Please update to latest 19.09 if using Letsencrypt

Hey all,

Letsencrypt is shutting down their V1 API for registrations tomorrow. (End of Life Plan for ACMEv1 - API Announcements - Let's Encrypt Community Support). Unfortunately, we shipped 19.09 without V2 API support. This means any new certificate creations with the current NixOS modules will fail from tomorrow own.

Luckily, we just backported a fix (https://github.com/NixOS/nixpkgs/pull/71953). Please update your channel avoid any service disruptions.

If you have any questions about this topic, let me know!
Cheers!

I need to backport this to 19.03

I would advice updating to 19.09 asap, as 19.03 is not receiving any updates anymore.

Backporting the patch itself going to be problematic as we refactored the ACME module to solve outstanding bugs that were present in the 19.03 release. (Like https://github.com/NixOS/nixpkgs/issues/60180).

So if you’re going to backport, make sure you backport https://github.com/NixOS/nixpkgs/pull/60219 too

19.03 is still receiving security fixes and repairs of broken things of which this would be one.

The backport is non-trivial, and NixOS 19.03 is supported until the end of October.

End of Life Plan for ACMEv1 - #7 by jsha - API Announcements - Let's Encrypt Community Support says account creations will still be possible until around November 8 (affecting newly added domains), and renewals over the old API (affecting existing domain’s renewals) should still supported until June 2020. So this doesn’t break anything in 19.03 during its support window - I’d recommend upgrading to 19.09 anyways

Right, we’re just strongly suggesting. And November 1st is how many days from now…

If you really can’t upgrade and a backport isn’t going to happen you might be stuck switching to an imperative certbot command. Not ideal, but sometimes that’s what happens in a pinch. Good luck!

Yes, yes, I’m upgrading… or trying to but for a server 6 months are almost nothing… I’ll hope one day we’ll have the resources for LTS