unreleased milestone Jun 21, 2020
@FiloSottile
Copy link
Contributor

Can you test the latest version of golang.org/x/crypto? autocert has been upgraded to ACVEv2 for a while now. https://pkg.go.dev/golang.org/x/crypto/acme/autocert?tab=doc#pkg-constants

@FiloSottile FiloSottile changed the title x/crypto: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 x/crypto/acem/autocert: ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 Jun 22, 2020
@FiloSottile FiloSottile added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. labels Jun 22, 2020
@andrewarrow
Copy link
Author

i got the latest and greatest, still got same error.

@andrewarrow
Copy link
Author

I had the latest golang but my go.mod had golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 changing to the 2020 version fixed it.

@eranchetz eranchetz mentioned this issue Apr 20, 2021
Closed
@golang golang locked and limited conversation to collaborators Jun 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@andrewarrow @FiloSottile @gopherbot