[FREEPBX-20719] Let's Encrypt ACMEv1 no longer working as of NOV 8 2019 - Breaking LE Cert Creation and Renewal - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 13, 14, 15
Fix Version/s: 13, 14, 15
Component/s: Certificate Manager
Labels:
None

Sprint:
Sprint 15!
Bug Tracker:
Customer Issue
ToDo:

Asterisk Version:
NA
Distro Version:
15
Distro:
FreePBX Distro
Module Fix Version:
- 13.0.40
- 14.0.5
- 15.0.15

Description

FPBX uses ACMEv1 for Certificate Requests via Let's Encrypt. LE has designated ACMEv1 EOL and being shut down NOV 8 2019. It will NOT allow any new certs to be registered as a result. All existing certs will stop working JUNE 1 2021.

FPBX must update to use ACMEv2 to resolve the problem.

This is a critical issue, anyone using a LE certificate and using TLS or other forms of encrypted communication will entirely go down as a result of their certs expiring because of this issue with FPBX using ACMEv1.

All new installations will not be able to generate certs either, and would have to use a commercial CA.

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

In addition, it appears that beyond just the ACMEv1 to ACMEv2 change, they are also implementing some kind of authentication with the requests:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Philip Joseph

Reporter:

Brian Martin

Votes:

1 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

02/Nov/19 5:36 PM

Updated:

10/Jan/20 3:18 AM

Resolved:

12/Nov/19 9:30 AM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.