The Problem
LetsEncrypt is a free SSL provider that you can use to get free SSL certificates for your website and other web services. The older protocol that LetsEncrypt uses to issue SSL certificates - which is called ACMEv1 - is being phased out in favor of the newer ACMEv2 protocol. This is causing some applications that use ACMEv1 to create or renew SSL certificates to fail. For Vivio clients, this will mostly affect LetsEncrypt on Virtualmin servers.
Timeline for LetsEncrypt to phase out ACMEv1
November 2019: LetsEncrypt will stop allowing new account registrations through their ACMEv1 API endpoint. Existing accounts will continue to function normally.
June 2020: LetsEncrypt will stop allowing new domains to validate via ACMEv1.
Starting at the beginning of 2021: LetsEncrypt will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month. The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2.
June 2021: LetsEncrypt will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.
The error you get with ACMEv1
The following error is seen when trying to issue a new SSL.
#Error registering: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
The VirtualMin Fix
If you're using VirtualMin, the fix for this is to replace the old acme_tiny.py file that uses ACMEv1 with a new acme_tiny.py file that uses ACMEv2. The acme_tiny.py file is the script that VirtualMin uses to process LetsEncrypt SSL requests. The location of the acme_tiny.py file depends on the version of Linux that you're using. We'll cover both Ubuntu and CentOS below.
Ubuntu
The following commands back up the current acme_tiny.py file to /root/ and then downloads the new ACME v2 to the correct place.
mv /usr/share/webmin/webmin/acme_tiny.py /root/acme_tiny.py && wget -O /usr/share/webmin/webmin/acme_tiny.py https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
Once you run this, you don't need to restart anything. You should be able to re-try the certificate request. If you still have problems, try the "Generic Fix" mentioned below...
CentOS
The following commands back up the current acme_tiny.py file to /root/ and then downloads the new ACME v2 to the correct place.
mv /usr/libexec/webmin/webmin/acme_tiny.py /root/acme_tiny.py && wget -O /usr/libexec/webmin/webmin/acme_tiny.py https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
Once you run this, you don't need to restart anything. You should be able to re-try the certificate request. If you still have problems, try the "Generic Fix" mentioned below...
Generic Fix
If the commands above did not work for you then you will need to locate your existing acme_tiny.py file with the following command.
find / -name "acme_tiny.py"
Edit this command to make a backup of your existing acme_tiny.py file:
mv /path/to/acme_tiny.py /root/acme_tiny_old.py
Now download the new acme_tiny.py file and put it where you found the original.
wget -O /path/to/acme_tiny.py https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
That's all there is to it.
Additional Resources:
LetsEncrypt Announces End-of-Life for ACMEv1:
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
The original acme_tiny.py script:
https://github.com/diafygi/acme-tiny
Forum post at VirtualMin discussing other possible solutions: